JS map fetch does not use authentication, causing 401 errors and unreadable JS
Categories
(DevTools :: Debugger, defect, P3)
Tracking
(Not tracked)
People
(Reporter: bugs, Unassigned, NeedInfo)
References
(Blocks 2 open bugs)
Details
What were you doing?
Accessing Apache PLAIN auth restricted test server using a JS web app with JS maps for the minified JS.
- Access app. Enter test username/pass
- Open firefox debugger.
- Note 401 error on attempting to fetch JS map.
What happened?
Source map error: Error: request failed with status 401
Resource URL: https://testserver/demo/build/bundle.js
Source Map URL: bundle.js.map
What should have happened?
Fetch source map using same authentication as all other static resources.
Anything else we should know?
Tested in a clean nightly profile.
Oups. Sorry, did search for dupes. Not well enough apparently.
Any progress regarding the bug fixing of this one? Thanks.
Comment 4•3 years ago
|
||
Hi Yakun,
No progress yet!
Do you have an app we can use to reproduces this easily. That would really help
in looking into this.
Thanks
No app, but given how easy it is to reproduce, I'll try to make you a testcase after work. Basically all I need to reproduce it is to make a folder on my apache server with a .htaccess file for BASIC auth with some trivial set of credentials like test/test.
https://m8y.org/tmp/testcase497.xhtml
Here you go. It was fairly trivial to setup ☺
Here's the contents of .htaccess if you want to replicate it yourself.
testcase497 $ cat .htaccess
AuthUserFile /www/html/tmp/testcase497/.htpasswd
AuthGroupFile /dev/null
AuthName "Enter test/test to access this folder"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
Aaaand here's the test files.
testcase497 $ for i in test*;do hr;echo $i;hr;cat $i;done
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
test.js
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
function test() { alert("hello world"); }
//# sourceMappingURL=test.js.map
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
test.js.map
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
{"version":3,"file":"test.js","sources":["test.js"],"sourcesContent":["function test() { alert('hello mapped world'); }"],"mappings":""}
(In reply to Hubert Boma Manilla (:bomsy) from comment #4)
Hi Yakun,
No progress yet!Do you have an app we can use to reproduces this easily. That would really help
in looking into this.Thanks
Hello Hubert,
sorry for the delay in replying.
The application I was using is from one Angular app behind a Nginx proxy. However, the example provided by @nemo has demonstrated the issue.
Best
Yakun
Can confirm this,
Still happening in FF v110.0 for *.js.map and .css.map files which are behind a htaccess protection.
Comment 9•5 months ago
|
||
seeing this in FF developer edition 126.0b6 (64-bit), for *.js.map .....really need this to work :/
Description
•