On Wed, Oct 06, 2004 at 12:22:47PM +0200, Jasper Filon wrote: > I agree with you that maybe it would be better if the browser would > interpret a authorisation request on a favicon.ico as a 404 (or 403) > error, but on the other hand, the request for favicon isn't any different > from a normal http request. Maybe you could even say it is up to apache to > send the 403 rather than ask for authorisation. I think this could be an > interresting discussion.
I think it's up to the browser to realise that it's asking for something which, quite honestly, the user probably has no knowledge of, and if it gets an "Auth Required" back when it asks for the favicon it should go "oh well" and give up, unless it already has authentication credentials for the specified site and realm. Making apache do it would complicate the server code unnecessarily, and really does seem to be putting the fix in the wrong place. - Matt
signature.asc
Description: Digital signature
