Feature Request \ Suggestion: Hint to turn off Content-Length 0 optimization on challenge

Won’t fix Issue #306907

Details

Created
Jun 10, 2014
Privacy
This issue is public.
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

Not applicable.

Expected Results:

As an example, IE is prompted with WWW-Authenticate: Negotiate, but responds with a NegoEx/NLMP when the server is expecting Kerberos. The server responds with an HTML Form (in order to collect a different set of credentials) with submit via POST, but the response is in the same protection space so would be truncated. The server is obliged to redirect to a different protection space before responding with the HTML Form.

Microsoft’s current solution to this issue is using the Internet registry setting "DisableNTLMPreAuth", but a website cannot expect clients to always have control over the browser. In the above example, the authentication mechanism is for users inside and outside of the domain.

Actual Results:

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Kamen M.”

      Changed Assigned To to “Ivan P.”

      Changed Assigned To from “Ivan P.” to “IE F.”

      Changed Status to “By design”

      Changed Status from “By design” to “Won’t fix”

    You need to sign in to your Microsoft account to add a comment.

    Sign in