Embedded credentials not working

[gregeeh]

Hi all,

W10 x64 FF Quantum x64

I'm trying to login to an HTTPS site using embedded credentials like https://username:password@mydomain.com/test/ and it's not working.

I get a prompt saying I'm about to login using the user "username", I click on OK and nothing happens.

Using the same embedded URL in chrome and it works like a dream.

How do I get it to work in FF?

TIA

Greg

[therube]

Has that behavior worked in the (recent) past?
I'm going to guess that Mozilla has specifically blocked it?

https://thisis:justatest@semantic-ui.co ... login.html

Note that when using that syntax, all pages generate the prompt, not just ones where a login is available.

https://thisis:justatest@www.google.com

[Brummelchen]

i can use it with my router, so its working, but it could be the website deny such syntax. in chromium it is forbidden since around v60 (maybe v59)

[gregeeh]

Has that behavior worked in the (recent) past?
I'm going to guess that Mozilla has specifically blocked it?

https://thisis:justatest@semantic-ui.co ... login.html

Note that when using that syntax, all pages generate the prompt, not just ones where a login is available.

https://thisis:justatest@www.google.com

Never tried it before with HTTP(S) pages so don't really know the answer to that. Used that syntax before with FTP and it worked and still does.

You might be right that it's FF blocking it as Chrome does work just fine with the same embedded URL.

[therube]

In that case, I'll go with:

it could be the website deny such syntax

(or that the page is not set up to accept such syntax).

[gregeeh]

In that case, I'll go with:

it could be the website deny such syntax

(or that the page is not set up to accept such syntax).

OK, but if that's the case why does it work correctly in Chrome?

[therube]

The example I tested with [above] does not work in Chrome 38.
At least I would expect it to say, "Please enter a valid e-mail" (or similar) & it does not.
Instead I'm just left sitting at, https://semantic-ui.com/examples/login.html.

[gregeeh]

@therube - Please excuse me if my understanding is incorrect but I have an embedded URL like https://username:password@mydomain.com/test/ that signs me in and displays the correct contents after a successfully logging in, when using Chrome. However FF will just display a popup telling me I am about to login with 'username' and then shows a blank page. Surely this means the website in question will except a URL with embedded username and password unless you happen to use FF. Therefore is not FF the issue?

[therube]

Oh, I'm not saying you're wrong, just saying in what & where I tested with, I wasn't getting it to work.


Seemingly (& not that I'm really familiar with this stuff), Chrome ...

Chrome 19 doesn't respect basic auth details embedded in the URL

HTTP username:password stripped out from links

And you know that whatever Chrome does, FF has to follow.

And on the FF end:

"Access using credentials in the URL

Many clients also let you avoid the login prompt by using an encoded URL containing the username and the password like this:

https://username:password@www.example.com/

The use of these URLs is deprecated. In Chrome, the username:password@ part in URLs is even stripped out for security reasons. In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt "You are about to log in to the site “www.example.com” with the username “username”, but the website does not require authentication. This may be an attempt to trick you."."

https://developer.mozilla.org/en-US/doc ... entication