W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2020

Re: Adding user@ to HTTP[S] URIs

From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 27 Jan 2020 13:40:51 +0100 (CET)
To: Rick van Rein <rick@openfortress.nl>
cc: James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Message-ID: <alpine.DEB.2.20.2001271333070.18042@tvnag.unkk.fr>
On Mon, 27 Jan 2020, Rick van Rein wrote:

> Browsers have no consistency in this usage pattern, so this is definately a 
> niche.

Yes, but a niche with potentially a large amount of users.

And in fact, it sends the user name without a password in a HTTP header, which 
is... well, what you ask for. =)

> As a result, nobody would publish such a URI for global purposes,

Then again URIs aren't globally defined so they can in fact not be used "for 
global purposes" - period. I keep this incomplete list of interop issues for 
the fun of it: https://github.com/bagder/docs/blob/master/URL-interop.md

The best we can do right now is global purposes **with a certain subset of 
tools**.

The userinfo part of a URI/URL in particular has notoriously bad interop 
properties.

> and so there is room to define adaptations to the behaviour.

I appreciate your optimism!

-- 

  / daniel.haxx.se
Received on Monday, 27 January 2020 12:41:01 UTC

This archive was generated by hypermail 2.4.0 : Monday, 27 January 2020 12:41:02 UTC