New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Basicauth does not facilitate browser re-prompt #3239
Comments
Oops, I think this is an easy fix! Thanks for the report. I've pushed a fix to #3240. Please try it out and confirm that it works for you too! (Build artifacts are available via CI.)
Yes, that's because pre-releases are allowed to make breaking changes. :) (And the CEL matcher specifically is documented as experimental and subject to changes, even after the 2.0 tag, FWIW.) We improved the CEL parsing so quotes weren't needed to compare integers in this case. |
Hi. Thanks for the quick reply. Here are some tests I ran and the Caddyfile I used. Firefox 74.0 Private Window / Opensuse Tumbleweed / caddy_v2_Linux_c88e687.zip
Supply admin / password. Expected: "Hello World!". Result: "Hello World!" Supply admin / qwerty. Expected: reprompt. Result: reprompt Click Cancel on initial prompt. Expected: 401 and prompt on page refresh. Result: as expected Supply no user and no password. Expected: reprompt. Result: no reprompt, 401 without WWW-Authenticate header. No prompt on page refresh. Supply nonexistentuser / no password. Expected: reprompt. Result: no reprompt, 401 without WWW-Authenticate header. No prompt on page refresh. As you can see the last two in bold didn't do what I thought it would, but it is progress from before. Thanks |
@Eadinator Ah, thanks. I missed a particular code path. Your reply made it easy and I was able to get all 4 cases to pass. Please try again with the latest push, thanks! |
Yes the last two tests work as I expected now, thanks! |
Thanks for testing and the helpful report! |
With the basicauth directive in a Caddyfile, if I go to the site and enter incorrect credentials I do not get a browser re-prompt as expected. This requires users closing and re-opening the browser or similar as refreshing the page does not offer the prompt again.
It seems initially the server sends 401 with the WWW-Authenticate header but after entering incorrect credentials only 401 is sent without the WWW-Authenticate header.
As a workaround, I have added the following to the Caddyfile which seems to produce the expected behaviour but I really don't want to maintain this and the CEL expression already broke in v2rc1 when upgrading from beta20 (required changing from "401" to 401).
Thanks
The text was updated successfully, but these errors were encountered: