- From: Rick van Rein <rick@openfortress.nl>
- Date: Mon, 27 Jan 2020 14:54:04 +0100
- To: Daniel Stenberg <daniel@haxx.se>
- CC: James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Also, How shocking would it be to current usage of the Basic pattern to use an explicit, empty password? Several other browsers use "foo:@localhost" for Basic if they want to avoid popups. -Rick > $ curl foo@localhost -v > ... >> GET / HTTP/1.1 >> Host: localhost >> Authorization: Basic Zm9vOg== > > ... because userinfo in HTTP has only ever been there and used for > authentication. > > (Zm9vOg== is "foo:" base64 encoded)
Received on Monday, 27 January 2020 13:54:41 UTC