Unplanned
Last Updated: 12 Oct 2020 05:24 by ADMIN
Eric
Created on: 06 Oct 2020 18:00
Type: Bug Report
0
Fiddler Auth Inspector should decode BASIC credentials using Encoding.UTF8 not Encoding.Default

Fiddler’s “Auth” Inspector uses Encoding.Default() for decoding base64-encoded BASIC auth credentials. This was common practice at the time this was first written but is now obsolete. https://tools.ietf.org/html/rfc7617, written much later, demands UTF-8.

Chromium and Firefox encodes credentials using UTF-8.

https://source.chromium.org/chromium/chromium/src/+/master:net/http/http_auth_handler_basic.cc;l=89;bpv=1;bpt=1

0 comments