W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #309: credentials ABNF missing SP (still using implied LWS?)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 05 Aug 2011 17:45:09 +0200
Message-ID: <4E3C1005.2080802@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 2011-07-27 19:43, Julian Reschke wrote:
> Hi,
>
> James Manger found this earlier, and I just rediscovered that we have an
> inconsistency between challenge and credentials. Right now we have:
>
> credentials = auth-scheme ( token
> / quoted-string / #auth-param )
>
> ...which doesn't allow white space between the scheme name and the
> credentials.
>
> Going back in history, RFC 2617 has:
>
> challenge = auth-scheme 1*SP 1#auth-param
>
> and
>
> credentials = auth-scheme #auth-param
>
> (which depends on implied LWS).
>
> Does /anybody/ remember why RFC 2617 treats these differently? Was this
> intentional?

Didn't get any feedback.

However,

   credentials = auth-scheme #auth-param

in particular would allow something like

   Authorization: SchemenameParam=1

which of course doesn't make sense.

So I'm adding the mandatory whitespace...

Best regards, Julian
Received on Friday, 5 August 2011 15:45:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:46 GMT