Auth request breaks if password has # (hash) in it about got HOT 5 CLOSED

@Jakobud auth option in http module computer should work for you.

Another question, should we parse out id and pass from url.

http module will break on this url too:

let res = require('http')
    .get('http://user:pa##[email protected]', function (){});

console.log(res._headers); // => 'GET /:pa HTTP/1.1\r\nHost: user\r\nConnection: close\r\n\r\n'

from got.

Passing Basic Auth in the URL is deprecated and not even possible anymore in Chrome and IE.

http://serverfault.com/questions/371907/can-you-pass-user-pass-for-http-basic-authentication-in-url-parameters

I think we should add a note now about using auth header instead and in the next major throw if user try to do that instead of using the header. @floatdrop Thoughts?

from got.

@Jakobud on second thought you can pass #, but you must use encodeURIComponent:

let res = require('http').get('http://user:' + encodeURIComponent('pa##word')+ '@google.com', function (){});

console.log(res._headers); // => GET / HTTP/1.1\r\nHost: google.com\r\nAuthorization: Basic dXNlcjpwYSMjd29yZA==\r\nConnection: close\r\n\r\n

@sindresorhus yes, username:password is deprecated by rfc3986, but this format is supported by Node url.parse method, so I don't see why we should explicitly forbid that.

from got.

yes, username:password is deprecated by rfc3986, but this format is supported by Node url.parse method, so I don't see why we should explicitly forbid that.

In contrast to Node, we can actually prevent its usage. Node has way too much baggage and dependence to do something like that. As for reasoning, it's deprecated and it would help users doing the right thing, and not end up with problems like this one. I see no downside doing this: #106

from got.

So if I don't use username:password in the url for a particular service, should that service automatically accept the Header authentication alternative?

Thanks for answering this one. It's kind of a weird one.

from got.