Test Cases for HTTP Test Cases for the HTTP WWW-Authenticate header field

Please send feedback to julian.reschke@gmx.de.

Related Reading

Browsers Tested

Unless stated otherwise, all tests were executed with the latest release versions of Firefox, Google Chrome and Microsoft Internet Explorer on a machine running Windows 10. Konqueror was tested on OpenSuse 11.4. Safari tests date back to the time when it was available on Windows (test results from that other platform appreciated). Test versions are included when there was a change related to the test cases.

Test Result Summary

Colors -- Red: Failure, Green: Pass, Yellow: Warning, Grey: Not Supported

Score -- Passes: 2 points, Warning: 1 point, in percent of possible points (this should be updated to count optional features differently)

Test CaseFirefox 62Microsoft IE 11 (11.0.85)Microsoft Edge (42.17134)Safari 5.1Konqueror 4.8.4Google Chrome 70
Summary50% passes, 22% failures, 19% warnings, 0% unsupported, 9% to-do
Score: 59
50% passes, 22% failures, 19% warnings, 0% unsupported, 9% to-do
Score: 59
50% passes, 22% failures, 19% warnings, 0% unsupported, 9% to-do
Score: 59
62% passes, 9% failures, 19% warnings, 0% unsupported, 9% to-do
Score: 72
66% passes, 6% failures, 19% warnings, 0% unsupported, 9% to-do
Score: 75
9% passes, 19% failures, 62% warnings, 0% unsupported, 9% to-do
Score: 41
Basicsimplebasicpasspasspasspasswarn (does not display the realm name)
simplebasiclfpassfail (Doesn't see the realm parameter) passpasswarn (does not display the realm name)
simplebasicucasepasspasspassfail (misses the realm parameter) warn (does not display the realm name)
simplebasictokwarn (accepts the unquoted form) warn (accepts the unquoted form) warn (accepts the unquoted form) warn (accepts the unquoted form) warn (accepts the syntax, but then does not display the realm)
simplebasictokbswarn (accepts the unquoted form) warn (accepts the unquoted form) pass (ignores the challenge) warn (accepts the unquoted form) warn (accepts the syntax, but then does not display the realm)
simplebasicsqwarn (detects realm 'foo') warn (detects realm 'foo') warn (detects realm 'foo') warn (detects realm 'foo') warn (accepts the syntax, but then does not display the realm)
simplebasicpctpasspasspasspasswarn (does not display the realm name)
simplebasiccommapasspasspasspasspass
simplebasiccomma2pass (ignores the header field) pass (ignores the header field) warn (accepts the header field) pass (ignores the header field) pass (ignores the header field)
simplebasicnorealmwarn (accepts the realm-less form) warn (accepts the realm-less form (shows "(null") realm)) warn (accepts the realm-less form, derives the presented value from the host name) warn (accepts the realm-less form, derives the presented value from the host name) warn (accepts the realm-less form)
simplebasic2realmswarn (takes the first realm) warn (takes the first realm) warn (takes the second realm) warn (takes the first realm) warn (accepts the syntax, but does not display a realm)
simplebasicwsrealmfailpasspassfailwarn (does not display the realm name)
simplebasicrealmsqcpassfail (fails to unescape, thus sees the realm \f\o\o) fail (fails to unescape, thus sees the realm \f\o\o) passwarn (does not display the realm name)
simplebasicrealmsqc2passfail (fails to unescape, thus sees the realm "\foo\") fail (fails to unescape, thus sees the realm "\foo\") passwarn (does not display the realm name)
simplebasicnewparam1passpasspasspasswarn (does not display the realm name)
simplebasicnewparam2passpasspasspasswarn (does not display the realm name)
simplebasicrealmiso88591passpasspasspasswarn (does not display the realm name)
simplebasicrealmutf8pass (displayed as the two raw characters ä) pass (displayed as the two raw characters ä) pass (displayed as the two raw characters ä) pass (displayed as the two raw characters ä) warn (does not display the realm name)
simplebasicrealmrfc2047passpasspasspasswarn (does not display the realm name)
Multiple Challengesmultibasicunknownpasspasspasspasswarn (does not display the realm name)
multibasicunknownnoparam
multibasicunknown2fail (doesn't see the Basic challenge (see Mozilla Bug 669675)) fail (doesn't see the Basic challenge) passpassfail (doesn't see the Basic challenge (see Chrome Issue 103220))
multibasicunknown2np
multibasicunknown2mfpasspasspasspasswarn (does not display the realm name)
multibasicemptyfail (doesn't see the Basic challenge (likely the same as Mozilla Bug 669675)) fail (doesn't see the Basic challenge) fail (doesn't see the Basic challenge) passfail (doesn't see the Basic challenge)
multibasicqsfail (doesn't see the Basic challenge (likely the same as Mozilla Bug 669675)) fail (doesn't see the Basic challenge) passpassfail (doesn't see the Basic challenge)
multidisgschemefail (doesn't see the Basic challenge (likely the same as Mozilla Bug 669675)) fail (doesn't see the Basic challenge) passpassfail (doesn't see the Basic challenge)
Unknown Schemesunknownpass (Page is displayed, no prompt) pass (Page is displayed, no prompt) pass (Page is displayed, no prompt) pass (Page is displayed, no prompt) pass (Page is displayed, no prompt)
parametersnotrequired
Parsing quirksdisguisedrealmfail (detects realm nottherealm",) passpasspassfail (doesn't see the Basic challenge)
disguisedrealm2fail (detects realm nottherealm) passpasspassfail (doesn't see the Basic challenge)
missingquotewarn (detects realm basic) warn (detects realm basic) warn (detects realm basic) warn (detects Basic challenge with no realm) warn (detects Basic challenge with no realm)

Test Cases

Basic

Various tests checking Basic auth.

simplebasic [TEST] [R]

WWW-Authenticate: Basic realm="foo"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo

simplebasiclf [TEST] [R]

WWW-Authenticate: Basic
 realm="foo"
Test Results
FF62pass
MSIE11fail (Doesn't see the realm parameter)
Edge42fail (Doesn't see the realm parameter)
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, with (deprecated) line folding

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo

simplebasicucase [TEST] [R]

WWW-Authenticate: BASIC REALM="foo"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqfail (misses the realm parameter)
Chr70warn (does not display the realm name)

simple Basic auth (using uppercase characters)

Extracted raw data:

scheme name   parameter name   parameter value   
BASICREALM"foo"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo

simplebasictok [TEST] [R]

WWW-Authenticate: Basic realm=foo
Test Results
FF62warn (accepts the unquoted form)
MSIE11warn (accepts the unquoted form)
Edge42warn (accepts the unquoted form)
Safariwarn (accepts the unquoted form)
Konqwarn (accepts the unquoted form)
Chr70warn (accepts the syntax, but then does not display the realm)

simple Basic auth, using token format for realm (but see Section 2.2 of RFC 7235)

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealmfoo

Invalid syntax: parameter 'realm' is defined to only use 'quoted-string' syntax.

simplebasictokbs [TEST] [R]

WWW-Authenticate: Basic realm=\f\o\o
                        ^ (PARSE ERROR)
Test Results
FF62warn (accepts the unquoted form)
MSIE11warn (accepts the unquoted form)
Edge42warn (accepts the unquoted form)
Safaripass (ignores the challenge)
Konqwarn (accepts the unquoted form)
Chr70warn (accepts the syntax, but then does not display the realm)

simple Basic auth, using token format for realm (but see Section 2.2 of RFC 7235), including backslashes

simplebasicsq [TEST] [R]

WWW-Authenticate: Basic realm='foo'
Test Results
FF62warn (detects realm 'foo')
MSIE11warn (detects realm 'foo')
Edge42warn (detects realm 'foo')
Safariwarn (detects realm 'foo')
Konqwarn (detects realm 'foo')
Chr70warn (accepts the syntax, but then does not display the realm)

simple Basic auth, using single quotes (these are allowed in a token, but should not be treated as quote characters)

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm'foo'

Invalid syntax: parameter 'realm' is defined to only use 'quoted-string' syntax.

