W3C home > Mailing lists > Public > public-webapi@w3.org > September 2006

Re: Overriding userinfo in XHR.open()

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 26 Sep 2006 20:48:56 +0200
To: "Alexey Proskuryakov" <ap-carbon@rambler.ru>, public-webapi@w3.org
Message-ID: <op.tgh07uqc64w2qv@id-c0020>

On Tue, 26 Sep 2006 20:43:11 +0200, Alexey Proskuryakov  
<ap-carbon@rambler.ru> wrote:
> Is this a new feature that's not present in browsers yet? From my tests,  
> it looks like WinIE doesn't support userinfo at all, while Firefox takes  
> string values of whatever objects are passed as user/password, e.g.  
> "req.open('GET', url, true, null, null)" sets the credentials to  
> "null"/"null", so the null clause doesn't apply.

Interesting. I suppose that could be a bug... Anyway, I suggest you use  
for reading as that's a more current version.

>    Second, should the password from userinfo be used if only the user  
> parameter is provided: "req.open('GET', url, true, 'user')"? Firefox  
> resets the password to an empty string in this situation.

I would say it shouldn't be provided in this case (same as null), but I  
guess that needs more clarification.

>    Finally, I'm not sure whether userinfo support is required for  
> conformance. As quoted above, it's a MUST, but then, it is added that  
> browsers MAY not support it: "The usage of userinfo is discouraged MAY  
> not work in implementations."

This should be more clear in the latest revision. For HTTP you probably  
shouldn't support it (and throw a SYNTAX_ERR) but for some protocols it  
makes some sense. For FTP you often have the username:anonymous@domain.com  
logins... However, the current draft only "covers" HTTP.

Anne van Kesteren
Received on Tuesday, 26 September 2006 18:49:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:22 UTC