On Mon, Jul 4, 2022 at 12:58 PM Daniel F via curl-library <curl-library@lists.haxx.se> wrote: > > W dniu 2022-07-04 11:09, Daniel Stenberg via curl-library napisaĆ(a): > > On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote: > > > >> The idea is to add a new HTTP authentication scheme, where the browser > >> will make sure the prompt to enter the password has a distinguish UI > >> which cannot be faked with javascript or anything > > > > I've been told many times that one of the primary reasons HTTP based > > auth mechnisms have failed compared to POST + cookies, is this reason: > > that web site designers prefer a system where they can design the > > crendential prompt to their liking and *not* rely on the stiff and > > ugly same-for-everyone popup-window the browsers provide. (Another big > > reason being that the HTTP auths don't have a proper "logout" action > > or expiry the easy way cookies do.)
The authentication page could yield a cookie so logouts could still be implemented the same as today. > Looks that browsers need some way to make default login popup > customization. Every browser should use the same HTML code to describe > contents of this popup. It also should be possible to create CSS sheet > which would be loaded into that popup, so every website could customize > how it looks. > > Browsers also may provide some "login form" control which could be added > to the page, with predefined way to style it with CSS. It should be a > black box for JS, so scripts could not access and modify login data. Yeah, some customization could be allowed I guess, as long as it is kept quite distinct - admittedly this part would be more of a challenge for actual browsers. -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html