Hi all,
W10 x64 FF Quantum x64
I'm trying to login to an HTTPS site using embedded credentials like https://username:password@mydomain.com/test/ and it's not working.
I get a prompt saying I'm about to login using the user "username", I click on OK and nothing happens.
Using the same embedded URL in chrome and it works like a dream.
How do I get it to work in FF?
TIA
Greg
Embedded credentials not working
-
- Posts: 4
- Joined: November 19th, 2017, 1:31 pm
- Location: Sydney, Australia
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Embedded credentials not working
Has that behavior worked in the (recent) past?
I'm going to guess that Mozilla has specifically blocked it?
https://thisis:justatest@semantic-ui.co ... login.html
Note that when using that syntax, all pages generate the prompt, not just ones where a login is available.
https://thisis:justatest@www.google.com
I'm going to guess that Mozilla has specifically blocked it?
https://thisis:justatest@semantic-ui.co ... login.html
Note that when using that syntax, all pages generate the prompt, not just ones where a login is available.
https://thisis:justatest@www.google.com
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 4480
- Joined: March 19th, 2005, 10:51 am
Re: Embedded credentials not working
i can use it with my router, so its working, but it could be the website deny such syntax. in chromium it is forbidden since around v60 (maybe v59)
the magic number is 51 and you are probably part of it
-
- Posts: 4
- Joined: November 19th, 2017, 1:31 pm
- Location: Sydney, Australia
Re: Embedded credentials not working
Never tried it before with HTTP(S) pages so don't really know the answer to that. Used that syntax before with FTP and it worked and still does.therube wrote:Has that behavior worked in the (recent) past?
I'm going to guess that Mozilla has specifically blocked it?
https://thisis:justatest@semantic-ui.co ... login.html
Note that when using that syntax, all pages generate the prompt, not just ones where a login is available.
https://thisis:justatest@www.google.com
You might be right that it's FF blocking it as Chrome does work just fine with the same embedded URL.
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Embedded credentials not working
In that case, I'll go with:
(or that the page is not set up to accept such syntax).it could be the website deny such syntax
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 4
- Joined: November 19th, 2017, 1:31 pm
- Location: Sydney, Australia
Re: Embedded credentials not working
OK, but if that's the case why does it work correctly in Chrome?therube wrote:In that case, I'll go with:
(or that the page is not set up to accept such syntax).it could be the website deny such syntax
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Embedded credentials not working
The example I tested with [above] does not work in Chrome 38.
At least I would expect it to say, "Please enter a valid e-mail" (or similar) & it does not.
Instead I'm just left sitting at, https://semantic-ui.com/examples/login.html.
At least I would expect it to say, "Please enter a valid e-mail" (or similar) & it does not.
Instead I'm just left sitting at, https://semantic-ui.com/examples/login.html.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 4
- Joined: November 19th, 2017, 1:31 pm
- Location: Sydney, Australia
Re: Embedded credentials not working
@therube - Please excuse me if my understanding is incorrect but I have an embedded URL like https://username:password@mydomain.com/test/ that signs me in and displays the correct contents after a successfully logging in, when using Chrome. However FF will just display a popup telling me I am about to login with 'username' and then shows a blank page. Surely this means the website in question will except a URL with embedded username and password unless you happen to use FF. Therefore is not FF the issue?
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Embedded credentials not working
Oh, I'm not saying you're wrong, just saying in what & where I tested with, I wasn't getting it to work.
Seemingly (& not that I'm really familiar with this stuff), Chrome ...
Chrome 19 doesn't respect basic auth details embedded in the URL
HTTP username:password stripped out from links
And you know that whatever Chrome does, FF has to follow.
And on the FF end:
"Access using credentials in the URL
Many clients also let you avoid the login prompt by using an encoded URL containing the username and the password like this:
https://username:password@www.example.com/
The use of these URLs is deprecated. In Chrome, the username:password@ part in URLs is even stripped out for security reasons. In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt "You are about to log in to the site “www.example.com” with the username “username”, but the website does not require authentication. This may be an attempt to trick you."."
https://developer.mozilla.org/en-US/doc ... entication
Seemingly (& not that I'm really familiar with this stuff), Chrome ...
Chrome 19 doesn't respect basic auth details embedded in the URL
HTTP username:password stripped out from links
And you know that whatever Chrome does, FF has to follow.
And on the FF end:
"Access using credentials in the URL
Many clients also let you avoid the login prompt by using an encoded URL containing the username and the password like this:
https://username:password@www.example.com/
The use of these URLs is deprecated. In Chrome, the username:password@ part in URLs is even stripped out for security reasons. In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt "You are about to log in to the site “www.example.com” with the username “username”, but the website does not require authentication. This may be an attempt to trick you."."
https://developer.mozilla.org/en-US/doc ... entication
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript