Open DaniSchenk opened 3 years ago
I took a quick look into the Firefox extension and could get this error message out of it:
Uncaught (in promise) {…}
message: "Verbindung zu https://user:password@languagetool.domain.tld/v2/check fehlgeschlagen (#1, code=undefined)"
reason: "ConnectionError"
response: "Window.fetch: https://user:password@languagetool.domain.tld/v2/check is an url with embedded credentials."
stack: undefined
status: 0
<prototype>: {…
FF and other browsers are preventing requests to URLs containing embedded credentials (for obvious reasons). So this issue is not a bug report.
However, my initial problem still persists. How do I secure my server if my clients (extensions) only provide one URL configuration option? The extension could extract embedded credentials from the URL and add them as Authorization Headers to the request instead, right?
How do I secure my server if my clients (extensions) only provide one URL configuration option?
I don't think this is supported. Maybe you could map the service to a secret URL like /hsdfosrgwr23dd/v2
instead of just /v2
?
I installed my own server and I added Basic Auth to protect it. It works from the command line:
The browser extension is not working. The extension works when the Basic Auth part of the URL is omitted. I also tried using only lowercase names and passwords, only URL save characters, but I had no luck. Am I missing something?