Ahh, ok - fair enough. Even if it's allowed by the HTTP spec, I would be weary of spreading a header across multiple lines. ;-) RFC 2617 doesn't explicitly allow newlines, and as such there's a good chance that web servers or clients with special handling of Authorization headers will trip up, so I think we should try to be conservative as far as OAuth is concerned.
b. On Mon, Feb 23, 2009 at 9:30 AM, Marc Worrell <[email protected]> wrote: > > On 23 feb 2009, at 10:10, Blaine Cook wrote: > > Thanks! Just to clarify in case others encounter this problem, the > > Authorization header is intended to be on a single line, and does not > > include newlines or carriage returns. > > > Hi Blaine, > > Why do you say that it is intended to be on one line? > The HTTP/1.1 spec states very clearly that any header can be folded onto > multiple lines. > Just wondering :-) > > - Marc > > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 > > HTTP/1.1 header field values can be folded onto multiple lines if the > continuation line begins with a space or horizontal tab. All linear white > space, including folding, has the same semantics as SP. A recipient MAY > replace any linear white space with a single SP before interpreting the > field value or forwarding the message downstream. > > LWS = [CRLF] 1*( SP | HT ) > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
