Katsuhiko YOSHIDA <clad...@gmail.com> added the comment:
According to RFC7235 (https://tools.ietf.org/html/rfc7235#section-4.1), WWW-Authenticate header is sent from server to client. And it has not credential data. Also, Cookie2 header is already obsoleted by RFC6295 (https://tools.ietf.org/html/rfc6265). So, I think that both "Authorization" and "Cookie" are enough. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33661> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
