Open Bug 1291893 Opened 5 years ago Updated 9 months ago

basic authorization header is not added to service worker fetch() network request

Categories

(Core :: DOM: Service Workers, defect, P5)

defect

Tracking

()

People

(Reporter: bkelly, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

STR:

1) git clone https://github.com/mozilla/serviceworker-cookbook.git
2) cd serviceworker-cookbook/offline-fallback
3) Save the attached python script in the same directory
4) python SimpleAuthServer.py 8080 foo:bar
5) Launch new firefox instance
6) Browse to localhost:8080
7) Enter foo and bar for username and password.
8) Reload a few times.
9) Close firefox and reopen a new instance
10) Navigate to localhost:8080
11) Observe that the page shows an authorization failure.

It works the first time because the navigation is not intercepted by the service worker.  It goes the network directly and basic auth does its normal thing.  We then seem to cache basic authorization credentials for the life of the session.

On the next browser load the service worker pass-through fetch() does not prompt for username and password.  Instead it just doesn't add an Authorization header.  This is likely because we don't know which window initiated the request.

We most likely need bug 1183625 to fix this.  So we can trace back to our originating window to show the prompt.  There is a similar issue with things requiring client certs, etc.
Priority: -- → P2
Thanks, Ben.  This indeed is the bug that I intended to report.
Priority: P2 → P3
It seems I never attached the SimpleAuthServer.py script I mentioned in comment 0.

Bulk-downgrade of unassigned, >=3 years untouched DOM/Storage bug's priority.

If you have reason to believe this is wrong, please write a comment and ni :jstutte.

Severity: normal → S4
Priority: P3 → P5
You need to log in before you can comment on or make changes to this bug.