W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2020

Re: Adding user@ to HTTP[S] URIs

From: Rick van Rein <rick@openfortress.nl>
Date: Mon, 27 Jan 2020 13:29:36 +0100
Message-ID: <5E2ED7B0.6040606@openfortress.nl>
To: Daniel Stenberg <daniel@haxx.se>
CC: James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Hi,

Thanks for a technical point, Daniel!

> Maybe not a dragon, but...
>
> $ curl foo@localhost -v
> ...
>> GET / HTTP/1.1
>> Host: localhost
>> Authorization: Basic Zm9vOg==
>
> ... because userinfo in HTTP has only ever been there and used for
> authentication.
>
> (Zm9vOg== is "foo:" base64 encoded)

Browsers have no consistency in this usage pattern, so this is definately a niche.  As a result, nobody would publish such a URI for global purposes, and so there is room to define adaptations to the behaviour.

This Basic hack might be turned into an option, or my draft's form might be; a migration path can easily be started as well.  This is not unexpected when assumptions are made beyond the specs.  Assumptions which, by the way, are the result of wanting to express something for which there is no semantics in the form of a specification.

-Rick
Received on Monday, 27 January 2020 12:30:18 UTC

This archive was generated by hypermail 2.4.0 : Monday, 27 January 2020 12:30:20 UTC