This repository has been archived by the owner on Nov 20, 2019. It is now read-only.
remove cookie support #8
Comments
This was referenced Jul 8, 2016
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The scenario where you want to combine two authorization schemes is invalid. Browsers (when using basic auth) will send an
Authorizationheader with each request. If the client code also uses anAuthorizationheader the result is unpredictable. The RFC does not allow multiple authorization schemes using theAuthorizationheader.This will be a non-backward compatible change as applications would need to switch to
X-Authorizationor something similar if they wish to combine with basic auth.The text was updated successfully, but these errors were encountered: