- From: Alexey Proskuryakov <ap-carbon@rambler.ru>
- Date: Tue, 26 Sep 2006 22:43:11 +0400
- To: public-webapi@w3.org
The current draft of XMLHttpRequest spec says:
"If the URI given to this method contains userinfo ([RFC3986], section 3.2.1)
then the user name and password specified MUST be used if the user and
password arguments are omitted. If the arguments are not omitted, they take
precedence, even if they are null."
Is this a new feature that's not present in browsers yet? From my tests, it
looks like WinIE doesn't support userinfo at all, while Firefox takes string
values of whatever objects are passed as user/password, e.g. "req.open('GET',
url, true, null, null)" sets the credentials to "null"/"null", so the null
clause doesn't apply.
Second, should the password from userinfo be used if only the user
parameter is provided: "req.open('GET', url, true, 'user')"? Firefox resets
the password to an empty string in this situation.
Finally, I'm not sure whether userinfo support is required for conformance.
As quoted above, it's a MUST, but then, it is added that browsers MAY not
support it: "The usage of userinfo is discouraged MAY not work in
implementations."
- WBR, Alexey Proskuryakov.
Received on Tuesday, 26 September 2006 18:43:19 UTC