On Mon, Jul 4, 2022 at 12:58 PM Daniel F via curl-library
<curl-library@lists.haxx.se> wrote:
>
> W dniu 2022-07-04 11:09, Daniel Stenberg via curl-library napisaƂ(a):
> > On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote:
> >
> >> The idea is to add a new HTTP authentication scheme, where the browser
> >> will make sure the prompt to enter the password has a distinguish UI
> >> which cannot be faked with javascript or anything
> >
> > I've been told many times that one of the primary reasons HTTP based
> > auth mechnisms have failed compared to POST + cookies, is this reason:
> > that web site designers prefer a system where they can design the
> > crendential prompt to their liking and *not* rely on the stiff and
> > ugly same-for-everyone popup-window the browsers provide. (Another big
> > reason being that the HTTP auths don't have a proper "logout" action
> > or expiry the easy way cookies do.)

The authentication page could yield a cookie so logouts could still be
implemented the same as today.

> Looks that browsers need some way to make default login popup
> customization. Every browser should use the same HTML code to describe
> contents of this popup. It also should be possible to create CSS sheet
> which would be loaded into that popup, so every website could customize
> how it looks.
>
> Browsers also may provide some "login form" control which could be added
> to the page, with predefined way to style it with CSS. It should be a
> black box for JS, so scripts could not access and modify login data.

Yeah, some customization could be allowed I guess, as long as it is
kept quite distinct - admittedly this part would be more of a
challenge for actual browsers.
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to