How do I use special characters (password) on the URL when dealing with HTTP authentication?

StackOverflow https://stackoverflow.com/questions/22544219

Question

I have a directory that is protected by basic HTTP authentication.

When I access its URL, the browser asks me for the username and password.

My password is Cw=y?qUPP+Xy, and it works fine.

However, I would like to access it directly with the username and password on the URL.

I tried this:

https://user:Cw=y?qUPP+Xy@example.com, and it didn't work, for some reason google chrome returns this:

enter image description here

Is there a work-around?

Was it helpful?

Solution

You need to URL encode it For example, "@" would become "%40"

But take into account that sending user and password through HTTP and/or through GET (parameters in the query string) is not a good idea... Try using POST method under HTTPS.

I will go ahead and add my comment to this answer, for visibility:

Even if it's local network and you are using HTTPS it's unsafe to send the password through GET... Imagine that I'm an admin and someone is behind me (who is not an admin), when I submit the form they can simply go and check the URL and know my password. Not a good idea, right?

It's like using a <input type="text"/> instead of a <input type="password"/> for the password.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top