Project

General

Profile

Bug #4589

WebKit/Safari does not support Basic Authentication in Web Sockets

Added by J Blanc about 7 years ago. Updated about 7 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
User Interface
Target version:
-
Start date:
2017-09-13
Due date:
% Done:

100%

Estimated time:
Found in version:
4.3-462~g7672841a9
Affected Versions:

Description

The WebKit interpretation of the Web Sockets standard is that it's not supposed to be authenticated using HTTP Authentication, and that 401 responses should be taken as hard failure. They are very unlikely to implement support for this because it is an insecure method. This means that the new web-socket system in development will not work with Safari since it uses HTTP Authentication.

Can you only use Sockets for non-authenticated transactions / implement in-stream authentication.

History

#1

Updated by Jaroslav Kysela about 7 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset commit:tvheadend|8fc3520623cf2423474dff9b83d682ad645a2b6b.

#2

Updated by Jaroslav Kysela about 7 years ago

The "basic" HTTP authentication is insecure. The "digest" HTTP authentication is fine. There's no requirement to use own implementation in the websocket protocol.

Join to: https://bugs.webkit.org/show_bug.cgi?id=80362

The websockets are not used for Safari in v4.3-472-g8fc352062 (see the associated commit).

Also available in: Atom PDF