Bug #4589
WebKit/Safari does not support Basic Authentication in Web Sockets
100%
Description
The WebKit interpretation of the Web Sockets standard is that it's not supposed to be authenticated using HTTP Authentication, and that 401 responses should be taken as hard failure. They are very unlikely to implement support for this because it is an insecure method. This means that the new web-socket system in development will not work with Safari since it uses HTTP Authentication.
Can you only use Sockets for non-authenticated transactions / implement in-stream authentication.
History
Updated by Jaroslav Kysela about 7 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset commit:tvheadend|8fc3520623cf2423474dff9b83d682ad645a2b6b.
Updated by Jaroslav Kysela about 7 years ago
The "basic" HTTP authentication is insecure. The "digest" HTTP authentication is fine. There's no requirement to use own implementation in the websocket protocol.
Join to: https://bugs.webkit.org/show_bug.cgi?id=80362
The websockets are not used for Safari in v4.3-472-g8fc352062 (see the associated commit).