On 01/09/17 20:51, ma...@apache.org wrote:
> Author: markt
> Date: Fri Sep  1 19:51:42 2017
> New Revision: 1807004
> URL: http://svn.apache.org/viewvc?rev=1807004&view=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61280
> Add RFC 7617 support to the BasicAuthenticator

I'd like to back-port this but before I do I wanted to get some feedback
on the default.

The options are:

a) UTF-8 (the default for 9.0.x)

b) "" or null (the current behaviour)

The advantage of a) is that we'll support i18n user names and passwords
out of the box (assuming the browser does).

The disadvantage of a) is that we'll break authentication for any user
name or password using ISO-8859-1 characters in the 128-255 range where
the browser uses ISO-8859-1 by default and doesn't support RFC 7617.

A quick test suggests that this varies between browsers.

Chrome appears to use UTF-8 by default. I can't tell if Chrome supports
RFC 7617 since it always uses UTF-8.

Firefox appears to use ISO-8859-1 by default. It also appears that
Firefox doesn't support RFC 7617.

IE is the same as Firefox.

Hmm. This is a lot messier than I thought it would be. Given what I have
observed, there is no combination I can see that will allow BASIC auth
to work with a user name or password that contains non ASCII characters
with both IE, Firefox and Chrome.



To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to