Consider a large HTTP request:
POST /upload HTTP/1.1
Content-Type: multipart/form-data
Content-Length: 1048576
...
The client now begins u
Looking at RFC 2616 which defines the protocol, in Section 8.2.2 Monitoring Connections for Error Status Messages, it states
An HTTP/1.1 (or later) client sending a message-body SHOULD monitor the network connection for an error status while it is transmitting the request. If the client sees an error status, it SHOULD immediately cease transmitting the body.
So I would say use you can jump in a send a 401 error. And then looking at 10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field
States that the client can retry with suitable credentials.
I haven't performed any experiments to see how browsers actually performed however.