New issue
Advanced search Search tips

Issue 737398 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jul 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

Cannot open login page with URL which contains the user and password

Reported by taochen...@gmail.com, Jun 28 2017

Issue description

Chrome Version       : Version 59.0.3071.115 (Official Build) (64-bit)
URLs (if applicable) :
OS version               : 10.12.5
Behavior in Safari (if applicable):
Behavior in Firefox (if applicable):

What steps will reproduce the problem?
(1) Typing URL with https://user:password@urltest.xxx.com/login/.
(2) The login page does not show.
(3) The user and password are in fact the nginx basic authentication.
(4) Upon URL is used for chrome webdriver.

What is the expected result?
With upon URL, the login page should be shown. And in fact version 58.xxx worked fine.

What happens instead?

For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.


 
Labels: Needs-Triage-M59

Comment 2 by eroman@chromium.org, Jun 28 2017

Components: Internals>Network>Auth
Labels: Needs-Feedback
Can you provide a network log for the broken version of chrome, and the one where it works?

https://dev.chromium.org/for-testers/providing-network-details

Please note if doing this that the URL (containing username + password) will be visible in the log.
Hello,

Sorry for the late response. I have attached the log file. And for your convenience, my url with the account informations is as below.

https://user:password@console-dev3.plcm.cloud/login/
chrome-net-export-log.json
1.2 MB View Download
Project Member

Comment 4 by sheriffbot@chromium.org, Jul 4 2017

Cc: eroman@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "eroman@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
This kind of url worked fine on version 58 but not on 59.

Comment 6 by b...@chromium.org, Jul 6 2017

Cc: b...@chromium.org
Labels: Needs-Feedback
This works for me with Chrome 61.0.3141.7.  Also it seems to work for you according to the network log attached to comment #3.  What I see is:
* user opens https://pholio:vaccine@console-dev3.plcm.cloud/login/,
* Chrome tries https://console-dev3.plcm.cloud/login/ without login credentials,
* Chrome receives 401 Unauthorized,
* Chrome retries with Authorization: Basic cGhvbGlvOnZhY2NpbmU=,
  which is exactly pholio:vaccine base64-encoded,
* Chrome gets a 304 Not Modified response.

I get the exact same result when copy-pasting https://pholio:vaccine@console-dev3.plcm.cloud/login/ into the Omnibox (URL bar) on my Chrome 61.0.3141.7.

Note the following caveats (for security reasons):
* The first request is always without username and password credentials,
  Chrome only sends them if it receives an 401 Unauthorized response.
* If you click on any https://pholio:vaccine@console-dev3.plcm.cloud/login/ 
  link, the username and password are stripped.  You have to copy-paste it
  to the Omnibox instead.
* Even if you do so, the username and password do not show up,
  but they will be sent to the server.

Please report back if this makes sense and if this solves your issue.  Thank you.

See also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Access_using_credentials_in_the_URL
https://en.wikipedia.org/wiki/Basic_access_authentication#URL_encoding
 https://crbug.com/82250 
taochen326@ Gentle ping to respond to comment #6.

Comment 8 by asanka@chromium.org, Jul 14 2017

Labels: -Needs-Triage-M59
NextAction: 2017-07-20
Sorry for the late response. You are right, the user and password have been sent to the server. Although I still cannot open the login page with the URL-with-crendentials at the first time, it can be finally launched when I refreshed the empty page (URL without the crendentials).
Project Member

Comment 10 by sheriffbot@chromium.org, Jul 17 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "bnc@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 11 by b...@chromium.org, Jul 17 2017

Status: WontFix (was: Unconfirmed)
Thank you for your feedback.  I'll close this issue accordingly.
The NextAction date has arrived: 2017-07-20
NextAction: ----

Sign in to add a comment