net/http: document that Basic Auth may require URL encoding

Explicitly warn callers that no URL encoding is performed and that they might need to do it. Fixes #31577 Change-Id: I52dc3fd2798ba8c3652d4a967b1c5c48eb69f43b Reviewed-on: https://go-review.googlesource.com/c/go/+/173319Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

net/http: document that Basic Auth may require URL encoding
Explicitly warn callers that no URL encoding is performed and that they might need to do it. Fixes #31577 Change-Id: I52dc3fd2798ba8c3652d4a967b1c5c48eb69f43b Reviewed-on: https://go-review.googlesource.com/c/go/+/173319Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
415da714 · Benoit Sigoure · Brad Fitzpatrick · 1f0c102a · 415da714
Commit 415da714 authored Apr 22, 2019 by Benoit Sigoure Committed by Brad Fitzpatrick Apr 22, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

src/net/http/request.go src/net/http/request.go +4 -0

No files found.
--- a/src/net/http/request.go
+++ b/src/net/http/request.go
@@ -912,6 +912,10 @@ func parseBasicAuth(auth string) (username, password string, ok bool) {
 //
 // With HTTP Basic Authentication the provided username and password
 // are not encrypted.
+//
+// Some protocols may impose additional requirements on pre-escaping the
+// username and password. For instance, when used with OAuth2, both arguments
+// must be URL encoded first with url.QueryEscape.
 func (r *Request) SetBasicAuth(username, password string) {
 	r.Header.Set("Authorization", "Basic "+basicAuth(username, password))
 }