Re: userinfo in :authority from Patrick McManus on 2014-01-07 (ietf-http-wg@w3.org from January to March 2014)

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Tue, 7 Jan 2014 16:36:06 -0500
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNqL1cYdWJfBZfNYvrVKeBFxooiB2D5v+awdFB0Wt6vmPw@mail.gmail.com>

+1 on allowing schemes other than http and https.. proxying ftp urls over
http/2 comes to mind as a sorta-common use case.

+1 on MUST NOT userinfo with http and https


On Tue, Jan 7, 2014 at 2:56 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

> On 7 January 2014 04:44, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
> > It ought to be made clear that this is a non-HTTP feature though, the
> > use of `userinfo` with `http:` and `https:` has always been disallowed.
>
>
> So, the question is begged: do we want to permit the requesting of
> resources identified by URIs other than "http:" or "https:"  I think
> that we can, but I'd prefer to add an exception in the form MUST
> unless non-http/https if we do, which would allow for those other uses
> without opening the door for userinfo in http URIs.
>
>

Received on Tuesday, 7 January 2014 21:36:34 UTC