Is credential in URL obsolete (or should I be bold to drop support for it)? [duplicate]
As we know, it is possible to include username and password in the authority part of an URL. I see it's still being documented in MDN. BUT:
Would I do people a favor if I drop support for it in my web protocols library?
Answer in question since it's closed as dup
Username and password field should be support for a counterintuitive security reason.
In RFC 3986, it is said that applications should avoid presenting credentials in the authority part in clear, and that it should be removed from what would be logged.
If a parser didn't indicate what parts are passwords (or any type of fixed credential strings), then there's no way to know what to exclude.
As such, both username and password parts of the userinfo component should be supported by the parser.
