HTTP Basic Authentication credentials passed in URL and encryption

I have a question about HTTPS and HTTP Authentication credentials.

Suppose I secure a URL with HTTP Authentication:

<Directory /var/www/webcallback>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /var/www/passwd/passwords
Require user gooduser
</Directory>

I then access that URL from a remote system via HTTPS, passing the credentials in the URL:

https://gooduser:[email protected]/webcallback?foo=bar

Will the username and password be automatically SSL encrypted? Is the same true for GETs and POSTs? I'm having a hard time locating a credible source with this information.

Solution

Will the username and password be automatically SSL encrypted? Is the same true for GETs and POSTs

Yes, yes yes.

The entire communication (save for the DNS lookup if the IP for the hostname isn't already cached) is encrypted when SSL is in use.

HTTP to HTTPS Nginx too many redirects
Load CA root certificate at runtime in Java
SSL Self-Signed Certificates Issue in Gitlab
Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler
Redirect HTTP to HTTPS on default virtual host without ServerName
How to disable HTTPS or change to HTTP in dev and prod version on symfony?
How to remove JVM property "https.proxyHost"?
How to make Sinatra work over HTTPS/SSL?
How do I disable the security certificate check in Python requests
Best Practice: 301 Redirect HTTP to HTTPS (Standard Domain)
Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
How can I make git accept a self signed certificate?
Nginx proxy remove specific path and empty Post request body + HTTPS
How do I get Python to send as many concurrent HTTP requests as possible?
nodejs: listen EACCES: permission denied 0.0.0.0:80
How to make https request and encrypt POST parameters?
Understand Prometheus HTTP API result type
Redirect chain problem in web.config, Windows Server 2020 IIS
Nginx redirect http://www and naked http/https to https://www
HTTPS block my audio playlist. How to solve it?
Issue using certbot with nginx
Expo Go HTTPS-Request doesn't work on android but works on every other OS. (HTTP-Requests are working)
How to deal with mixed content in a website which should be secured as https?
Chrome blocks FastAPI file download using FileResponse due to using HTTP instead of HTTPS
Forget which client certificate is used by Chrome for an URL
SSLHandshakeException - Chain chain validation failed, how to solve?
HTTPS disconnected - Kestrel
Trying pushing to remote repository, permission denied and received error 403
Android 8: Cleartext HTTP traffic not permitted
Base address of HttpClient not been assigned anymore on Blazor Web App