URI authority
The authority of a URI is the section that comes after the scheme and before the path. It may have up to three parts: user information, host, and port.
Syntax
host
host:port
user@host
user@host:port
- host
-
The host is usually the domain name or IP address of the server hosting the resource. The domain name is resolved to an IP address using the Domain Name System.
- port Optional
-
The port is a number that indicates the port on which the server is listening for requests. It is optional and defaults to 80 for HTTP and 443 for HTTPS. Other schemes may define their own defaults or make it mandatory.
- user Optional
-
The user is optional and is used for authentication purposes. It is not commonly used in web URIs.
Warning: Providing user information directly in HTTP URLs is not recommended, as it can expose sensitive information. Use other methods like HTTP authentication or session cookies instead. Sometimes, phishing sites trick users by displaying misleading URLs whose "user" part appears as if it's a domain name, known as semantic URL attack.
Examples
https://developer.mozilla.org
-
The host is
developer.mozilla.org
. The port is not specified but will default to 443 if accessed viahttps:
. http://localhost:8080
-
The host is
localhost
and the port is8080
.localhost
is a special host name that the browser resolves to the local address127.0.0.1
. postgresql://postgres:admin123@db:5432
-
The host is
db
, and the port is5432
. It also specifies a userpostgres
and its passwordadmin123
. This can be used to connect to a PostgreSQL database. https://cnn.example.com&story=breaking_news@10.0.0.1
-
A misleading URL that looks like it's pointing to a trusted website. However, the host name is
10.0.0.1
, and thecnn.example.com&story=breaking_news
part is the "user".
Specifications
Specification |
---|
Unknown specification # section-3.1 |