Project

General

Profile

Bug #6098

Digest auth broken

Added by Daniel Kucera 8 months ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
User Interface
Target version:
-
Start date:
2021-11-13
Due date:
% Done:

0%

Estimated time:
Found in version:
4.3-1916~g1884300
Affected Versions:

Description

When HTTP auth is set to Digest, auth is broken in Firefox.
Firefox caches used auth parameters and tries to use realm, nonce,... from last time.
Tvh just refuses them with UHAUTHORIZED without providing WWW-Authenticate header, see:
https://github.com/tvheadend/tvheadend/blob/10d117e6ed912759db59633ea426bed5ceb6819a/src/http.c#L1508

The proper response should be UNAUTHORIZED with WWW-Authenticate header and an additional field stale=TRUE , see:
https://www.ietf.org/rfc/rfc2617.txt

To simulate this, set auth to Digest in TVH, Login with Firefox, restart TVH and refresh TVH interface in FF.


Files

History

Also available in: Atom PDF