I play with basic HTTP authorization. As we all know, when a client receives error 401 when requesting a page, the client should collect user credentials from users (usually in the form of a pop-up window).
Subsequent requests for resources within this part of the URL will be followed by "Authorization: Base [hash]", where [hash] is the username / password that are stacked and hashed.
What interests me is to force the client not to send an authorization header even when requesting a resource that previously requested it.
Three important questions:
Is it possible?
If possible, does this violate the HTTP / 1.1 standard (I donβt understand that this case is covered by the specification)?
Which browser supports this?
Thanks for your time, internet.
The UPDATE . Apparently this is the apache FAQ , and I'm SOL. However, if you have thoughts on this, I would like to hear about it. Thanks.
source
share