php4fan
commented
11 months ago I checked the logs, so apparently it was requesting some CSS and JS files, whose full urls are probably hardcoded somewhere in the source code.
Anyway, the moment you show a popup to ask me for the credentials, you have to tell me what they are for.
Something like: "Authentication needed to download file https://www.whatever.com/some/file.css", plus some context as the why you are downloading it in the first place (e.g. "analyzing source code" or whatever).
glenlbs
Apache NetBeans version
Apache NetBeans 19
What happened
I installed NetBeans and am using it for the first time.
I went to File -> New Project -> PHP from existing source, and chose a directory where I have a bunch of PHP code, I will call this folder the "root" folder.
First, when setting up the project, I was asked to choose how to deploy and run it, and the first annoyance is that there was no "none" option. I don't want to deploy it, I just want to edit the source code. This is a bunch of semi-separate projects that are to be deployed to different server and/or in different ways and there's no way they can be run locally or that I can (or am willing to) instruct the IDE on how to deploy them, so I just want to be able to edit the source code and I'll take care of the deploying myself separately. Therefore, I chose "built-in web server" on localhost:8000 because there was no "none" option and this seemed like the one that required less fake setup and seems the most likely to not attempt do anything on its own until I explicitly ask it to "run" which I'll never do.
Now, after that, while I was browsing through the subfolders and BEFORE I OPENED OR DID ANYTHING, this popup showed up with no context whatsoever:
I happen to know that this is an http authentication request, like the one that a browser would show if you requested an url from a server that replied with a 401 response and a www-authenticate header.
The only way I know this is because of the "Acceso Protegido" title, which is the name of the "realm" that we use in the www-authenticate headers in some of the websites where some of the code in the project is normally deployed. But I haven't asked NetBeans to deploy anything, and I haven't set up any remote server configuration at all.
If it wasn't for that, I would have no clue whatsoever what this request for authentication is for. And even knowing that, I still don't know exactly where it's coming from, and especially, why.
I grepped the source code and there's no .htaccess file with such authentication configuration. The only place in the entirety of my project folder where that "Acceso Protegido" string appears, is in a shell script that writes a .htaccess file. And I definitely haven't asked Netbeans (or anybody for that matter) to run that .sh file.
So I don't know how on earth NetBeans has taken the decision to perform a http request to some of the urls that are related to the project (without me configuring ANYTHING related to deployment and remote servers); and I don't know what url exactly it has made a http request to (there are a few of them that use that same realm name). And again, WHY.
If the IDE decides for whatever reason (which it shouldn't, at all) to perform a http request that I haven't asked it to perform, to a server that I haven't configured, that it has somehow automagically figured out through some unbelievable artificially intelligent analysis of my source code, and this results in a 401 response asking for authentication, then you cannot just show me a popup saying "authentication required". You have to tell me authentication to what and why.
How to reproduce
No response
Did this work correctly in an earlier version?
No / Don't know
Operating System
Manjaro Linux
JDK
Java: 21; OpenJDK 64-Bit Server VM 21+35
Apache NetBeans packaging
Third-party package
Anything else
No response
Are you willing to submit a pull request?
No