From 4e31d0433efedce38c1b864dc14393ab2df263e0 Mon Sep 17 00:00:00 2001
From: Sunshine <sunshine@uberspace.net>
Date: Mon, 1 Jun 2020 05:28:02 -0400
Subject: [PATCH] only attempt to remove credentals from HTTP(S) URLs

---
 src/main.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 5e095f1..ef823c0 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -160,9 +160,12 @@ fn main() {
         // Safe to unwrap (we just put this through an HTTP request)
         let mut clean_url = Url::parse(&base_url).unwrap();
         clean_url.set_fragment(None);
-        // Don't include credentials
-        clean_url.set_username("").unwrap();
-        clean_url.set_password(None).unwrap();
+        // Prevent credentials from getting into metadata
+        if is_http_url(&base_url) {
+            // Only HTTP(S) URLs may feature credentials
+            clean_url.set_username("").unwrap();
+            clean_url.set_password(None).unwrap();
+        }
         let metadata_comment = if is_http_url(&base_url) {
             format!(
                 "<!-- Saved from {} at {} using {} v{} -->\n",