W3C home > Mailing lists > Public > public-webapi@w3.org > September 2006

Overriding userinfo in XHR.open()

From: Alexey Proskuryakov <ap-carbon@rambler.ru>
Date: Tue, 26 Sep 2006 22:43:11 +0400
To: public-webapi@w3.org
Message-ID: <web-30502134@mail7.rambler.ru>

The current draft of XMLHttpRequest spec says:

"If the URI given to this method contains userinfo ([RFC3986], section 3.2.1) 
then the user name and password specified MUST be used if the user and 
password arguments are omitted. If the arguments are not omitted, they take 
precedence, even if they are null."

   Is this a new feature that's not present in browsers yet? From my tests, it 
looks like WinIE doesn't support userinfo at all, while Firefox takes string 
values of whatever objects are passed as user/password, e.g. "req.open('GET', 
url, true, null, null)" sets the credentials to "null"/"null", so the null 
clause doesn't apply.

   Second, should the password from userinfo be used if only the user 
parameter is provided: "req.open('GET', url, true, 'user')"? Firefox resets 
the password to an empty string in this situation.

   Finally, I'm not sure whether userinfo support is required for conformance. 
As quoted above, it's a MUST, but then, it is added that browsers MAY not 
support it: "The usage of userinfo is discouraged MAY not work in 
implementations."

- WBR, Alexey Proskuryakov.
Received on Tuesday, 26 September 2006 18:43:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT