"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes:
>> > +* `basic` - Request Basic authentication from the helper.
>> > +* `auto` - Don't request any scheme from the helper.
>> > +--
>>
>> What does "don't request" exactly mean? It is not like we are
>> telling the helper "Don't give us anything", right? Are we telling
>> the helper "Give us any username/password for the URL in any
>> authentication scheme you know about?"
>
> It means we don't send a `wwwauth[]` entry in the request. We are
> giving the helper carte blanche to decide what scheme is best (maybe it
> knows we want Bearer, for example).
Well, at least I couldn't read the proposed document update and read
that much out of it, and I suspect there may be other readers who
will share my confusion. I think the source of the confusion is
that "don't request" does not automatically imply "allow the helper
to pick any scheme as it sees fit" if you do not know how helper is
designed to behave when it is not requested "any scheme".
`basic` - Request Basic authentication from the helper.
`auto` - Ask the helper to pick an appropriate scheme.
`none` - Disable proactive authentication.
or something, perhaps?
Thanks.
