adding a subject :)
On Tue, Oct 2, 2012 at 10:33 AM, Matthias Wessendorf <matzew(a)apache.org> wrote:
when issuing a HTTP request against a protected resource (I am not
logged in), I am getting 401 (fine), but I don't see a
'WWW-Authenticate' header on the response. I also don't see any info
on this in the security roadmap (see ). Was there a special reason
to leave it out? I ask b/c usually that header is sent for basic,
digest or even oauth on the response header.