On 01/09/17 20:51, ma...@apache.org wrote: > Author: markt > Date: Fri Sep 1 19:51:42 2017 > New Revision: 1807004 > > URL: http://svn.apache.org/viewvc?rev=1807004&view=rev > Log: > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61280 > Add RFC 7617 support to the BasicAuthenticator
I'd like to back-port this but before I do I wanted to get some feedback on the default. The options are: a) UTF-8 (the default for 9.0.x) b) "" or null (the current behaviour) The advantage of a) is that we'll support i18n user names and passwords out of the box (assuming the browser does). The disadvantage of a) is that we'll break authentication for any user name or password using ISO-8859-1 characters in the 128-255 range where the browser uses ISO-8859-1 by default and doesn't support RFC 7617. A quick test suggests that this varies between browsers. Chrome appears to use UTF-8 by default. I can't tell if Chrome supports RFC 7617 since it always uses UTF-8. Firefox appears to use ISO-8859-1 by default. It also appears that Firefox doesn't support RFC 7617. IE is the same as Firefox. Hmm. This is a lot messier than I thought it would be. Given what I have observed, there is no combination I can see that will allow BASIC auth to work with a user name or password that contains non ASCII characters with both IE, Firefox and Chrome. Thoughts? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
