RFC Errata
RFC 7616, "HTTP Digest Access Authentication", September 2015
Source of RFC: httpauth (sec)
Errata ID: 7936
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Joe Orton
Date Reported: 2024-05-13
Section 3.3 says:
domain
A quoted, space-separated list of URIs, as specified in [RFC3986],
that define the protection space. If a URI is a path-absolute, it
is relative to the canonical root URL. (See Section 2.2 of
It should say:
domain
A quoted, space-separated list of URI-reference strings, as specified in [RFC3986],
that define the protection space. If a URI-reference is in a relative form, it
is relative to the canonical root URL. (See Section 2.2 of
Notes:
The definition of the "domain" parameter is inconsistent/contradictory - a list of space-separated URIs cannot include a path-absolute, since path-absolute is not a URI - though it is a URI-reference. If the intent was that "a space-separated list of URI-reference strings" is allowed, that could be used instead, per my suggested corrected text.
It is likely both that the intent was not to allow any URI-reference here, and that current client implementations accept only absolute-URI or path-absolute. So it could instead be clarified as follows:
A quoted, space-separated list of either absolute-URI or path-absolute, as specified in [RFC3986], that define the protection space.