Opened 10 years ago

Closed 10 years ago

#393 closed editorial (wontfix)

userinfo in absolute form of request target

Reported by: julian.reschke@… Owned by: draft-ietf-httpbis-p1-messaging@…
Priority: normal Milestone: 22
Component: p1-messaging Severity: In WG Last Call
Keywords: Cc:


5.3. Request Target

We explicitly say not to include userinfo when using origin-form:

A Host header field is also sent, as defined in Section 5.4, containing the target URI's authority component (excluding any userinfo).

or authority-form:

When making a CONNECT request to establish a tunnel through one or more proxies, a client MUST send only the target URI's authority component (excluding any userinfo) as the request-target.

but we don't say anything about userinfo when using absolute-form. I guess 2.7.1 already forbids sending a userinfo there but it still seems inconsistent to not say it here. (Alternatively, if 2.7.1's restriction is only supposed to apply to request-target, then we could remove it there and specify it in each case here.)

Change History (1)

comment:1 Changed 10 years ago by fielding@…

  • Resolution set to wontfix
  • Status changed from new to closed

Both of these cases are specifically talking about sending the authority component, which might include userinfo, and hence we need to reiterate that it is excluded to clarify that we are not contradicting 2.7.1.

Note: See TracTickets for help on using tickets.