dhis2-devs team mailing list archive
Mailing list archive
Re: ADD credentials in DHIS2 url
This is not really a dhis2 thing so much as a change in browser
behaviour. In times gone by when you presented a url like
"https://admin:district@xxxxxxxxxxxxxx/dev/api/me" the browser would
take that url and create the basic authentication header that Jason
After a couple of wobbles along the way since 2014, this is no longer
the default behaviour on any of the major browsers. Its really
because URLs find themselves in history, bookmarks, log files etc.
which are not appropriate places to be storing credentials.
(sections 3.2.1 and 7.5 of https://www.ietf.org/rfc/rfc3986.txt)
Chrome held out the longest, but is now also compliant with the new behaviour.
On 8 June 2018 at 10:51, DJIBRIL Hakim <djib.hakim@xxxxxxxxx> wrote:
> ok I see the point of view
> thank you jason!
> 2018-06-08 9:35 GMT+00:00 Jason Pickering <jason.p.pickering@xxxxxxxxx>:
>> Hi Hakim
>> No, that is not possible and would not be a good idea since your
>> credentials would be visible in the request itself.
>> You will need to use a basic authentication header for this as described
>> in the manual:
>> On Fri, Jun 8, 2018 at 11:19 AM DJIBRIL Hakim <djib.hakim@xxxxxxxxx>
>>> Hi All,
>>> Please I would like to know if is it possible to add authentification
>>> directly in URL
>>> Example: username:password@[dhisUrl]/api/.....
>>> Mailing list: https://launchpad.net/~dhis2-devs
>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>> More help : https://help.launchpad.net/ListHelp
>> Jason P. Pickering
>> email: jason.p.pickering@xxxxxxxxx
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help : https://help.launchpad.net/ListHelp