Support RFC-7617

[kxepal]

RFC-7617 updates the rules of Basic Authentication: now it gained support of optional charset parameter which defined the expected encoding of user credential. Previously, RFC-2616 only allowed to use ISO-8859-1 here, but de facto all major browsers and servers already provided support of UTF-8 in-place of ISO-8859-1. Now this behaviour get legalized and we can support it.

[asvetlov]

charset is WWW-Authenticate parameter, we don't rely on it in client code.
@kxepal do you suggest just switching encoding default to 'utf-8' in https://github.com/KeepSafe/aiohttp/blob/master/aiohttp/helpers.py#L33 line?

[kxepal]

I actually found this support a bit complicated. aiohttp indeed doesn't handles WWW-Authenticate header in anyway, so the idea was to just introduce some callback that will handle it and provide basic auth credentials. Like what browsers do. Quite useful, but...

Spec tells that default should remains latin1 while the only valid charset parameter is UTF-8. Ok. But, most of servers ignores all the specs and uses UTF-8 by default (however, we still have deviations) while actually nobody follows the new rules now. So implementing RFC-7617 support right actually breaks everything and we're returning to direct specification of what charset to use. What makes this feature a little bit, but completely broken.

Basically, situation here is the same as with http client from stdlib (and related discussion about on python dev ml): doing right things makes life harder. Changing the default is from the same opera: UTF-8 is good intention, but it's not what spec tells us to do. Sad panda.

[asvetlov]

Let's close the issue then.

[kxepal]

Ok with that.

[lock]

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.