- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 05 Aug 2011 17:45:09 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
On 2011-07-27 19:43, Julian Reschke wrote: > Hi, > > James Manger found this earlier, and I just rediscovered that we have an > inconsistency between challenge and credentials. Right now we have: > > credentials = auth-scheme ( token > / quoted-string / #auth-param ) > > ...which doesn't allow white space between the scheme name and the > credentials. > > Going back in history, RFC 2617 has: > > challenge = auth-scheme 1*SP 1#auth-param > > and > > credentials = auth-scheme #auth-param > > (which depends on implied LWS). > > Does /anybody/ remember why RFC 2617 treats these differently? Was this > intentional? Didn't get any feedback. However, credentials = auth-scheme #auth-param in particular would allow something like Authorization: SchemenameParam=1 which of course doesn't make sense. So I'm adding the mandatory whitespace... Best regards, Julian
Received on Friday, 5 August 2011 15:45:40 UTC