On Fri, Sep 1, 2017 at 10:18 PM, Mark Thomas <ma...@apache.org> wrote:
> On 01/09/17 20:51, ma...@apache.org wrote: > > Author: markt > > Date: Fri Sep 1 19:51:42 2017 > > New Revision: 1807004 > > > > URL: http://svn.apache.org/viewvc?rev=1807004&view=rev > > Log: > > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61280 > > Add RFC 7617 support to the BasicAuthenticator > > I'd like to back-port this but before I do I wanted to get some feedback > on the default. > > The options are: > > a) UTF-8 (the default for 9.0.x) > > b) "" or null (the current behaviour) > > The advantage of a) is that we'll support i18n user names and passwords > out of the box (assuming the browser does). > > The disadvantage of a) is that we'll break authentication for any user > name or password using ISO-8859-1 characters in the 128-255 range where > the browser uses ISO-8859-1 by default and doesn't support RFC 7617. > > A quick test suggests that this varies between browsers. > > Chrome appears to use UTF-8 by default. I can't tell if Chrome supports > RFC 7617 since it always uses UTF-8. > > Firefox appears to use ISO-8859-1 by default. It also appears that > Firefox doesn't support RFC 7617. > > IE is the same as Firefox. > > Hmm. This is a lot messier than I thought it would be. Given what I have > observed, there is no combination I can see that will allow BASIC auth > to work with a user name or password that contains non ASCII characters > with both IE, Firefox and Chrome. > > Thoughts? > Huuum, since this doesn't work properly yet, I think the default should remain ISO-8859-1 in all cases for now. Rémy > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