simplebasicpct [TEST] [R]

WWW-Authenticate: Basic realm="foo%20bar"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, containing a %-escape (which isn't special here)

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo%20bar"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo%20bar

simplebasiccomma [TEST] [R]

WWW-Authenticate: Basic , realm="foo"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70pass

simple Basic auth, with a comma between schema and auth-param

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo

simplebasiccomma2 [TEST] [R]

WWW-Authenticate: Basic, realm="foo"
                              ^ (PARSE ERROR)
Test Results
FF62pass (ignores the header field)
MSIE11pass (ignores the header field)
Edge42pass (ignores the header field)
Safariwarn (accepts the header field)
Konqpass (ignores the header field)
Chr70pass (ignores the header field)

simple Basic auth, with a comma between schema and auth-param (this is invalid because of the missing space characters after the scheme name)

simplebasicnorealm [TEST] [R]

WWW-Authenticate: Basic
Test Results
FF62warn (accepts the realm-less form)
MSIE11warn (accepts the realm-less form (shows "(null") realm))
Edge42warn (accepts the realm-less form (shows "(null") realm))
Safariwarn (accepts the realm-less form, derives the presented value from the host name)
Konqwarn (accepts the realm-less form, derives the presented value from the host name)
Chr70warn (accepts the realm-less form)

simple Basic auth, realm parameter missing

Extracted raw data:

scheme name   parameter name   parameter value   
Basic

Invalid syntax: parameter 'realm' needs to appear exactly once for 'basic' challenge.

simplebasic2realms [TEST] [R]

WWW-Authenticate: Basic realm="foo", realm="bar"
Test Results
FF62warn (takes the first realm)
MSIE11warn (takes the first realm)
Edge42warn (takes the first realm)
Safariwarn (takes the second realm)
Konqwarn (takes the first realm)
Chr70warn (accepts the syntax, but does not display a realm)

simple Basic auth with two realm parameters

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo"
realm"bar"

Invalid syntax: parameter 'realm' needs to appear exactly once for 'basic' challenge.

simplebasicwsrealm [TEST] [R]

WWW-Authenticate: Basic realm = "foo"
Test Results
FF62fail
MSIE11pass
Edge42pass
Safaripass
Konqfail
Chr70warn (does not display the realm name)

simple Basic auth, (bad) whitespace used in auth-param assignment

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo

simplebasicrealmsqc [TEST] [R]

WWW-Authenticate: Basic realm="\f\o\o"
Test Results
FF62pass
MSIE11fail (fails to unescape, thus sees the realm \f\o\o)
Edge42fail (fails to unescape, thus sees the realm \f\o\o)
Safarifail (fails to unescape, thus sees the realm \f\o\o)
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, with realm using quoted string escapes

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"\f\o\o"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo

simplebasicrealmsqc2 [TEST] [R]

WWW-Authenticate: Basic realm="\"foo\""
Test Results
FF62pass
MSIE11fail (fails to unescape, thus sees the realm "\foo\")
Edge42fail (fails to unescape, thus sees the realm "\foo\")
Safarifail (fails to unescape, thus sees the realm "\foo\")
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, with realm using quoted string escapes

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"\"foo\""

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealm"foo"

simplebasicnewparam1 [TEST] [R]

WWW-Authenticate: Basic realm="foo", bar="xyz",, a=b,,,c=d
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, with additional auth-params

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo"
bar"xyz"
ab
cd

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo
barxyz
ab
cd

simplebasicnewparam2 [TEST] [R]

WWW-Authenticate: Basic bar="xyz", realm="foo"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, with an additional auth-param (but with reversed order)

Extracted raw data:

scheme name   parameter name   parameter value   
Basicbar"xyz"
realm"foo"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicbarxyz
realmfoo

simplebasicrealmiso88591 [TEST] [R]

WWW-Authenticate: Basic realm="foo-"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, using "a umlaut" character encoded using ISO-8859-1

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo-"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo-

simplebasicrealmutf8 [TEST] [R]

