The RFCs around basic authentication don't explicitly disallow empty usernames. On the other hand usernames containing colons are, as colons are used to separate the username from the password.
The RFCs around basic authentication don't explicitly disallow empty usernames. On the other hand usernames containing colons are, as colons are used to separate the username from the password.