basic authorization header is not added to service worker fetch() network request

NEW
Unassigned

Status

()

defect
P3
normal
3 years ago
2 years ago

People

(Reporter: bkelly, Unassigned)

Tracking

(Depends on 1 bug, Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

STR:

1) git clone https://github.com/mozilla/serviceworker-cookbook.git
2) cd serviceworker-cookbook/offline-fallback
3) Save the attached python script in the same directory
4) python SimpleAuthServer.py 8080 foo:bar
5) Launch new firefox instance
6) Browse to localhost:8080
7) Enter foo and bar for username and password.
8) Reload a few times.
9) Close firefox and reopen a new instance
10) Navigate to localhost:8080
11) Observe that the page shows an authorization failure.

It works the first time because the navigation is not intercepted by the service worker.  It goes the network directly and basic auth does its normal thing.  We then seem to cache basic authorization credentials for the life of the session.

On the next browser load the service worker pass-through fetch() does not prompt for username and password.  Instead it just doesn't add an Authorization header.  This is likely because we don't know which window initiated the request.

We most likely need bug 1183625 to fix this.  So we can trace back to our originating window to show the prompt.  There is a similar issue with things requiring client certs, etc.
Priority: -- → P2

Comment 1

3 years ago
Thanks, Ben.  This indeed is the bug that I intended to report.
Priority: P2 → P3
It seems I never attached the SimpleAuthServer.py script I mentioned in comment 0.
You need to log in before you can comment on or make changes to this bug.