|
Post by arunthomasbaby on Oct 19, 2020 11:45:55 GMT
Hi All, From my understanding all redirection request without Authentication should respond with 404 status code if accessing a resource which requires authentication. eg: https://{{ip}}/redfish/v1/Systems/ => 404 if accessed without Authentication.
So my doubt here is whether this behaviour should be same for a request without Authentication and request with invalid authentication credentials(wrong username or password) ?.
TIA Arun
|
|
|
Post by mraineri on Oct 21, 2020 12:49:55 GMT
Looking back at the history of that clause in the spec, I'm thinking that this might be a mistake. Regardless of redirection, if authentication is required, I would expect a 401 if authentication headers are missing or invalid, which would be consistent with the non-redirect scenario.
|
|