Redfish Request Redirection Behaviour

new

« Prev
1
Next »

arunthomasbaby
Minnow

Posts: 1

Redfish Request Redirection Behaviour Oct 19, 2020 11:45:55 GMT

Quote

Post by arunthomasbaby on Oct 19, 2020 11:45:55 GMT

Hi All,
From my understanding all redirection request without Authentication should respond with 404 status code if accessing a resource which requires authentication.
eg: https://{{ip}}/redfish/v1/Systems/ => 404 if accessed without Authentication.

So my doubt here is whether this behaviour should be same for a request without Authentication and request with invalid authentication credentials(wrong username or password) ?.

TIA
Arun

Last Edit: Oct 19, 2020 12:01:55 GMT by arunthomasbaby

mraineri
Administrator

Posts: 280

Redfish Request Redirection Behaviour Oct 21, 2020 12:49:55 GMT

Quote

Post by mraineri on Oct 21, 2020 12:49:55 GMT

Looking back at the history of that clause in the spec, I'm thinking that this might be a mistake. Regardless of redirection, if authentication is required, I would expect a 401 if authentication headers are missing or invalid, which would be consistent with the non-redirect scenario.