Re: Adding user@ to HTTP[S] URIs

Hi,

Thanks for a technical point, Daniel!

> Maybe not a dragon, but...
>
> $ curl foo@localhost -v
> ...
>> GET / HTTP/1.1
>> Host: localhost
>> Authorization: Basic Zm9vOg==
>
> ... because userinfo in HTTP has only ever been there and used for
> authentication.
>
> (Zm9vOg== is "foo:" base64 encoded)

Browsers have no consistency in this usage pattern, so this is definately a niche.  As a result, nobody would publish such a URI for global purposes, and so there is room to define adaptations to the behaviour.

This Basic hack might be turned into an option, or my draft's form might be; a migration path can easily be started as well.  This is not unexpected when assumptions are made beyond the specs.  Assumptions which, by the way, are the result of wanting to express something for which there is no semantics in the form of a specification.

-Rick

Received on Monday, 27 January 2020 12:30:18 UTC