Hey guys,
I think the <resource_type>://<username>:<password>@<host>/<path> scheme is not "illegal". There are examples of this in the URL RFC, just no explicit HTTP example. This probably a vague area. Its not in the http rfc and its not explicitly mentioned in the http auth rfc either but in combination with the URL RFC there is at least room for it. I haven't found the paragraph yet which says: no username:password stuff allowed in http urls. But I was just searching through these things … there are good chances I missed it. http://en.wikipedia.org/wiki/URI_scheme http://tools.ietf.org/html/rfc2617 http://www.ietf.org/rfc/rfc1738.txt Anyway, I came across such urls a lot. Often I use them for giving people easy access to an otherwise basic authed resource - in a chat conversation for example. I know apache and nginx support this - IIS does not. Hrm - tough call ;) Kind regards, John _______________________________________________ Unicorn mailing list - [email protected] http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying
