[Webkit-unassigned] [Bug 166985] New: Basic Authentication should use ISO-8859-1 encoding by default

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 12 13:52:11 PST 2017


https://bugs.webkit.org/show_bug.cgi?id=166985

            Bug ID: 166985
           Summary: Basic Authentication should use ISO-8859-1 encoding by
                    default
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: wilander at apple.com

WebCore and WebKit2 currently use UTF-8 for cached Basic Authentication credentials. It should be ISO-8859-1 by default. At least CFNetwork uses ISO-8859-1 for the initial challenge response which means we currently first do ISO-8859-1 and then switch to UTF-8.

The spec says the following about default encoding (https://tools.ietf.org/html/rfc7617#appendix-B.3):

B.3.  Why not simply switch the default encoding to UTF-8?

   There are sites in use today that default to a local character
   encoding scheme, such as ISO-8859-1 ([ISO-8859-1]), and expect user
   agents to use that encoding.  Authentication on these sites will stop
   working if the user agent switches to a different encoding, such as
   UTF-8.

   Note that sites might even inspect the User-Agent header field
   ([RFC7231], Section 5.5.3) to decide which character encoding scheme
   to expect from the client.  Therefore, they might support UTF-8 for
   some user agents, but default to something else for others.  User
   agents in the latter group will have to continue to do what they do
   today until the majority of these servers have been upgraded to
   always use UTF-8.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170112/ff2d4467/attachment.html>


More information about the webkit-unassigned mailing list