[Webkit-unassigned] [Bug 282508] Safari sends authentication headers multiple times.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 6 10:51:14 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=282508
--- Comment #3 from Chris Z <chris at zarate.org> ---
I have also been affected by this issue in Safari 18.1. The simplest reproduction involves using two different authentication methods on the same site:
1. Open a tab and visit https://httpbin.org/basic-auth/user/password
2. Log in using "user" and "password" and select "Remember this password"
3. Open another tab and visit https://httpbin.org/digest-auth/auth/user/password
4. Log in using "user" and "password" and select "Remember this password"
5. Return to the first tab and refresh. You will receive 400 Bad Request from httpbin.org. Observe the request headers and see that both the Basic and Digest Authorization headers are sent.
I have attached a video walking through this reproduction. Like teisho, I have also experienced repeated identical Basic authorization headers; this scenario is harder to reproduce but seems to be related to the above reproducible issue.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241106/fd7c08f4/attachment.htm>
More information about the webkit-unassigned
mailing list