Is it acceptable for a server to send a HTTP response before the entire request has been received?

Solution 1:

Looking at RFC 2616 which defines the protocol, in Section 8.2.2 Monitoring Connections for Error Status Messages, it states

An HTTP/1.1 (or later) client sending a message-body SHOULD monitor the network connection for an error status while it is transmitting the request. If the client sees an error status, it SHOULD immediately cease transmitting the body.

So I would say use you can jump in a send a 401 error. And then looking at 10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field

States that the client can retry with suitable credentials.

I haven't performed any experiments to see how browsers actually performed however.