Cannot open login page with URL which contains the user and password
Reported by
taochen...@gmail.com,
Jun 28 2017
|
||||||||
Issue descriptionChrome Version : Version 59.0.3071.115 (Official Build) (64-bit) URLs (if applicable) : OS version : 10.12.5 Behavior in Safari (if applicable): Behavior in Firefox (if applicable): What steps will reproduce the problem? (1) Typing URL with https://user:password@urltest.xxx.com/login/. (2) The login page does not show. (3) The user and password are in fact the nginx basic authentication. (4) Upon URL is used for chrome webdriver. What is the expected result? With upon URL, the login page should be shown. And in fact version 58.xxx worked fine. What happens instead? For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report.
,
Jun 28 2017
Can you provide a network log for the broken version of chrome, and the one where it works? https://dev.chromium.org/for-testers/providing-network-details Please note if doing this that the URL (containing username + password) will be visible in the log.
,
Jul 4 2017
Thank you for providing more feedback. Adding requester "eroman@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 4 2017
This kind of url worked fine on version 58 but not on 59.
,
Jul 6 2017
This works for me with Chrome 61.0.3141.7. Also it seems to work for you according to the network log attached to comment #3. What I see is: * user opens https://pholio:vaccine@console-dev3.plcm.cloud/login/, * Chrome tries https://console-dev3.plcm.cloud/login/ without login credentials, * Chrome receives 401 Unauthorized, * Chrome retries with Authorization: Basic cGhvbGlvOnZhY2NpbmU=, which is exactly pholio:vaccine base64-encoded, * Chrome gets a 304 Not Modified response. I get the exact same result when copy-pasting https://pholio:vaccine@console-dev3.plcm.cloud/login/ into the Omnibox (URL bar) on my Chrome 61.0.3141.7. Note the following caveats (for security reasons): * The first request is always without username and password credentials, Chrome only sends them if it receives an 401 Unauthorized response. * If you click on any https://pholio:vaccine@console-dev3.plcm.cloud/login/ link, the username and password are stripped. You have to copy-paste it to the Omnibox instead. * Even if you do so, the username and password do not show up, but they will be sent to the server. Please report back if this makes sense and if this solves your issue. Thank you. See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Access_using_credentials_in_the_URL https://en.wikipedia.org/wiki/Basic_access_authentication#URL_encoding https://crbug.com/82250
,
Jul 13 2017
taochen326@ Gentle ping to respond to comment #6.
,
Jul 14 2017
,
Jul 17 2017
Sorry for the late response. You are right, the user and password have been sent to the server. Although I still cannot open the login page with the URL-with-crendentials at the first time, it can be finally launched when I refreshed the empty page (URL without the crendentials).
,
Jul 17 2017
Thank you for providing more feedback. Adding requester "bnc@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 17 2017
Thank you for your feedback. I'll close this issue accordingly.
,
Jul 20 2017
The NextAction date has arrived: 2017-07-20
,
Jul 20 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by nyerramilli@chromium.org
, Jun 28 2017