W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2020

Re: Adding user@ to HTTP[S] URIs

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 27 Jan 2020 16:32:34 +0100
To: Daniel Stenberg <daniel@haxx.se>
Cc: Rick van Rein <rick@openfortress.nl>, James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Message-ID: <20200127153234.GA30398@1wt.eu>
On Mon, Jan 27, 2020 at 01:40:51PM +0100, Daniel Stenberg wrote:
> On Mon, 27 Jan 2020, Rick van Rein wrote:
> > Browsers have no consistency in this usage pattern, so this is
> > definately a niche.
> Yes, but a niche with potentially a large amount of users.
> And in fact, it sends the user name without a password in a HTTP header,
> which is... well, what you ask for. =)

Actually the only valid use case I've ever had for user[+pass] in URIs
were for FTP URIs that I was typing in browsers (or following links to
download stuff from various places). I'm not even sure browsers still
support FTP URIs nowadays ;-)

Received on Monday, 27 January 2020 15:32:45 UTC

This archive was generated by hypermail 2.4.0 : Monday, 27 January 2020 15:32:46 UTC