-
-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect Basic authentication string with Unicode special chars #293
Comments
to support Unicode Special chars (like `é`) in username or passord, as the auth-backend decodes them using UTF-8. See perry-mitchell/webdav-client#293
@n-peugnet Thanks a lot for this, and for the link from your implementation. I'd definitely like this added as I'm sure many have or will experience this. I'm not worried about an extra dependency in this case. Why do you feel it would be a breaking change? |
I assumed that calling |
After further research, UTF-8 encoding is not the defaut yet according to the RFC 7617 (Appendix B.3), but all major browsers seem to have switched to use it by default (Opera since at least 2009 Chrome since at least 2017 and Firefox since 2018. I could not find data about Safari using it by default. MDN docs states :
This is definitely a breaking change as UTF-8 is byte compatible with the previous default (ISO-8859-1) only for Unicode chars from 0 to 127. By the way, I made a mistake. The character that caused me trouble : |
Also, if you want to make a clean change about making UTF-8 encoding the default for auth, then it would be a good idea to also change it in Digest auth. So only updating |
This is ancient but happy to see a PR on this, if someone has time. I'll most likely close it otherwise due to lack of interest/concern. |
When the Basic authentication string contains Unicode special chars (for instance
é
) it is incorrectly base64 encoded. As the documentation of the used base64 library states:So any Unicode character outside of the 0x00 to 0xFF range will be incorrectly encoded. I think it is safe to assume that most Web-servers and authentication back-ends use UTF-8 to decode the authentication string, so I would say that it should be modified in this library rather than in the clients. If you don't want to change it, this should be added in the docs that the strings must be UTF-8 encoded before passed to
createClient()
.I do think it's an easy fix on your side, as you just need to call
utf8.encode
in thetoBase64()
function (andutf8.decode
in the correspondingfromBase64()
function):webdav-client/source/tools/encode.ts
Line 23 in 53d1a1c
It does require one more dependency and creates a breaking change though.
The text was updated successfully, but these errors were encountered: