Reputation: 530
How do I use special characters (password) on the URL when dealing with HTTP authentication?
I have a directory that is protected by basic HTTP authentication.
When I access its URL, the browser asks me for the username and password.
My password is Cw=y?qUPP+Xy, and it works fine.
However, I would like to access it directly with the username and password on the URL.
I tried this:
https://user:[email protected], and it didn't work, for some reason google chrome returns this:
Is there a work-around?
Upvotes: 9
Views: 15343
Answers (1)
Reputation: 989
You need to URL encode it For example, "@" would become "%40"
But take into account that sending user and password through HTTP and/or through GET (parameters in the query string) is not a good idea... Try using POST method under HTTPS.
I will go ahead and add my comment to this answer, for visibility:
Even if it's local network and you are using HTTPS it's unsafe to send the password through GET... Imagine that I'm an admin and someone is behind me (who is not an admin), when I submit the form they can simply go and check the URL and know my password. Not a good idea, right?
It's like using a <input type="text"/> instead of a <input type="password"/> for the password.
Upvotes: 14
Related Questions
- HTTP Basic Authentication for specific domain
- How to protect a specific url through htaccess
- HTTP/HTTPS basic authentication: colon in username
- htaccess authentication rest api methods
- .htaccess authentication w/ friendly url
- Protect a url with HTTP authentication based on query string parameter
- Using Basic Authentication (htaccess) to restrict access to a specific URL
- htaccess Digest authentication
- Escaping username characters in basic auth URLs
- Apache basic authentication with the username/password in the url