[Web-SIG] HTTP headers encoding
Manlio Perillo
manlio_perillo at libero.it
Thu Dec 3 17:09:31 CET 2009
Manlio Perillo ha scritto:
> Hi.
>
> I'm doing some tests to try to understand how HTTP headers are encoded
> by browsers.
>
> I have written a simple WSGI application that asks authentication
> credentials and then print them on the terminal and return the data as
> response, as raw bytes
> http://paste.pocoo.org/show/154633/
>
I'm now testing using HTTP Digest Authentication.
The application is here:
http://paste.pocoo.org/show/154667/
It uses my wsgix framework
http://hg.mperillo.ath.cx/wsgix/
since I don't want to rewrite the entire Digest Authentication handling.
As user name I use the the string "àè€".
The results are:
- Firefox does not send any request, and instead it show me the returned
response body "Authentication required".
This is quite strange.
- Internet Explorer 6 encode the username using cp1252, as always.
- Opera (10.01) encode the username using utf-8
I can not test with Konqueror, since the wsgiref server have problems
with it.
All these implementation are against the HTTP spec.
username is a quoted string, and so it SHOULD be encoded using the
default latin-1, or another charset and in this case it should be
formatted as specified my MIME (unfortunately there are no examples in
the HTTP spec).
This is really a mess.
How is authorization username handled in common WSGI frameworks?
Thanks Manlio
More information about the Web-SIG
mailing list