How does nodejs handle multiple www-authenticate headers in a http response?


How does the nodejs http.IncomingMessage object handle multiple WWW-Authenticate headers in a response given that the HTTP specification supports this and that the response headers seem to be made available only through the response.headers object which is header-name : value?

Problem courtesy of: Jono Brogan


Multiple WWW-Authenticate headers are string-concatenated into a single www-authenticate property, separated by a comma + space.

For example,

GET / HTTP/1.1
WWW-Authenticate: foo
WWW-Authenticate: bar

Will result in

req.headers['www-authenticate'] == 'foo, bar'

This is in line with RFC 2616 § 4.2, which states:

Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded.

Solution courtesy of: josh3736


There is currently no discussion for this recipe.

This recipe can be found in it's original form on Stack Over Flow.