Adrian, Adrian Chadd wrote: > On Mon, Aug 06, 2007, Neil A. Hillard wrote: > >> I can't see how it's a shortcoming of the protocol. If the browser >> isn't aware that there is a proxy then why would it (why should it) try >> to authenticate to one? Tell it that a proxy exists and it's more than >> happy to authenticate. >> >> Interception is less than ideal. > > Look at how a browser talks directly to an origin server when presenting > (HTTP Basic) authentication credentials, and what a proxy ends up doing > with those. The browser knows it is talking to the origin server so will support basic auth. If you stick an intercepting proxy in the way and then use basic auth then how do you authenticate to the origin server? You have to have two headers and then tell the browser to use the proxy (and therefore the proxy auth header). Neil. -- Neil Hillard neil.hillard@xxxxxxxxxxxxxxxxxx AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.
