From 0bce8844c975db9256d6b54104cd36ec9297abd7 Mon Sep 17 00:00:00 2001 From: "Malte S. Stretz" Date: Thu, 14 Sep 2023 18:00:12 +0200 Subject: [PATCH] Update realm restrictions (#28911) --- files/en-us/web/http/headers/www-authenticate/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/www-authenticate/index.md b/files/en-us/web/http/headers/www-authenticate/index.md index 946529a1968eea1..732f3307502ea78 100644 --- a/files/en-us/web/http/headers/www-authenticate/index.md +++ b/files/en-us/web/http/headers/www-authenticate/index.md @@ -82,7 +82,9 @@ WWW-Authenticate: Basic realm=, charset="UTF-8" - **realm=**\ {{optional_inline}} - : A string describing a protected area. - A realm allows a server to partition up the areas it protects (if supported by a scheme that allows such partitioning), and informs users about which particular username/password are required. + A realm allows a server to partition up the areas it protects (if supported by a scheme that allows such partitioning). + Some clients show this value to the user to inform them about which particular credentials are required — though most browsers stopped doing so to counter phishing. + The only reliably supported character set for this value is `us-ascii`. If no realm is specified, clients often display a formatted hostname instead. - `` {{optional_inline}} - : A token that may be useful for some schemes. The token allows the 66 unreserved URI characters plus a few others.