John-Paul Bader <[email protected]> wrote: > Hey guys, > > I think the <resource_type>://<username>:<password>@<host>/<path> > scheme is not "illegal". There are examples of this in the URL RFC, > just no explicit HTTP example. > > This probably a vague area. Its not in the http rfc and its not > explicitly mentioned in the http auth rfc either but in combination > with the URL RFC there is at least room for it. I haven't found the > paragraph yet which says: no username:password stuff allowed in http > urls. But I was just searching through these things … there are good > chances I missed it.
Hi, Yes, I've come to the same conclusion. rfc2616 just seems to defer to rfc2396 (which superceded rfc1738 and is superceded by rfc3986). > http://en.wikipedia.org/wiki/URI_scheme > http://tools.ietf.org/html/rfc2617 > http://www.ietf.org/rfc/rfc1738.txt > > Anyway, I came across such urls a lot. Often I use them for giving > people easy access to an otherwise basic authed resource - in a chat > conversation for example. I know apache and nginx support this - IIS > does not. > > Hrm - tough call ;) Yup, definitely precedence for supporting it (along with Mongrel). I've updated the Ragel parser with everything URI.parse("http://..";) supports and pushed out the change. I've been meaning to make a few more small documentation updates and do a 0.95.3 release tomorrow when I'm more awake. -- Eric Wong _______________________________________________ Unicorn mailing list - [email protected] http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying
