On Mon, 23 Jul 2007 08:37:26 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
[...]So I think we should disallow this header since we're disallowing "Connection" as it might otherwise confuse proxies.
Agreed. I have not added Proxy-Authorization as setting the Authorization header is allowed as well. (As for the comment that Proxy-Connection is not a registered header: security trumps specification purity.)
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
