Skip to Content

Name&Password - Chrome deprecate the actual system

From today annoucement Google Chrome, starting from June, will block all the requests with user and password in the URL.

From official Developers' site another article

And UI5? Yes, exactly, uses this way to communicate with the Backend.

There is any idea on how to deal this deprecation?

1.png (49.0 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Mar 28, 2017 at 12:00 PM

    Hi Simone,

    we are looking at this.

    UI5 does certainly not build such URLs, just like that.

    I assume you use an ODataModel with user and password parameters? In this case we feed user and password as separate parameters into the datajs third-party library. This library in turn passes them on as distinct parameters to the browser's XMLHTTPRequest.open(...) method. The URL still contains no user/password. But it's not fully clear what happens then. Tests with today's nightly build of Google Canary indicate that its own XMLHTTPRequest constructs this URL, which leads to the announced failure. So this behavior is not specific to UI5, but applies for any usage of the XHR object (which is more or less the base of the modern web) with its official user/password parameters, which have NOT been deprecated. In this light, the Chrome change looks like a strange/overambitious move that will break many things in the web.

    However, for productive scenarios handling plaintext user/password within apps is anyway questionable. I'm not an expert, but that SAML/OAuth authentication where an access token is retrieved from a distinct login page might be better. Nevertheless, we keep an eye on this and might contact Google.

    Regards

    Andreas

    Add comment
    10|10000 characters needed characters exceeded

    • i followed the bug/discussion and it's me thanking you and your colleguee from UI5 for taking my little note (indeed, it's all my colleguee's fault who saw that while developing, i just started the thread! ) and saved our work!

      Thanks again!