Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manifest tests fail if manifest is behind HTTP basic authentication #5658

Closed
nigelmcnie opened this issue Jul 12, 2018 · 4 comments
Closed

Manifest tests fail if manifest is behind HTTP basic authentication #5658

nigelmcnie opened this issue Jul 12, 2018 · 4 comments
Labels
needs-more-info

Comments

@nigelmcnie
Copy link

Provide the steps to reproduce

  1. Enable HTTP basic authentication for a domain which has a manifest
  2. Run LH against this domain with the "Best Practices" audit turned on

(sorry I can't provide an example one easily)

What is the current behavior?

screen shot 2018-07-12 at 6 21 30 pm

LH logs that two console errors about the manifest are received. As these don't happen when I view the site without LH, I'm assuming that LH triggered those console errors itself, then reported on them. Chrome itself can get at the manifest just fine, if I browse to it directly in the same browser.

What is the expected behavior?

LH uses the basic auth credentials that chrome knows to download the manifest.

Alternatively if that is not possible, LH informs the person running the test that the manifest couldn't be checked.

Environment Information

  • Affected Channels: DevTools (maybe others? idk)
  • Lighthouse version: 2.9.1
  • Node.js version: -
  • Operating System: macOS Sierra

Related issues
@patrickhulce
Copy link
Collaborator

Thanks for filing @nigelmcnie!

When I load a site that has basic auth on a page and manifest, I see the same errors that LH does.
image

LH is just requesting the manifest through Chrome the same way it does in the Application tab, so it appears that manifests behind basic auth don't seem to work properly. Note that I can still navigate to the manifest and view it normally even though I can't request. What does the application tab show you for yours?

If it's also erroring, this bug belongs at crbug.com :)

@nigelmcnie
Copy link
Author

nigelmcnie commented Jul 12, 2018
edited

Huh, right you are! I'll file over there.

edit: filed as https://bugs.chromium.org/p/chromium/issues/detail?id=863218

@wardpeet
Copy link
Collaborator

thanks for reporting @nigelmcnie ! I'm closing this one as lighthouse can't fix this issue.

@nigelmcnie nigelmcnie mentioned this issue Sep 27, 2018
Closed
2 tasks
@dominickng
Copy link

Update for posterity here: the manifest link tag must have crossOrigin="use-credentials" specified if the manifest is behind some sort of auth (requires cookies, HTTP auth, etc.). Otherwise, the web app manifest spec mandates that Chrome fetches the manifest without supplying any credentials that the browser currently has (in order to respect CORS).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-more-info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nigelmcnie @dominickng @wardpeet @patrickhulce