According to RFC2616 , if I return 401 in response to a request to my (Ruby) server, I "MUST enable the WWW-Authenticate header field." It's true? Not setting a title seems to have no negative impact. I use Merb as a web framework and it does not force me to set the title.
Am I missing something or is this rule more respected in violation?
Should web frameworks force the developer to set the title when returning 401?
source
share