diff options
author | Brad Fitzpatrick <bradfitz@golang.org> | 2022-03-20 11:52:02 -0700 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2022-03-20 21:02:35 +0000 |
commit | 7eaad60737bc507596c56cec4951b089596ccc9e (patch) | |
tree | 4d783f6106f5ca058def8e82694b76b1ec0a5e78 | |
parent | 6673d5d701d224919d910e88a73b6f69472c9ed1 (diff) | |
download | go-7eaad60737bc507596c56cec4951b089596ccc9e.tar.gz go-7eaad60737bc507596c56cec4951b089596ccc9e.zip |
net/http: flesh out Request.SetBasicAuth docs a bit
Clarify that username can't contain a colon.
See https://go.dev/play/p/aM25UHC6n98
Change-Id: I342575107104cbcd28b1d3442c474adf93b7f03c
Reviewed-on: https://go-review.googlesource.com/c/go/+/394115
Trust: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
-rw-r--r-- | src/net/http/request.go | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/net/http/request.go b/src/net/http/request.go index 76c2317d28..f8f1eeab29 100644 --- a/src/net/http/request.go +++ b/src/net/http/request.go @@ -969,11 +969,13 @@ func parseBasicAuth(auth string) (username, password string, ok bool) { // Basic Authentication with the provided username and password. // // With HTTP Basic Authentication the provided username and password -// are not encrypted. +// are not encrypted. It should generally only be used in an HTTPS +// request. // -// Some protocols may impose additional requirements on pre-escaping the -// username and password. For instance, when used with OAuth2, both arguments -// must be URL encoded first with url.QueryEscape. +// The username may not contain a colon. Some protocols may impose +// additional requirements on pre-escaping the username and +// password. For instance, when used with OAuth2, both arguments must +// be URL encoded first with url.QueryEscape. func (r *Request) SetBasicAuth(username, password string) { r.Header.Set("Authorization", "Basic "+basicAuth(username, password)) } |