[Webkit-unassigned] [Bug 166985] New: Basic Authentication should use ISO-8859-1 encoding by default
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 12 13:52:11 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=166985
Bug ID: 166985
Summary: Basic Authentication should use ISO-8859-1 encoding by
default
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: wilander at apple.com
WebCore and WebKit2 currently use UTF-8 for cached Basic Authentication credentials. It should be ISO-8859-1 by default. At least CFNetwork uses ISO-8859-1 for the initial challenge response which means we currently first do ISO-8859-1 and then switch to UTF-8.
The spec says the following about default encoding (https://tools.ietf.org/html/rfc7617#appendix-B.3):
B.3. Why not simply switch the default encoding to UTF-8?
There are sites in use today that default to a local character
encoding scheme, such as ISO-8859-1 ([ISO-8859-1]), and expect user
agents to use that encoding. Authentication on these sites will stop
working if the user agent switches to a different encoding, such as
UTF-8.
Note that sites might even inspect the User-Agent header field
([RFC7231], Section 5.5.3) to decide which character encoding scheme
to expect from the client. Therefore, they might support UTF-8 for
some user agents, but default to something else for others. User
agents in the latter group will have to continue to do what they do
today until the majority of these servers have been upgraded to
always use UTF-8.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170112/ff2d4467/attachment.html>
More information about the webkit-unassigned
mailing list