You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is an expected side effect of our current setup. It has to do with choices we made years ago and how browsers interact with websites. Details following.
The admin app/service accepts basic auth as an authentication method to supply an API token. You can only supply one Basic Auth Header. Therefore all routes under /admin are excluded from the "UI Basic Auth" enforced by the Reverse-Proxy.
Here is what happens:
An user opens Leihs and (possibly via a number of links and redirects) will end up at some path which is protected by "Basic Auth".
The server indicates requirement for Basic Auth and the browser acts on it with the Basic Auth dialog.
The user supplies credentials and from here on the browser remembers those and will supply them with each following request.
Everything seems to work as expected until the user hits some path within /admin. Note: every leihs admin will end up in /admin after sign-in succeeded.
Since /admin accepts Basic Auth on its own it evaluates the supplied header. Since it doesn't contain a valid token the admin service must respond with a specific error response to the client. This is what you briefly can see on the screen. The browser then removes the Basic Auth information because it was indicated by the admin service as not valid and then reloads the page.
Interaction with /admin works as expected from here.
However if the users switches to some none /admin route the Basic Auth header is now missing, the Reverse Proxy reacts with an error request, the browser opens the Dialog and so on.
There is no real fix for this. Each solution has tradeoffs. We will have to discuss which compromises are best suited.
✅ Disable Basic-Auth in My-Service
☑️ Setup Basic-Auth in Deploy with exceptions : Admin ...
The text was updated successfully, but these errors were encountered: