O
O
Oleg Tarakanov2021-05-25 22:27:09
Google Chrome
Oleg Tarakanov, 2021-05-25 22:27:09

Why doesn't chrome pass the Authorization header?

Good afternoon!

There is an old resource that requires basic authorization when accessing.
About a year ago, problems began in fresh versions of the browser:
1. when accessing a resource, a window appears (not an html form, but a basic authorization window - like on many inexpensive routers), which asks for a username and password.
2. after entering any data, a claim parsing error occurs, which also occurs when entering correct data.
(I must say right away that the system was written a long time ago on the knee and they turned to me with what they have.)
If you reload the page - nothing happens, the same claim parsing error is displayed, HOWEVER, when you click the "Logout" button, you "fall through" into the system as an authorized user, not some random account, but the one with which you "logged in" .

In the latest version of Firefox, this situation is not reproduced. Differences that we managed to find - chrome does not send the "Authorization: ..." header after clicking the "login" button.
Interestingly, the cookie has no effect on the situation - it can be deleted, after reloading the page the server will give you a new one and will consider you authorized, and sometimes a situation may occur that you are given a new cookie despite the existing one (cookie lifetime - Session ).

Actually, I would like to understand - what is the difference between the work of Chrome and Firefox and how can this be overcome, preferably by admin methods.

I will be happy to answer clarifying questions.
---
I found the version in which the problems started - 79. In 78 everything is successfully authorized and working.
Tried to fight with sameCookie, overridden set-cookie to lax and none - no change. The site works on HTTPS.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question