This repository has been archived by the owner on Jul 13, 2021. It is now read-only.
Support usernames and passwords in URLs #75
Labels
Comments
mlococo
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
While not optimal from a security perspective, it is moderately common for http clients to send URLs that contain usernames and passwords such as
http://name:[email protected]/somepath/. Polipo parses these URLs assuming that the colon is always a separator between host and port as inhttp://example.com:8080/somepath. Depending on the content of the request, this can result is several different errors, a hostname lookup error using the password as a hostname, a forbidden port error (if the password begins with a number), probably other conditions are possible. It would be good if polipo was able to parse URLs containing usernames and passwords in them.The text was updated successfully, but these errors were encountered: