Closed Bug 656503 Opened 13 years ago Closed 3 years ago

Encoding to use for HTTP authentication is not automatically detected

Categories

(Core :: Networking: HTTP, defect, P5)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
blocking2.0 --- -

People

(Reporter: briansmith, Unassigned)

References

Details

(Keywords: intl, Whiteboard: [necko-would-take]) 

+++ This bug was initially created as a clone of Bug #41489 +++

We should infer from the websites' 401 response what encoding the website is expecting for HTTP authentication, when possible, and then use that encoding instead of our default (ISO-8859-1). Gen Kanai and Hong Tang would be good people to contact to see who can help us determine what is common in Asia.

Note that bug 656213 is about implementing a mechanism for servers to *explicitly* indicate what encoding to use.
I don't think there's currently anything in there to infer it from.

*If* a heuristics is added then another well-defined mechanism should be added, too, so that the heuristics are really just a fallback.
(In reply to comment #1)
> I don't think there's currently anything in there to infer it from.

I think that the contents and/or encoding of the realm might provide a clue, at least some of the time.

> *If* a heuristics is added then another well-defined mechanism should be
> added, too, so that the heuristics are really just a fallback.

See bug 656213.

> 
> *If* a heuristics is added then another well-defined mechanism should be
> added, too, so that the heuristics are really just a fallback.
I think you'd still have to be very careful. I'd guess that a lot of sites use UTF8, but still have users with existing passwords that has been handled as ASCII before. And so any change in client behavior would cause the same breakage discussed in bug 41489.
I don't see many such case here in China, certainly I'm going to ask around.
Assignee: hurley → nobody
Whiteboard: [necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
QA Whiteboard: qa-not-actionable

The HTTP specs were updated in 2015 so that WWW-Authenticate: can now specify a charset parameter, although UTF-8 is currently the only value value. bug 1735854 is about supporting this parameter, which in theory could be updated to support additional charsets in the future.

The behavior is now well-specified and supports internationalization compatibly across browsers and servers. We're not going to implement a competing custom heuristic and attempt to infer something else.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
See Also: → 1735854
You need to log in before you can comment on or make changes to this bug.