Re: How to set Http Request Header?

From: Chris Uppal (chris.uppal_at_metagnostic.REMOVE-THIS.org)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 10:29:31 +0100

Mark Marcus wrote:

[I'm leaving most of this unsnipped since the original messages may well have
expired]

> > > Microsoft IE no longer accepts user:pw@.... formats anymore (as a
> > > default). A user has to use REGEDIT to allow this format. It's yet
> > > another example of how Microsoft doesn't know how to fix code, so they
> > > break standards.
> >
> > While I'm no more impressed than anyone by MS's dismal record of
> > security holes badly patched with security hacks, you are being overly
> > harsh here. MS's standards-breaking error was that they accepted the
> > user:pw@ notation in the first place, not that they later removed it.
> >
> > If you check RFC2616, section 3.2.2 you'll find that it does /not/
> > allow the @ notation in an HTTP URL, specifically it gives the grammar
> > as:
> >
> > http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query
> > ]]
> >
> > It references RFC2396 (which does mention the @ syntax, but that's a
> > much more general document than RFC2616) for the meaning of 'host',
> > 'port' etc. If it were intended to allow the @ syntax, then it would
> > use different terms from RFC2396; and might read:
> >
> > http_URL = "http:" "//" server [ abs_path [ "?" query ]]
> >
> > where (from 2396):
> >
> > server = [ [ userinfo "@" ] hostport ]
> > hostport = host [ ":" port ]
> >
>
> Yes, it does reference 2396, it didn't obsolete it. 2396 _is_ the
> standard for the URI.

No, I agree that it doesn't obselete it. However 2396 is the standard for URI
/in general/, and it doesn't take precedence over specific RFCs.

> Section 3 of 2396 states that the syntax for a
> URI is:
>
> 3. <scheme>://<authority><path>?<query>
> 3.2 authority = server | reg_name
> 3.2.2 server = [ [ userinfo "@" ] hostport ]

Again, that's the syntax for /general/ URI (with server addresses). There is
nothing to mandate that any given url scheme /must/ follow that pattern.

RFC 2616 is quite explicit that it doesn't allow userinfo, since it gives its
own syntax for http_URL that /does not/ follow the general pattern in 2396.

-- chris

Relevant Pages

  • Re: urlencode vs rawurlencode
    ... | This method was used to make query URIs easier to pass in systems ... in the query component of an HTTP URL. ... A URI may contain ... Syntax and Escaping", ...
    (comp.lang.php)
  • Re: Web authentication
    ... RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax ... Server-based Naming Authority ... specified server on the Internet use a common syntax for the server ...
    (comp.lang.python)
  • Re: How to improve performance of the reports display while updating the table?
    ... Uri was saying that your select has an error in it, ... but you are using an OLD style syntax which is VERY prone to the ... I support the Professional Association of SQL Server and it's community of SQL Server professionals. ... did you mean that my result will be wrong after I use the nolock syntax? ...
    (microsoft.public.sqlserver.server)