Issue metadata
Sign in to add a comment
|
Authorization header field missing on ajax call
Reported by
jzimme...@gmail.com,
Feb 28 2018
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36 Steps to reproduce the problem: 1. Setup an Internet Information Services Site 2. Authenticate with basic authentication against a domain 3. On a webpage perform an ajax call back to the server 4. Starting with version 64.0.3282.119 Chrome will fail to send the authorization header field back. 5. IIS will reject the call and the user will receive the following: You do not have permission to view this directory or page using the credentials that you supplied. Module BasicAuthenticationModule Notification AuthenticateRequest Handler ISAPI-dll Error Code 0x8007052e Requested URL https://helpdesk.somewhere.com:443/some.dll/1jfvr1x1tuvy5b1dasb2d1ya2tbz/$/callback?callback=IWCBTYPE.DoOnAsyncChange Physical Path E:\Inetpub\PROGRAMS\somewhere\some.dll\1jfvr1x1tuvy5b1dasb2d1ya2tbz\$\callback Logon Method Not yet determined Logon User Not yet determined What is the expected behavior? The ajax call should work and return the authorization header field so What went wrong? The user can not use Chrome and gets kicked out the program. Both FireFox and Internet Explorer work. Did this work before? Yes The version prior to 64.0.3282.119 Chrome version: 64.0.3282.119 Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Please fix ASAP. I am having to switch all of my users to Firefox.
,
Feb 28 2018
,
Feb 28 2018
As per the steps mentioned in comment#0 we require IIS server setup to check this issue. Since this environment is unavailable with ET team, requesting some one from dev team to look in to it. Hence adding TE-NeedsTriageHelp label. Thanks!
,
Feb 28 2018
Tentatively adding Internals>Network>Auth for help in further investigation from the respective team.
,
Feb 28 2018
Could you attach a net-internals log so we can see what's happening on the wire? Instructions are at https://dev.chromium.org/for-testers/providing-network-details
,
Feb 28 2018
,
Mar 1 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 1 2018
,
Mar 15 2018
jzimmer67: I apologize for the slow response. So looking at the log, there's a request for "https://null:null@program.somesite.com/..." we send a request, get a 401 basic auth challenge. Then we send another request with an Authorization header (Which I assume has the right credentials), and then we get another 401 basic auth challenge. Is this the request with the problem? Could you please verify on your end that the authorization header we send isn't the one you expect it to send? If you can't check the header on the server-side, you can verify the header in chrome. To verify that with Chrome, you can go to about:net-export, enable logging cookies and credentials, gather another log, open up chrome://net-internals, load the log (It supports drag-and-drop), go to the events view, and look for the URL_REQUEST with the URL you care about, and search it (ctrl-F) for the authorization header.
,
Mar 15 2018
And just to be 100% clear - you should not upload a log with cookies and credentials here, and should delete it when you're done checking it.
,
Apr 17 2018
ping reporter: can you please respond to c#10? We need more information before we can proceed.
,
May 9 2018
Unfortunately we can't proceed without the requested information. Please file a new report with it included if this is still affecting you. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by jzimme...@gmail.com
, Feb 28 2018