Open Bug 1291893 Opened 5 years ago Updated 9 months ago
basic authorization header is not added to service worker fetch() network request
STR: 1) git clone https://github.com/mozilla/serviceworker-cookbook.git 2) cd serviceworker-cookbook/offline-fallback 3) Save the attached python script in the same directory 4) python SimpleAuthServer.py 8080 foo:bar 5) Launch new firefox instance 6) Browse to localhost:8080 7) Enter foo and bar for username and password. 8) Reload a few times. 9) Close firefox and reopen a new instance 10) Navigate to localhost:8080 11) Observe that the page shows an authorization failure. It works the first time because the navigation is not intercepted by the service worker. It goes the network directly and basic auth does its normal thing. We then seem to cache basic authorization credentials for the life of the session. On the next browser load the service worker pass-through fetch() does not prompt for username and password. Instead it just doesn't add an Authorization header. This is likely because we don't know which window initiated the request. We most likely need bug 1183625 to fix this. So we can trace back to our originating window to show the prompt. There is a similar issue with things requiring client certs, etc.
Thanks, Ben. This indeed is the bug that I intended to report.
It seems I never attached the SimpleAuthServer.py script I mentioned in comment 0.
Severity: normal → S4
Priority: P3 → P5
You need to log in before you can comment on or make changes to this bug.