W dniu 2022-07-04 11:09, Daniel Stenberg via curl-library napisaĆ(a):
On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote:
The idea is to add a new HTTP authentication scheme, where the browser
will make sure the prompt to enter the password has a distinguish UI
which cannot be faked with javascript or anything
I've been told many times that one of the primary reasons HTTP based
auth mechnisms have failed compared to POST + cookies, is this reason:
that web site designers prefer a system where they can design the
crendential prompt to their liking and *not* rely on the stiff and
ugly same-for-everyone popup-window the browsers provide. (Another big
reason being that the HTTP auths don't have a proper "logout" action
or expiry the easy way cookies do.)
Looks that browsers need some way to make default login popup
customization. Every browser should use the same HTML code to describe
contents of this popup. It also should be possible to create CSS sheet
which would be loaded into that popup, so every website could customize
how it looks.
Browsers also may provide some "login form" control which could be added
to the page, with predefined way to style it with CSS. It should be a
black box for JS, so scripts could not access and modify login data.
--
Regards,
Daniel
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
