diff options
author | Benoit Sigoure <tsunanet@gmail.com> | 2019-04-22 14:35:01 -0700 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2019-04-22 22:54:41 +0000 |
commit | 415da714fa2b7e96743e14fe0a33f02ae8c8dd5b (patch) | |
tree | 3dc58507a3aa957f2da090422b183c9831ae0770 /src/net/http/request.go | |
parent | 1f0c102a57f62de6f66381c75732ba486da7b904 (diff) | |
download | go-415da714fa2b7e96743e14fe0a33f02ae8c8dd5b.tar.gz go-415da714fa2b7e96743e14fe0a33f02ae8c8dd5b.zip |
net/http: document that Basic Auth may require URL encoding
Explicitly warn callers that no URL encoding is performed and
that they might need to do it.
Fixes #31577
Change-Id: I52dc3fd2798ba8c3652d4a967b1c5c48eb69f43b
Reviewed-on: https://go-review.googlesource.com/c/go/+/173319
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src/net/http/request.go')
-rw-r--r-- | src/net/http/request.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/net/http/request.go b/src/net/http/request.go index da5ac2c71b..8afe1a7c0c 100644 --- a/src/net/http/request.go +++ b/src/net/http/request.go @@ -912,6 +912,10 @@ func parseBasicAuth(auth string) (username, password string, ok bool) { // // With HTTP Basic Authentication the provided username and password // are not encrypted. +// +// Some protocols may impose additional requirements on pre-escaping the +// username and password. For instance, when used with OAuth2, both arguments +// must be URL encoded first with url.QueryEscape. func (r *Request) SetBasicAuth(username, password string) { r.Header.Set("Authorization", "Basic "+basicAuth(username, password)) } |