On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote:
The idea is to add a new HTTP authentication scheme, where the browser will make sure the prompt to enter the password has a distinguish UI which cannot be faked with javascript or anything
I've been told many times that one of the primary reasons HTTP based auth mechnisms have failed compared to POST + cookies, is this reason: that web site designers prefer a system where they can design the crendential prompt to their liking and *not* rely on the stiff and ugly same-for-everyone popup-window the browsers provide. (Another big reason being that the HTTP auths don't have a proper "logout" action or expiry the easy way cookies do.)
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
