On 04/09/17 06:25, Rémy Maucherat wrote: > On Fri, Sep 1, 2017 at 10:18 PM, Mark Thomas <ma...@apache.org> wrote: > >> On 01/09/17 20:51, ma...@apache.org wrote: >>> Author: markt >>> Date: Fri Sep 1 19:51:42 2017 >>> New Revision: 1807004 >>> >>> URL: http://svn.apache.org/viewvc?rev=1807004&view=rev >>> Log: >>> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61280 >>> Add RFC 7617 support to the BasicAuthenticator >> >> I'd like to back-port this but before I do I wanted to get some feedback >> on the default. >> >> The options are: >> >> a) UTF-8 (the default for 9.0.x) >> >> b) "" or null (the current behaviour) >> >> The advantage of a) is that we'll support i18n user names and passwords >> out of the box (assuming the browser does). >> >> The disadvantage of a) is that we'll break authentication for any user >> name or password using ISO-8859-1 characters in the 128-255 range where >> the browser uses ISO-8859-1 by default and doesn't support RFC 7617. >> >> A quick test suggests that this varies between browsers. >> >> Chrome appears to use UTF-8 by default. I can't tell if Chrome supports >> RFC 7617 since it always uses UTF-8. >> >> Firefox appears to use ISO-8859-1 by default. It also appears that >> Firefox doesn't support RFC 7617. >> >> IE is the same as Firefox. >> >> Hmm. This is a lot messier than I thought it would be. Given what I have >> observed, there is no combination I can see that will allow BASIC auth >> to work with a user name or password that contains non ASCII characters >> with both IE, Firefox and Chrome. >> >> Thoughts? >> > > Huuum, since this doesn't work properly yet, I think the default should > remain ISO-8859-1 in all cases for now.
Fair enough. I'll change the default for 9.0.x and then back-port. We can revisit the default once (if?) the browsers implement RFC 7617. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
