Hacker News new | ask | show | jobs
by n0ot 895 days ago
I don't think you're stripping the userinfo quite right. You're stripping everything after the at-sign, when you want to strip what's before:

  scheme://user:password@some.host:port/path?query_key=query_value&another_key=another_value#fragment
2 comments
OskarS 895 days ago
Seems like an excellent use case for trurl [1], a tool built on curls url parsing functions (which can presumably handle any weird url format you throw at it), though I'm not sure how well packaged/available it is.

[1]: https://github.com/curl/trurl

link
ithkuil 895 days ago
Doesn't chrome remove the user info (or at least the password part) from the URL?

(On mobile now cannot check)

EDIT: check: it does it only after successful access. If the browser still presents the basic auth window because the backend responds unauthorized then copy&paste data will contain the full userinfo

link