cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http-uri like http://user:passwd@host.org/index.html

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Sat, 31 Jul 2004 08:56:39 +0200 (CEST)

On Fri, 30 Jul 2004, Maurice Koster wrote:

> When passing a URI like http://user:passwd@host.org/index.html the HTTP
> Request header looks like:
>
> GET http://user:passwd@host.org/index.html HTTP/1.1\r\n
> ...
> Authorization: Basic Zmjechskdhsi==\r\n
> ....

You're using a proxy for this, right?

> Here Authorization is correctly filled, but 'user:passwd@' is not stripped
> from the URI of the GET. This is not according to spec (rfc2616 sec. 3.2.2)

Well, HTTP URLs don't actually contain user+password, so that's wrong in the
first place. libcurl however has been supporting user+password in HTTP URLs
since a long time.

> Is this a bug?

It seems so, yes.

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html

Received on 2004-07-31

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: bagder: curl/ares ares_process.c,1.10,1.11"
Previous message: Casey ODonnell: "RE: URL with @ in passwords"
In reply to: Maurice Koster: "http-uri like http://user:passwd@host.org/index.html"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]