iOS 11 Safari: How to pass user/password in URL for Basic Authentication?
I have one iPhone running iOS 9 and another iPhone running iOS 11.
On the iOS 9 iPhone, I can navigate to http://username:[email protected] in Safari, and the webpage will pull up without asking for my username and password. I can then add this full URL to my Home Screen as a direct shortcut.
On the iOS 11 iPhone, when I navigate to http://username:[email protected], I am automatically redirected to http://mywebsite.com. I have to manually type my username and password in the pop-up form, no matter what. I cannot add http://username:[email protected] to my Home Screen because the URL is always changed to http://mywebsite.com. It seems that there is no way to edit or customize the URL of a Home Screen shortcut.
For my iOS 11 iPhone, is it possible to embed my website's username and password in the URL itself, so that I can add this URL to my iPhone's Home Screen, so I will never need to type in my username and password manually?
I understand that embedding the password in the URL may not be very safe, but this is not a "high security" application, so convenience is more important than high security in this case.
If the answer is no, can you suggest a way that I can re-write my website to produce the same effect, without relying on cookies? I cannot rely on cookies because the way that my website works is that it can't place any cookies. Maybe via PHP? I know this question would be a web design question and not an Apple Product question.
TL;DR: My aim is to hard-code a username and password in a URL somehow, so that I never have to manually type in my credentials in iOS 11.
I read this and this and this for help but did not find an answer that worked for iOS 11.
Solution 1:
According to the RFC at https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1 this feature is deprecated, so I'm pretty sure it is disabled on purpose.
Chrome also does this: https://bugs.chromium.org/p/chromium/issues/detail?id=504300
Remembering users is what cookies are for, not using them severely limits your options. I guess you could write a login token service that generates URL's like https://yoursite.com/login/236cq827hr6xqoxxrm9q9r which logs in the user immediately. I would make sure it did not work over regular HTTP first, though.