From 7eaad60737bc507596c56cec4951b089596ccc9e Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sun, 20 Mar 2022 11:52:02 -0700 Subject: [PATCH] net/http: flesh out Request.SetBasicAuth docs a bit Clarify that username can't contain a colon. See https://go.dev/play/p/aM25UHC6n98 Change-Id: I342575107104cbcd28b1d3442c474adf93b7f03c Reviewed-on: https://go-review.googlesource.com/c/go/+/394115 Trust: Brad Fitzpatrick Reviewed-by: Ian Lance Taylor --- src/net/http/request.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/net/http/request.go b/src/net/http/request.go index 76c2317d28..f8f1eeab29 100644 --- a/src/net/http/request.go +++ b/src/net/http/request.go @@ -969,11 +969,13 @@ func parseBasicAuth(auth string) (username, password string, ok bool) { // Basic Authentication with the provided username and password. // // With HTTP Basic Authentication the provided username and password -// are not encrypted. +// are not encrypted. It should generally only be used in an HTTPS +// request. // -// Some protocols may impose additional requirements on pre-escaping the -// username and password. For instance, when used with OAuth2, both arguments -// must be URL encoded first with url.QueryEscape. +// The username may not contain a colon. Some protocols may impose +// additional requirements on pre-escaping the username and +// password. For instance, when used with OAuth2, both arguments must +// be URL encoded first with url.QueryEscape. func (r *Request) SetBasicAuth(username, password string) { r.Header.Set("Authorization", "Basic "+basicAuth(username, password)) } -- 2.48.1