Ticket #393 (closed editorial: wontfix)
userinfo in absolute form of request target
|Reported by:||firstname.lastname@example.org||Owned by:||email@example.com|
|Component:||p1-messaging||Severity:||In WG Last Call|
5.3. Request Target
We explicitly say not to include userinfo when using origin-form:
A Host header field is also sent, as defined in Section 5.4, containing the target URI's authority component (excluding any userinfo).
When making a CONNECT request to establish a tunnel through one or more proxies, a client MUST send only the target URI's authority component (excluding any userinfo) as the request-target.
but we don't say anything about userinfo when using absolute-form. I guess 2.7.1 already forbids sending a userinfo there but it still seems inconsistent to not say it here. (Alternatively, if 2.7.1's restriction is only supposed to apply to request-target, then we could remove it there and specify it in each case here.)