- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Tue, 07 Jan 2014 13:44:35 +0100
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
* Amos Jeffries wrote: >If the HTTP/2 field is going to hold the authority info it rally should >hold the whole authority info and not encourage eliding details. > >Counter to the comment in github, it is only the "user:password" usage >of userinfo which is deprecated. The field itself is not deprecated and >is being used in some applications to relay items like Bearer tokens or >"scheme-specific information about how to gain authorization" in a safer >way than via query parameter or path. > >If it is going to be split off from authority, please document a mapping >that preserves it for consistency across 1.1->2.0->1.1 gateways. It ought to be made clear that this is a non-HTTP feature though, the use of `userinfo` with `http:` and `https:` has always been disallowed. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Tuesday, 7 January 2014 12:45:08 UTC