Bug #6098
Digest auth broken
Status:
New
Priority:
Normal
Assignee:
-
Category:
User Interface
Target version:
-
Start date:
2021-11-13
Due date:
% Done:
0%
Estimated time:
Found in version:
4.3-1916~g1884300
Affected Versions:
Description
When HTTP auth is set to Digest, auth is broken in Firefox.
Firefox caches used auth parameters and tries to use realm, nonce,... from last time.
Tvh just refuses them with UHAUTHORIZED without providing WWW-Authenticate header, see:
https://github.com/tvheadend/tvheadend/blob/10d117e6ed912759db59633ea426bed5ceb6819a/src/http.c#L1508
The proper response should be UNAUTHORIZED with WWW-Authenticate header and an additional field stale=TRUE , see:
https://www.ietf.org/rfc/rfc2617.txt
To simulate this, set auth to Digest in TVH, Login with Firefox, restart TVH and refresh TVH interface in FF.
Files
History
Updated by Daniel Kucera almost 3 years ago
See the attached request/response