Opened 10 years ago

Closed 10 years ago

#342 closed editorial (incorporated)

WWW-Authenticate ABNF slightly ambiguous

Reported by: julian.reschke@… Owned by: draft-ietf-httpbis-p7-auth@…
Priority: normal Milestone: 19
Component: p7-auth Severity: Active WG Document
Keywords: Cc:


   WWW-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS challenge ] )
   challenge = auth-scheme 1*SP *( "," OWS ) auth-param *( OWS "," [ OWS auth-param ] )


 Basic realm="foo", , Otherscheme realm="bar"

This can be parsed as either three challenges:

1: Basic realm="foo"
3: Otherscheme realm="bar"

or as two challenges:

1: Basic realm="foo",
2: Otherscheme realm="bar"

...where the first challenge has a list of auth-params where the first one is the realm, and the second one is empty.

In practice, this doesn't affect the semantics of the header field, but it does affect parser construction. Documenting this may avoid confusion.

Attachments (1)

342.diff (1.7 KB) - added by julian.reschke@… 10 years ago.
Proposed patch

Download all attachments as: .zip

Change History (3)

Changed 10 years ago by julian.reschke@…

Proposed patch

comment:1 Changed 10 years ago by julian.reschke@…

From [1533]:

Note the ambiguity in the Proxy-A and WWW-A ABNF (see #342)

comment:2 Changed 10 years ago by julian.reschke@…

  • Milestone changed from unassigned to 19
  • Resolution set to incorporated
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.