-
Bug
-
Resolution: Fixed
-
Neutral
-
5.3.7
-
None
-
-
Empty show more show less
-
Kromeriz 84
-
3
When I try access anything (e.g. /xyz.html) on an author system, Magnolia sends the login form instead, which is perfectly fine. However Magnolia sends this with status code 401, which is also correct from a point of view that it shouldn't be 200, but it's still a problem. Just read on.
On all author systems that I have seen live in my career the responsible server admin placed an additional HTTP Basic authentication in front.
This causes the following problem on Chrome:
- User requests /xyz.html
- Web server sends 401 and requests Basic authentication as configured by server admin.
- Chrome displays login box
- User submits HTTP authentication credentials
- Web server accepts them, and Magnolia sends the Magnolia login form as 401
- Chrome sees 401 and instead of displaying the page sent by the server (=login form) it displays the login box again, assuming a previous authentication failure
- This happens three times, then Chrome says the page can't be loaded.
It works in all other browsers.
I filed this as a Chrome bug, but to my surprise they said the problem is with you, which I understand. They quoted RFC 2616:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge
applicable to the requested resource.
You are violating this when you send the login form as 401 without including a WWW-Authenticate header, which you are really doing (or not doing) here.
The result is so common from my experience that I'm really surprised that this bug hasn't been addressed yet: All of my Magnolia customers are complaining that their author systems aren't working on Chrome. So, ... I thought I should file this as a bug now just in case you're really still unaware of it.