6.17. Accessing Credentials Embedded in URLs
You know people access your site using
URLs with embedded
credentials, such as http://user:password@host/, and you want to
extract them from the URL for validation or other purposes.
None; this is a nonissue that is often misunderstood.
For nonproxy requests, this doesn't even exist; the
browser dissects the URL and turns it into the appropriate request
header fields (i.e.,
WWW-Authenticate). For proxy requests, who knows?