Well, after re-reading the two somewhat conflicting RFC's both essentially say you can use '+' to encode space if the encoding appears in CGI information after '?' in a URL. Of course, that doesn't apply where the authz token is sent as a property (i.e. under a header) and %20 is required. That said, we are mincing words here in practice. The property is presented as a CGI token in the end and in that context a '+' is a valid encoding. So, who isn't following the rules here? On Thu, 12 Nov 2020, Elvin Sindrilaru wrote: > It is legitimate but it's not an encoding for empty space. Some old tools encode empty space as "+" but the standard says it should be "%20". More details in the RFC: https://tools.ietf.org/html/rfc3986 > > -- > You are receiving this because you commented. > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/1320#issuecomment-725923895 -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1320#issuecomment-725940091 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1