[Web-SIG] HTTP headers encoding

Manlio Perillo manlio_perillo at libero.it
Thu Dec 3 17:09:31 CET 2009

Manlio Perillo ha scritto:
> Hi.
> I'm doing some tests to try to understand how HTTP headers are encoded
> by browsers.
> I have written a simple WSGI application that asks authentication
> credentials and then print them on the terminal and return the data as
> response, as raw bytes
> http://paste.pocoo.org/show/154633/

I'm now testing using HTTP Digest Authentication.
The application is here:

It uses my wsgix framework
since I don't want to rewrite the entire Digest Authentication handling.

As user name I use the the string "àè€".
The results are:

- Firefox does not send any request, and instead it show me the returned
  response body "Authentication required".

  This is quite strange.

- Internet Explorer 6 encode the username using cp1252, as always.

- Opera (10.01) encode the username using utf-8

I can not test with Konqueror, since the wsgiref server have problems
with it.

All these implementation are against the HTTP spec.
username is a quoted string, and so it SHOULD be encoded using the
default latin-1, or another charset and in this case it should be
formatted as specified my MIME (unfortunately there are no examples in
the HTTP spec).

This is really a mess.
How is authorization username handled in common WSGI frameworks?

Thanks  Manlio

More information about the Web-SIG mailing list