[whatwg/fetch] "set authorizationValue to authentication entry" is insufficiently precise (Issue #1497) from Domenic Denicola on 2022-09-30 (public-webapps-github@w3.org from September 2022)

From: Domenic Denicola <notifications@github.com>
Date: Fri, 30 Sep 2022 01:43:19 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1497@github.com>

https://fetch.spec.whatwg.org/commit-snapshots/1fbc40c1df1a353ce1a49de8e4b2c753563e265d/#http-network-or-cache-fetch


> If there’s an authentication entry for httpRequest and either httpRequest’s use\-URL\-credentials flag is unset or httpRequest’s current URL does not include credentials, then set authorizationValue to authentication entry\. 

"authentication entry" is defined as

> An authentication entry and a proxy-authentication entry are tuples of username, password, and realm, used for HTTP authentication and HTTP proxy authentication, and associated with one or more [requests](https://fetch.spec.whatwg.org/#concept-request).

At the very least, I'd expect this to say "the authentication entry for _httpRequest_". Ideally, there'd be some algorithm for deriving an authentication entry from a request, including things like:

- Looking things up in a partitioned user-agent store
- Looking at the request's URL's username and password components.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1497

You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1497@github.com>

Received on Friday, 30 September 2022 08:43:31 UTC