* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #393 (closed editorial: wontfix)

Opened 3 years ago

Last modified 3 years ago

userinfo in absolute form of request target

Reported by: julian.reschke@gmx.de Owned by: draft-ietf-httpbis-p1-messaging@tools.ietf.org
Priority: normal Milestone: 22
Component: p1-messaging Severity: In WG Last Call
Keywords: Cc:
Origin: http://www.w3.org/mid/508FB6BE.1070401@gmail.com


5.3. Request Target

We explicitly say not to include userinfo when using origin-form:

A Host header field is also sent, as defined in Section 5.4, containing the target URI's authority component (excluding any userinfo).

or authority-form:

When making a CONNECT request to establish a tunnel through one or more proxies, a client MUST send only the target URI's authority component (excluding any userinfo) as the request-target.

but we don't say anything about userinfo when using absolute-form. I guess 2.7.1 already forbids sending a userinfo there but it still seems inconsistent to not say it here. (Alternatively, if 2.7.1's restriction is only supposed to apply to request-target, then we could remove it there and specify it in each case here.)

Change History

comment:1 Changed 3 years ago by fielding@gbiv.com

  • Status changed from new to closed
  • Resolution set to wontfix

Both of these cases are specifically talking about sending the authority component, which might include userinfo, and hence we need to reiterate that it is excluded to clarify that we are not contradicting 2.7.1.

Note: See TracTickets for help on using tickets.