[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Caching just the username for authn

From: Konstantin Kolinko <knst.kolinko_at_gmail.com>
Date: Sat, 12 Nov 2011 23:34:49 +0400

2011/11/12 Daniel Shahaf <d.s_at_daniel.shahaf.name>:
>
> While we're on this topic: is there an HTTP URL syntax that sets the
> "Host:" header of the HTTP request?
>
>    curl -H "Host: foo" http://bar/percent_s
>
> (Well, what I really want is a way to tell $BROWSER to make such
> requests, so I don't have to use curl | less each time I want to do
> them.)

Note, that "http://bar/percent_s" is not set through HTTP (unless you
are talking through proxy, but that is a different use case).

It just connects to "bar" and sends
GET /percent_s HTTP/1.1

Well, HTTP/1.1 added the Host header.

If you need http://foo/ to be sent to server bar, configure your DNS
(e.g. by editing /etc/hosts) so that "foo" resolves to bar's IP
address.

Regarding user:passwd_at_host syntax it us up to browser how to interpret the URL.
If browser cannot interpret username and password in the URL it is
just browser's thing.

I remember hearing 3 or more years ago that the commonly used web
browsers at that time were just silently swallowing the username and
password part before host name, and somebody used that for spoofing
http addresses.

Quick googling - it is year 2002 Mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=122445

See URL field and comment #2 in that bug report for an example.

Best regards,
Konstantin Kolinko
Received on 2011-11-12 20:35:22 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.