[Webkit-unassigned] [Bug 37989] New: Webkit based browsers do not supply credentials properly with Apache basic authentication

Thu Apr 22 06:55:19 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=37989

           Summary: Webkit based browsers do not supply credentials
                    properly with Apache basic authentication
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: bugs at bsc.gwu.edu

I have observed this problem for several years and with all versions of webkit
based browsers. When a client visits a web site that is using Apache Basic
Authentication, the server will respond with a 401 HTTP status code requesting
a userID/password.  However, at times, the browser will ignore the 401 status
code and repeatedly requests content without providing the userID/password on
the request.  There could be several hundred requests that are generated
without properly providing this information even though the server responds to
each one with a 401.

Problem here is that this behavior will trigger server side security monitors
that consider this to be an failed attempt to login to a secured site. 

Thanks.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.