W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Ambiguous case in WWW-Authenticate grammar?

From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Date: Mon, 21 Apr 2014 05:48:32 +0300
To: Jesse Wilson <jesse@swank.ca>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140421024832.GA8319@LK-Perkele-VII>
On Sun, Apr 20, 2014 at 10:15:46PM -0400, Jesse Wilson wrote:

> section 2.1<https://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1>),
> which says this:
> 
>    challenge   = auth-scheme [ 1*SP ( token68 / #auth-param ) ]
>    auth-param  = token BWS "=" BWS ( token / quoted-string )
>    token68     = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"="
> 
> Suppose I receive this response header:
> 
> WWW-Authenticate: Wink ABC=
> 
> Is ABC= a four character token68? Or is it a parameter named ABC whose
> value is the empty string?

AFAICT, it is token68.

Neither token nor quoted-string can expand into empty string. Nor can
those expand into string of '='.


-Ilari
Received on Monday, 21 April 2014 02:49:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:25 UTC