WWW-Authenticate: Basic realm="foo-ä"
Test Results
FF62pass (displayed as the two raw characters ä)
MSIE11pass (displayed as the two raw characters ä)
Edge42pass (displayed as the two raw characters ä)
Safaripass (displayed as the two raw characters ä)
Konqpass (displayed as the two raw characters ä)
Chr70warn (does not display the realm name)

simple Basic auth, using "a umlaut" character encoded using UTF-8

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"foo-ä"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmfoo-ä

simplebasicrealmrfc2047 [TEST] [R]

WWW-Authenticate: Basic realm="=?ISO-8859-1?Q?foo-=E4?="
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

simple Basic auth, using "a umlaut" character encoded using RFC 2047

RFC 2047 does not apply to quoted-strings, so the realm really is =?ISO-8859-1?Q?foo-=E4?=

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"=?ISO-8859-1?Q?foo-=E4?="

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealm=?ISO-8859-1?Q?foo-=E4?=

Multiple Challenges

Various tests checking multiple challenges.

multibasicunknown [TEST] [R]

WWW-Authenticate: Basic realm="basic", Newauth realm="newauth"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

a header field containing two challenges, one of which unknown

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"basic"
scheme name   parameter name   parameter value   
Newauthrealm"newauth"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmbasic

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauthrealmnewauth

multibasicunknownnoparam [TEST] [R]

WWW-Authenticate: Basic realm="basic", Newauth

a header field containing two challenges, one of which unknown and has no parameters

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"basic"
scheme name   parameter name   parameter value   
Newauth

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmbasic

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauth

multibasicunknown2 [TEST] [R]

WWW-Authenticate: Newauth realm="newauth", Basic realm="basic"
Test Results
FF62fail (doesn't see the Basic challenge (see Mozilla Bug 669675))
MSIE11fail (doesn't see the Basic challenge)
Edge42fail (doesn't see the Basic challenge)
Safaripass
Konqpass
Chr70fail (doesn't see the Basic challenge (see Chrome Issue 103220))

as above, but with challenges swapped

Extracted raw data:

scheme name   parameter name   parameter value   
Newauthrealm"newauth"
scheme name   parameter name   parameter value   
Basicrealm"basic"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauthrealmnewauth

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmbasic

multibasicunknown2np [TEST] [R]

WWW-Authenticate: Newauth, Basic realm="basic"

as above, but with challenges swapped

Extracted raw data:

scheme name   parameter name   parameter value   
Newauth
scheme name   parameter name   parameter value   
Basicrealm"basic"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauth

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmbasic

multibasicunknown2mf [TEST] [R]

WWW-Authenticate: Newauth realm="newauth"
WWW-Authenticate: Basic realm="basic"
Test Results
FF62pass
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70warn (does not display the realm name)

as above, but using two header fields

Extracted raw data:

scheme name   parameter name   parameter value   
Newauthrealm"newauth"
scheme name   parameter name   parameter value   
Basicrealm"basic"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauthrealmnewauth

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmbasic

multibasicempty [TEST] [R]

WWW-Authenticate: ,Basic realm="basic"
Test Results
FF62fail (doesn't see the Basic challenge (likely the same as Mozilla Bug 669675))
MSIE11fail (doesn't see the Basic challenge)
Edge42fail (doesn't see the Basic challenge)
Safarifail (doesn't see the Basic challenge)
Konqpass
Chr70fail (doesn't see the Basic challenge)

a header field containing one Basic challenge, following an empty one

Extracted raw data:

scheme name   parameter name   parameter value   
Basicrealm"basic"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmbasic

multibasicqs [TEST] [R]

WWW-Authenticate: Newauth realm="apps", type=1, title="Login to \"apps\"", Basic realm="simple" 
Test Results
FF62fail (doesn't see the Basic challenge (likely the same as Mozilla Bug 669675))
MSIE11fail (doesn't see the Basic challenge)
Edge42fail (doesn't see the Basic challenge)
Safaripass
Konqpass
Chr70fail (doesn't see the Basic challenge)

a header field containing two challenges, the first one for a new scheme and having a parameter using quoted-string syntax

