-
Notifications
You must be signed in to change notification settings - Fork 22.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
12 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,7 +7,7 @@ spec-urls: https://www.rfc-editor.org/rfc/rfc3986.html#section-3.1 | |
|
|
||
| {{QuickLinksWithSubpages("/en-US/docs/Web/URI")}} | ||
|
|
||
| The **authority** of a URI is the part of the URI that comes after the scheme and before the path. It consists of three parts: user information, host, and port. | ||
| The **authority** of a URI is the section that comes after the [scheme](/en-US/docs/Web/URI/Schemes) and before the path. It may have up to three parts: user information, host, and port. | ||
|
|
||
| ## Syntax | ||
|
|
||
|
|
@@ -27,17 +27,19 @@ user@host:port | |
| - : The _user_ is optional and is used for authentication purposes. It is not commonly used in web URIs. | ||
|
|
||
| > [!WARNING] | ||
| > Providing user information directly in the URI is not recommended, as it can expose sensitive information. Use other methods like HTTP authentication or session cookies instead. Sometimes, phishing sites trick users by display misleading URLs whose "user" part appears as if it's a domain name, known as [semantic URL attack](https://en.wikipedia.org/wiki/Semantic_URL_attack). | ||
| > Providing user information directly in HTTP URLs is not recommended, as it can expose sensitive information. Use other methods like HTTP authentication or session cookies instead. Sometimes, phishing sites trick users by display misleading URLs whose "user" part appears as if it's a domain name, known as [semantic URL attack](https://en.wikipedia.org/wiki/Semantic_URL_attack). | ||
| ## Examples | ||
|
|
||
| - `developer.mozilla.org` | ||
| - `https://developer.mozilla.org` | ||
| - : The host is `developer.mozilla.org`. The port is not specified but will default to 443 if accessed via `https:`. | ||
| - `localhost:8080` | ||
| - `http://localhost:8080` | ||
| - : The host is `localhost` and the port is `8080`. `localhost` is a special host name that the browser resolves to the local address `127.0.0.1`. | ||
| - `postgres:admin123@db:5432` | ||
| - `postgresql://postgres:admin123@db:5432` | ||
| - : The host is `db`, and the port is `5432`. It also specifies a user `postgres` and its password `admin123`. This can be used to connect to a PostgreSQL database. | ||
| - `cnn.example.com&[email protected]` | ||
| - `mailto:[email protected]` | ||
| - : The host is `example.com`. The scheme is `mailto`, which is used to open the default email client to send an email to the user `user`. | ||
| - `https://cnn.example.com&[email protected]` | ||
| - : A misleading URL that looks like it's pointing to a trusted website. However, the host name is `10.0.0.1`, and the `cnn.example.com&story=breaking_news` part is the "user". | ||
|
|
||
| ## See also | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| title: URIs | ||
| slug: Web/URI | ||
| page-type: guide | ||
| spec-urls: https://httpwg.org/specs/rfc9110.html#uri | ||
| spec-urls: https://www.rfc-editor.org/rfc/rfc3986.html | ||
| --- | ||
|
|
||
| {{QuickLinksWithSubpages("/en-US/docs/Web/URI")}} | ||
|
|
@@ -55,34 +55,7 @@ http://www.example.com:80/path/to/myfile.html?key1=value1&key2=value2#SomewhereI | |
|
|
||
|  | ||
|
|
||
| `http://` is the [_scheme_](/en-US/docs/Web/URI/Schemes) of the URL, indicating which protocol the browser must use. Usually it is the HTTP protocol or its secured version, HTTPS. The Web requires one of these two, but browsers also know how to handle other protocols such as `mailto:` (to open a mail client) or `ftp:` to handle a file transfer, so don't be surprised if you see such protocols. Common schemes are: | ||
|
|
||
| - [`blob`](/en-US/docs/Web/API/URL/createObjectURL_static) | ||
| - : Binary Large Object; a pointer to a large in-memory object | ||
| - [`data`](/en-US/docs/Web/URI/Schemes/data) | ||
| - : Data directly embedded in the URL | ||
| - `file` | ||
| - : Host-specific file names | ||
| - `ftp` | ||
| - : {{Glossary("FTP","File Transfer Protocol")}} | ||
| - `http/https` | ||
| - : [Hyper text transfer protocol (Secure)](/en-US/docs/Glossary/HTTP) | ||
| - `javascript` | ||
| - : URL-embedded JavaScript code | ||
| - `mailto` | ||
| - : Electronic mail address | ||
| - [`resource`](/en-US/docs/Web/URI/Schemes/resource) {{Non-standard_inline}} | ||
| - : Firefox and Firefox browser extensions to load resources internally | ||
| - `ssh` | ||
| - : Secure shell | ||
| - `tel` | ||
| - : telephone | ||
| - `urn` | ||
| - : Uniform Resource Names | ||
| - `view-source` | ||
| - : Source code of the resource | ||
| - `ws/wss` | ||
| - : [WebSocket connections (Secure)](/en-US/docs/Web/API/WebSockets_API) | ||
| `http://` is the [_scheme_](/en-US/docs/Web/URI/Schemes) of the URL, indicating which protocol the browser must use. Usually it is the HTTP protocol or its secured version, HTTPS. The Web requires one of these two, but browsers also know how to handle other protocols such as `mailto:` (to open a mail client) or `ftp:` to handle a file transfer, so don't be surprised if you see such protocols. The [schemes](/en-US/docs/Web/URI/Schemes) reference provides a list of the most common schemes, and documentation for some of them. | ||
|
|
||
| When using URLs in {{Glossary("HTML")}} content, you should generally only use a few of these URL schemes. When referring to subresources — that is, files that are being loaded as part of a larger document — you should only use the HTTP and HTTPS schemes. Increasingly, browsers are removing support for using FTP to load subresources, for security reasons. | ||
|
|
||
|
|
@@ -138,4 +111,3 @@ mailto:[email protected] | |
| ## See also | ||
|
|
||
| - [What is a URL?](/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL) | ||
| - [IANA list of URI schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml) | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters