Support the 'charset' auth-param in basic authentication

External Issue #11879594


Vittal A.
May 3, 2017
This issue is public.
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

At present, IE will respond to a basic HTTP authentication WWW-Authenticate request with an Authorization header containing the base64 encoded username and password. However, the character set for the username and password are assumed to use iso-8859-1. This can cause problems for usernames/passwords containing the ‘£’ sign. This can be represented as a single byte of \xa3 or as \xc2\xa3 (UTF-8). IE appears to send only a single byte, which causes problems if the server is storing the value as multi-byte. specifies that the server can send the “charset” parameter along with the WWW-Authenticate header. If given as UTF-8, then the client should encode the username and password as utf-8 before base64 encoding. This removes any ambiguity about the contents of the username and password while maintaining backward compatibility.

This is tracked for Firefox at

Chrome appears to always use UTF-8.


0 attachments

    Comments and activity

    • Duplicate of #11879611

    • Microsoft Edge Team

      Changed Assigned To to “James M.”

      Changed Status to “External”

    • This bug has marked as duplicate. Please follow the parent issue to get new updates.

    You need to sign in to your Microsoft account to add a comment.

    Sign in