Bug #6098: Digest auth broken - Tvheadend

Bug #6098

Digest auth broken

Added by Daniel Kucera about 3 years ago. Updated about 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

User Interface

Target version:

Start date:

2021-11-13

Due date:

% Done:

Estimated time:

Found in version:

4.3-1916~g1884300

Affected Versions:

Description

When HTTP auth is set to Digest, auth is broken in Firefox.
Firefox caches used auth parameters and tries to use realm, nonce,... from last time.
Tvh just refuses them with UHAUTHORIZED without providing WWW-Authenticate header, see:
https://github.com/tvheadend/tvheadend/blob/10d117e6ed912759db59633ea426bed5ceb6819a/src/http.c#L1508

The proper response should be UNAUTHORIZED with WWW-Authenticate header and an additional field stale=TRUE , see:
https://www.ietf.org/rfc/rfc2617.txt

To simulate this, set auth to Digest in TVH, Login with Firefox, restart TVH and refresh TVH interface in FF.

Files

Screenshot from 2021-11-13 16-55-00.png (126 KB) Screenshot from 2021-11-13 16-55-00.png

Daniel Kucera, 2021-11-13 16:56

History

Updated by Daniel Kucera about 3 years ago

File Screenshot from 2021-11-13 16-55-00.png Screenshot from 2021-11-13 16-55-00.png added

See the attached request/response

Also available in: Atom PDF

Project

General

Profile

Tvheadend

Issues

Custom queries

Bug #6098

Digest auth broken

History

Updated by Daniel Kucera about 3 years ago