[erlang-patches] problem with ":" in http passwords

David Welton <>
Wed May 19 14:05:50 CEST 2010

>> I was trying to do something along the lines of
>> http:request("http://foo:bar:bee:bop@dedasys.com"), where, in theory,
>> 'foo' is the username, and the rest is a password, but that causes
>> problems - try it for yourself and see what sort of headers it
>> generates.
> Looking at RFC 1738:
> The user name (and password), if present, are followed by a commercial
> at-sign "@". Within the user and password field, any ":", "@", or "/"
> must be encoded.
> See: http://www.faqs.org/rfcs/rfc1738.html
> Maybe try:
>    edoc_lib:escape_uri("my:pass").

Aha - I suspected as much, but I looked at the wrong RFC, I guess.  A
quick experiment shows that the service I'm trying to talk with
(twitter's streaming API) does not like it if I encode the entire
password, but does accept encoded ':' characters (as per the RFC, I
suppose).  It also accepts it unencoded.  So the proper fix here will
encode :, @ and / and nothing else.  It'll probably take me a bit to
get to that.

David N. Welton



More information about the erlang-patches mailing list