Extracted raw data:

scheme name   parameter name   parameter value   
Newauthrealm"apps"
type1
title"Login to \"apps\""
scheme name   parameter name   parameter value   
Basicrealm"simple"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauthrealmapps
type1
titleLogin to "apps"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmsimple

multidisgscheme [TEST] [R]

WWW-Authenticate: Newauth realm="Newauth Realm", basic=foo, Basic realm="Basic Realm" 
Test Results
FF62fail (doesn't see the Basic challenge (likely the same as Mozilla Bug 669675))
MSIE11fail (doesn't see the Basic challenge)
Edge42fail (doesn't see the Basic challenge)
Safaripass
Konqpass
Chr70fail (doesn't see the Basic challenge)

a header field containing two challenges, the first one for a new scheme and having a parameter called "Basic"

Extracted raw data:

scheme name   parameter name   parameter value   
Newauthrealm"Newauth Realm"
basicfoo
scheme name   parameter name   parameter value   
Basicrealm"Basic Realm"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauthrealmNewauth Realm
basicfoo

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicrealmBasic Realm

Unknown Schemes

Tests for how unknown schemes are handled.

unknown [TEST] [R]

WWW-Authenticate: Newauth param="value"
Test Results
FF62pass (Page is displayed, no prompt)
MSIE11pass (Page is displayed, no prompt)
Edge42pass (Page is displayed, no prompt)
Safaripass (Page is displayed, no prompt)
Konqpass (Page is displayed, no prompt)
Chr70pass (Page is displayed, no prompt)

a header field containing a challenge for an unknown scheme

Extracted raw data:

scheme name   parameter name   parameter value   
Newauthparam"value"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
newauthparamvalue

parametersnotrequired [TEST] [R]

WWW-Authenticate: A, B

parameters are not required

Extracted raw data:

scheme name   parameter name   parameter value   
A
scheme name   parameter name   parameter value   
B

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
a

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
b

Parsing quirks

Tests for how tricky header fields are parsed.

disguisedrealm [TEST] [R]

WWW-Authenticate: Basic foo="realm=nottherealm", realm="basic"
Test Results
FF62fail (detects realm nottherealm",)
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70fail (doesn't see the Basic challenge)

a header field containing a Basic challenge, with a quoted-string extension param that happens to contain the string "realm="

Extracted raw data:

scheme name   parameter name   parameter value   
Basicfoo"realm=nottherealm"
realm"basic"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicfoorealm=nottherealm
realmbasic

disguisedrealm2 [TEST] [R]

WWW-Authenticate: Basic nottherealm="nottherealm", realm="basic"
Test Results
FF62fail (detects realm nottherealm)
MSIE11pass
Edge42pass
Safaripass
Konqpass
Chr70fail (doesn't see the Basic challenge)

a header field containing a Basic challenge, with a preceding extension param named "nottherealm"

Extracted raw data:

scheme name   parameter name   parameter value   
Basicnottherealm"nottherealm"
realm"basic"

After post-processing the authentication scheme name, parameter names, and parameter values:

scheme name   parameter name   parameter value   
basicnottherealmnottherealm
realmbasic

missingquote [TEST] [R]

WWW-Authenticate: Basic realm="basic
                        ^ (PARSE ERROR)
Test Results
FF62warn (detects realm basic)
MSIE11warn (detects realm basic)
Edge42warn (detects realm basic)
Safariwarn (detects realm basic)
Konqwarn (detects Basic challenge with no realm)
Chr70warn (detects Basic challenge with no realm)

a header field containing a Basic challenge, with a realm missing the second double quote

Test Case Generation

Both this document and the indiviual test "scripts" are generated from one single XML source (httpauth.xml), using an XSLT2 transformation (httpauth.xslt).

To generate the files, an XSLT2 processor such as Saxon 9 is needed. Copy both files into an empty directory, then run:

saxon9 httpauth.xml httpauth.xslt > index.html

Note that this will also generate a set of "*.asis" and "nph-*.cgi" files that contain the actual test cases. The "*.asis" files need to be served using the Apache httpd mod_asis module.