W3C home > Mailing lists > Public > www-validator@w3.org > August 2003

Re: HTTPS and user:pass@site URI schemes

From: Olivier Thereaux <ot@w3.org>
Date: Thu, 7 Aug 2003 16:02:19 +0900
Cc: www-validator@w3.org
To: Armin Herbert <armin.herbert@pyramid.de>
Message-Id: <163ADDFD-C8A5-11D7-A151-000393A63FC8@w3.org>

Greetings Armin,

On Tuesday, Aug 5, 2003, at 21:36 Asia/Tokyo, Armin Herbert wrote:
> I wanted to validate the contents of a page to which I can only connect
> through an URI of this form:
> https://user:password@www.example.com:80/foo/bar.html
> I can understand you don't want to support the user:pass@site scheme ..
> it's not a (proposed) standard of any kind, if I'm right (please 
> correct
> me, if not).

It is standard. At least, if I remember correctly, it's in the URI RFC.

I did a quick test, and the validator did not complain about this type 
of URI. It did not, however, authenticate and instead challenged me, 
and only then did it proxy the authentication properly. So it may be a 
bug, but a minor one.

What surprises me is that you say you can only connect through such a 
URI? Could you give details? It sounds strange to me that you cannot 
connect simply thought http://www.example.com/foo/bar.html and the HTTP 
server takes care of the authentication (HTTP 401 etc.)

> What I don't understand is why you generally don't support HTTPS URIs
> (like specified in RFC 2818)? Is it a performance thing?

No, it's a feature we're not supporting yet because of some minor 
technical problems yet to be resolved.

> I'm not subscribed to this list, please include 
> armin.herbert@pyramid.de
> in the CC.


Received on Thursday, 7 August 2003 03:02:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 14:17:38 UTC