代理授权失败的HTTP响应代码应该是什么?我知道407是请求代理授权的响应代码。但是,一旦客户端将身份验证信息发送给代理,如果它不正确,代理应返回什么?如果它返回401响应代码,那么客户端将如何识别代理上的身份验证失败而不是终端资源上的身份验证失败?
答案 0 :(得分:3)
好吧,如果受401保护的资源存在授权失败,服务器只会响应另一个401:
Request URL:https://mysite.com/myresource/
Request Method:GET
Status Code:401 Authorization Required
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Digest username="gjggj", realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", uri="/misc/apps/", algorithm=MD5, response="9e113b10d3e95b590bdef0fc7c7c617b", qop=auth, nc=00000001, cnonce="61f73b73f6b33ea2"
Cache-Control:max-age=0
Connection:keep-alive
Host:game-point.net
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
Response Headers
Cache-Control:no-cache
Connection:close
Content-Length:534
Content-Type:text/html
Date:Wed, 13 Feb 2013 11:07:26 GMT
Pragma:no-cache
Server:Cherokee/1.0.8 (Debian GNU/Linux)
WWW-Authenticate:Digest realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", qop="auth", algorithm="MD5"
所以我说处理407授权失败的方法是让服务器以407状态代码进行响应,尽管浏览器已经发送了授权信息;这表明代理仍然需要授权,并且意味着授权失败只是因为您仍然获得407状态代码。
答案 1 :(得分:2)
来自官方机构:
http://www.ietf.org/rfc/rfc2617.txt
If the origin server does not wish to accept the credentials sent
with a request, it SHOULD return a 401 (Unauthorized) response. The
response MUST include a WWW-Authenticate header field containing at
least one (possibly new) challenge applicable to the requested
resource. If a proxy does not accept the credentials sent with a
request, it SHOULD return a 407 (Proxy Authentication Required). The
response MUST include a Proxy-Authenticate header field containing a
(possibly new) challenge applicable to the proxy for the requested
resource.