It has nothing to do with website design. It's part of the HTTP protocol. A poor part in today's understanding and use cases, but in the 90s it would have made sense.
We're both talking about route parameters right?
I think they're talking about basic Auth, with which you can pass credentials in a URL like this:
I thought basic Auth was where you base64 encoded the username and password and sent it as the Authorization header
That is also a form of basic auth, you still pass the credentials like "username:password", optionally base64 encoded but I don't believe that's required.
Edit: actually, after looking into it a bit more, it seems like passing credentials in the url will actually cause the browser to send it as an authorization header instead. So in essence it's doing the same thing.
It has nothing to do with website design. It's part of the HTTP protocol. A poor part in today's understanding and use cases, but in the 90s it would have made sense.
We're both talking about route parameters right?
I think they're talking about basic Auth, with which you can pass credentials in a URL like this:
https://username:password@website.com
I thought basic Auth was where you base64 encoded the username and password and sent it as the Authorization header
That is also a form of basic auth, you still pass the credentials like "username:password", optionally base64 encoded but I don't believe that's required.
Edit: actually, after looking into it a bit more, it seems like passing credentials in the url will actually cause the browser to send it as an authorization header instead. So in essence it's doing the same thing.