Chris Dolphy created CXF-6962:
---------------------------------
Summary: Basic auth uses UTF-8 for the encoded password when it
should use ISO-8859-1
Key: CXF-6962
URL: https://issues.apache.org/jira/browse/CXF-6962
Project: CXF
Issue Type: Bug
Affects Versions: 3.1.6, 2.7.18
Reporter: Chris Dolphy
Basic auth uses UTF-8 for the encoded password when it should use ISO-8859-1.
Also (or instead), implement RFC 7617 which allows a server to indicate it does
support UTF-8.
The RFC that covers Basic authentication says that the authentication header
contains base 64 encoded TEXT [1]. The TEXT format needs to be read under the
HTTP specification [2] which says:
The TEXT rule is only used for descriptive field contents and values
that are not intended to be interpreted by the message parser. Words
of *TEXT MAY contain characters from character sets other than ISO-
8859-1 [22] only when encoded according to the rules of RFC 2047
[14].
RFC 2047 describes an encoding method that embeds the encoded string in "=?"
and "?=". But it appears no implementation of HTTP is doing this. Certainly
no browser is doing this.
[1] http://tools.ietf.org/html/rfc2617#section-2
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
