Opened 10 years ago
Closed 10 years ago
#393 closed editorial (wontfix)
userinfo in absolute form of request target
Reported by: | julian.reschke@… | Owned by: | draft-ietf-httpbis-p1-messaging@… |
---|---|---|---|
Priority: | normal | Milestone: | 22 |
Component: | p1-messaging | Severity: | In WG Last Call |
Keywords: | Cc: |
Description
5.3. Request Target
We explicitly say not to include userinfo when using origin-form:
A Host header field is also sent, as defined in Section 5.4, containing the target URI's authority component (excluding any userinfo).
or authority-form:
When making a CONNECT request to establish a tunnel through one or more proxies, a client MUST send only the target URI's authority component (excluding any userinfo) as the request-target.
but we don't say anything about userinfo when using absolute-form. I guess 2.7.1 already forbids sending a userinfo there but it still seems inconsistent to not say it here. (Alternatively, if 2.7.1's restriction is only supposed to apply to request-target, then we could remove it there and specify it in each case here.)
Change History (1)
comment:1 Changed 10 years ago by fielding@…
- Resolution set to wontfix
- Status changed from new to closed
Both of these cases are specifically talking about sending the authority component, which might include userinfo, and hence we need to reiterate that it is excluded to clarify that we are not contradicting 2.7.1.