On Tue, Nov 22, 2011 at 11:09 AM, Shantanu Tushar Jha <jhahon...@gmail.com> wrote: > Hi, > > I'm pretty sure everyone will have seen the message `You are about to log in > to the site "api.opendesktop.org" with the username "user", but the website > does not require authentication. This may be an attempt to trick you.' when > you tried to use anything that uses Attica (Get hot new stuff, social > desktop settings, gluon and so on). > > Seeing the dialog once is ok, but it gets really irritating when 4-5 of > these pop up simultaneously because the app might be performing more than > one kio_http requests (which is the case in almost every social component in > gluon).
So long as the request URL does not change, you get one single prompt. If you are sending multiple requests to different sites using the same URL format, then you are going to be prompted multiple times. > So, the question is, what to do to prevent these from popping up > unnecessarily? Attica is performing a legitimate login to the opendesktop > website [1], so it shouldn't be reported as a problem. > > [1] of the form https://usern...@api.opendesktop.org/v1/content/something Can you please explain how "Attica is performing a legitimate login to opendesktop website" by including a 'username@' into a request URL that does not require HTTP authentication ? You are getting the spoofing prompt because the request URL contains a username and the server does not respond with a 401/407 response code or a redirection. IOW, the site does not really require authentication at all. Hence, Attica or any other client code has no business adding the username to the request URL. So the question remains why exactly is Attica adding a username@ to the request URL ? >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
