[Webkit-unassigned] [Bug 211774] New: Safari and epiphany handles lambda at edge gatekeeper as cross-origin request

Tue May 12 01:19:07 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=211774

            Bug ID: 211774
           Summary: Safari and epiphany handles lambda at edge gatekeeper as
                    cross-origin request
           Product: WebKit
           Version: Safari 13
          Hardware: All
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: philipp.steinberg at siemens.com
                CC: beidson at apple.com

Hi,

we have website hosted with AWS and have some problems with a lambda at edge base authentification gatekeeper.
We used the following code to protect one of our sites with basic authentification
https://gist.github.com/lmakarov/e5984ec16a76548ff2b278c06027f1a4

The code is triggered before website calls, so that you have to authentificate before seeing the page.

This works fine with all browsers expect the webkit based. ( we tested with safari on a macbook and a iphone and the epiphany browser)
They bring throw the following errors "blocked asking for credentials because it is a cross-origin request"

I have no idea why the browser is detecting the call as a cross-origin because every resource is on the same domain.

I created a test website to reproduce the error.

url: https://testlambda.w2g.siemens.com/
user: test
password: secret

Best regards
Philipp

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200512/139aa9e5/attachment-0001.htm>