Closed twotwotwo closed 1 year ago
Hey, thanks for posting this. Did this happen with the latest version too? Because another user reported this like 2 weeks ago, so I moved all requests to the background script which should have fixed it (at least when I have tested it, and said user did not reopen the issue so I guess it worked for him too).
Would be awesome if the user could verify this happens in v0.9.8.7
Cheers
Awesome; I've asked the user to check their current version, update if it's not v0.9.8.7, and try again. I'll you know what I hear!
User updated and confirmed to me the popup went away--thanks!
We got a report from a user who was seeing an authentication popup on a site hosted in a product I work on. This turned out to be because of a FediAct request to /api/v1/instance, which triggers our server to request credentials because it starts with /api/. You ought to be able to reproduce by just navigating to https://act.johnfetterman.com/thanks/ .
In my tests, passing
credentials: 'omit'
option in thefetch
call is enough to make a request fail that would otherwise prompt the user.https://developer.mozilla.org/en-US/docs/Web/API/fetch#:~:text=the%20following%20strings%3A-,omit,-Tells%20browsers%20to
You might also look for signs a site might be Mastodon before making an HTTP request, e.g. check for
document.querySelector('#mastodon') && document.querySelector('#initial-state').text.includes('mastodon')
, or whether the path contains@
or is one of the core page paths like getting-started. Butcredentials: 'omit'
is the easy step here.