I have a web app that accepts both anonymous and authenticated request. If I post form data (with a file upload) anonymously to the web app, and then receive a 401 challenge, will I then resend all that form data again on the second request?
I am not trying to avoid 401 responses, but rather trying to avoid sending the request payload twice when receiving a 401 response.
I didn't receive an answer to this quickly so I decided to just watch the http traffic myself using Fiddler. The short answer is yes, the data will be sent to the server twice. Once for the original request, and again for the second request containing credentials.
It seems to me the best way to avoid sending form data to the server twice is to send a preamble request first that will handle any authentication, and then make your request that contains your form data.