On Thu, Sep 13, 2018 at 9:40 AM john.bieling--- via dev-platform <
dev-platform@lists.mozilla.org> wrote:
> I encountered something strange. I am on TB60 trying to use the Fetch API.
>
> I create a GET or POST request without authentication and get back a 401
> from the server and use
>
> response.headers.get("WWW-Authenticate")
>
> to eval the allowed authentication methods. This works fine, if the server
> sends only one such header. If however he sends two or more,
> Headers.get("WWW-Authenticate") returns null.
>
> I only observe this for the WWW-Authenticate header, other headers - if
> send multiple times - will simply be returned as a list (joined by colon).
>
> Is this a bug? Am I doing something wrong?
>
> This is a example set of headers, that is not accessible:
>
> WWW-Authenticate: Negotiate
> WWW-Authenticate: Basic realm="Contact and Calendar data"
>
Hmm, this may be a bug. When there are multiple WWW-Authenticate headers,
we have a special case for merging them (with a newline character instead
of a comma):
https://searchfox.org/mozilla-central/rev/a23c3959b62cd3f616435e02810988ef5bac9031/netwerk/protocol/http/nsHttpHeaderArray.h#268
so it's possible something in the fetch code fails to handle this. If you
have a test case, I suggest filing a bug so that someone can debug this.
> Also: Why was Headers.getAll() dropped after Gecko 52? The digest auth
> header includes colons himself and if it is returned joined into a list
> together with some other auth method, it will be very difficult to parse
> that.
>
See https://bugzilla.mozilla.org/show_bug.cgi?id=1278275. That was a
non-standard method which was removed.
An interesting question is what we return from Headers.get() for
WWW-Authenticate, given that the fetch spec calls for pasting the multiple
header values together with ", " but Gecko internally pastes them together
with "\n"...
--
Ehsan
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
