id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 485 Multiple WWW-Authenticate headers Fasih "RFC allows a server to respond with multiple WWW-Authenticate header (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47). ""User agents are advised to take special care in parsing the WWW- Authenticate field value as it might contain more than one challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a comma-separated list of authentication parameters."" However nginx defines WWW-Authenticate header as an ngx_table_elt_t in the ngx_http_headers_out_t struct as opposed to an ngx_array_t like other allowed repeated value headers. I am using nginx as a reverse proxy. The upstream sends two WWW-Authenticate headers with different realms. I was processing the www_authenticate header field and hadnt realized that it was legal to send multiple WWW-Authenticate headers. One e.g. for a valid real-world use: http://stackoverflow.com/a/15894841/1597813" enhancement closed minor nginx-core 1.5.x fixed response header handling Linux fasih-thinks 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.5.1 built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) configure arguments: --prefix=/home/faskiri/usr --with-debug "