• lemmyreader@lemmy.ml
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    8 months ago

    Daisuke fixed a 22-year old bug and we now prevent passwords in URLs from being saved in history!

    Interesting.

    • xlash123@sh.itjust.works
      link
      fedilink
      arrow-up
      31
      ·
      8 months ago

      RIP that one guy who relied on this bug. He’s gonna have to create a bookmark now, which will ruin his whole workflow.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      5
      ·
      8 months ago

      That’s good, but out of scope for a browser, really. Also there shouldn’t be passwords in URLs!

      • strcrssd@kbin.social
        link
        fedilink
        arrow-up
        11
        ·
        8 months ago

        It has nothing to do with website design. It’s part of the HTTP protocol. A poor part in today’s understanding and use cases, but in the 90s it would have made sense.

            • flashgnash@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              8 months ago

              I thought basic Auth was where you base64 encoded the username and password and sent it as the Authorization header

              • Ghoelian@lemmy.dbzer0.com
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                8 months ago

                That is also a form of basic auth, you still pass the credentials like “username:password”, optionally base64 encoded but I don’t believe that’s required.

                Edit: actually, after looking into it a bit more, it seems like passing credentials in the url will actually cause the browser to send it as an authorization header instead. So in essence it’s doing the same thing.