For ie silliness, sop is to include a lot of text in the 5xx so it'll show your message instead of its own.
I've done lots of www-authenticate with 200's, always heard worries from web engineers, never had a bug report. Ymmv. On Wednesday, August 18, 2010, Brian Eaton <bea...@google.com> wrote: > On Tue, Aug 17, 2010 at 11:36 PM, Mark Nottingham <m...@mnot.net> wrote: >>> The other reason people get funny with these status codes has to do >>> with browser behavior. Sometimes browsers react in funny ways to >>> funny HTTP status codes. To be on the safe side, developers tend to >>> return an HTTP 200 with whatever they want the user to see. >> >> Can you give concrete examples, please? What browsers do what exactly, under >> what circumstances? > > Here's a well-known example: > http://malektips.com/internet-explorer-8-disable-friendly-error-messages.html. > > Fuzzier stuff is in handling of things like WWW-Authenticate headers > on HTTP 200 responses, or 401s with unknown authorization challenges. > -- -- John Panzer / Google jpan...@google.com / abstractioneer.org / @jpanzer _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
