Steps to reproduce
At present, IE will respond to a basic HTTP authentication WWW-Authenticate request with an Authorization header containing the base64 encoded username and password. However, the character set for the username and password are assumed to use iso-8859-1. This can cause problems for usernames/passwords containing the ‘£’ sign. This can be represented as a single byte of \xa3 or as \xc2\xa3 (UTF-8). IE appears to send only a single byte, which causes problems if the server is storing the value as multi-byte.
https://tools.ietf.org/html/rfc7617#section-2.1 specifies that the server can send the “charset” parameter along with the WWW-Authenticate header. If given as UTF-8, then the client should encode the username and password as utf-8 before base64 encoding. This removes any ambiguity about the contents of the username and password while maintaining backward compatibility.
This is tracked for Firefox at https://bugzilla.mozilla.org/show_bug.cgi?id=41489
Chrome appears to always use UTF-8.
Comments and activity
Duplicate of #11879611
- Microsoft Edge Team
Changed Assigned To to “James M.”
Changed Status to “External”
This bug has marked as duplicate. Please follow the parent issue to get new updates.