No common browsers support HTTP/1.1 trailers. Look at the column “Headers in trailer” in the “Network” tab of browserscope. Chrome: No, and won’t fix (bug). Supports H/2 trailers (bug). Firefox: No, and I don’t see a ticket in bugzilla for it. Appears to support H/2. IE: No Edge: No Safari: No Opera: Old versions only … Read more
there is no standard for how to return JWT token to the client, however, check this URL, it answers your question https://github.com/dwyl/hapi-auth-jwt2/issues/82#issuecomment-129873082 putting the JWT token in the Authorization header gives us flexibility to send an actual response in a web application. For a REST-only App/API you are free to send the JWT as the … Read more
Finally, I received a response from R. Fielding: 202 is a success status. The pointer mentioned is just hypertext in the body of the response. A 303 should be sent if you want to use Location to redirect the client to another resource. The result of the redirected request can be a 202. ….Roy So, … Read more
Facebook’s plugins use Open Graph, which is built on RDFa. It’s RDFa that adds the property attribute to elements. Without this addition, plain HTML has no such attribute. (If you ask me, it’s a strange design to add a new attribute without namespacing it, and to re-use half of a <meta> tag. But no-one did.) … Read more
In HTTP/1.0 – server response without content-length is when the stream closes In HTTP/1.1 – server response without content-length is when the response is chunked encoded
The SOAP headers contain application specific information related to the SOAP message. They typically contain routing information, authentication information, transaction semantics etc. These are specific to the SOAP message and are independent of the transport that SOAP uses (in the scope of this post: HTTP). HTTP headers define the operating parameters of the HTTP transaction, … Read more
Through trial and error, I have found that one way to set the headers correctly for IIS7 in ASP.NET MVC is: Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.AppendCacheExtension(“no-store, must-revalidate”); Response.AppendHeader(“Pragma”, “no-cache”); Response.AppendHeader(“Expires”, “0”); The first line sets Cache-control to no-cache, and the second line adds the other attributes no-store, must-revalidate. This may not be the only way, but does provide … Read more
According to RFC2617 the auth-scheme can be anything; if you really want a 401 you’re not technically breaking spec by making something up like WWW-Authenticate: OpenID realm=”My Realm” location=”http://my/login/location”. Having said that, behaviour of other people’s code when you do that is of course undefined. 🙂