The command line option
--auth should tell the client that the user wants to add Basic authentication (or maybe digest) headers to every request.
Once the client has launched it should prompt the user to enter the credentials (we don't want them on the commandline as they'll appear in
ps output).
The use-case is an extension of that for
--verify. If I "hide" the server under
https://www.example.com/mysecretchat I may want to ignore (or better, 404) any requests that do not include a valid authentication header so that the path cannot so easily be discovered.
Activity