Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

empty auth vs no auth -- same? #181

Closed
stevenvachon opened this issue Dec 22, 2016 · 6 comments
Closed

empty auth vs no auth -- same? #181

stevenvachon opened this issue Dec 22, 2016 · 6 comments

Comments

@stevenvachon
Copy link

stevenvachon commented Dec 22, 2016
edited
Loading

http://:@domain/ (empty username and password)
vs
http://domain/

Are they the same?
@annevk
Copy link
Member

annevk commented Dec 27, 2016

@stevenvachon the former sets the password to the empty string. Which means it serializes differently. What's the context for the question?

@stevenvachon
Copy link
Author

stevenvachon commented Dec 27, 2016
edited
Loading

Do all clients treat the above two URLs as the same, or do they use the empty username/password values?

If they are the same, should they not serialize the same? Just as these two do:

http://domain/?va r=va+lue

http://domain/?va%20r=va lue

I'm writing a library that, among other things, provides a means of comparing URLs for relation.

@stevenvachon
Copy link
Author

With the current public API of this standard, having no username and password is the same as having an empty username and password.

url = new URL("http://domain.com/")
url.username==="" && url.password===""  //-> true
url = new URL("http://:@domain.com/")
url.username==="" && url.password===""  //-> true

@annevk
Copy link
Member

annevk commented Dec 28, 2016

Yeah, the API does not distinquish there. We could maybe also normalize the serialization, but that would require impl changes.

@domenic
Copy link
Member

domenic commented Dec 28, 2016

We could maybe also normalize the serialization, but that would require impl changes.

Hmm, would it? Assuming new URL("http://:@domain.com/").href is the correct test, that yields:

@annevk
Copy link
Member

annevk commented Dec 28, 2016

Thanks for checking. It does seem like the standard is bogus.

@annevk annevk mentioned this issue Dec 28, 2016
Merged
annevk added a commit that referenced this issue Dec 28, 2016
@annevk
No need for null passwords
ffb206d 
It turns out that preserving the ability to serialize an empty string
password is not something any implementation supports.

Fixes #181.
annevk added a commit that referenced this issue Jan 3, 2017
@annevk
No need for null passwords
5e0b05e 
It turns out that preserving the ability to serialize an empty string password is not something any implementation really supports.

Tests: web-platform-tests/wpt#4405.

Fixes #181.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stevenvachon @domenic @annevk and others