When using Iphone/Safari it asks to login after every action

[Nottt]

When accessing the script server from iphone/safari every action I do, trying to execute a script, change to a new one, etc it asks to login again.

Why this happens?

[Nottt]

I can offer a bounty to help this get fixed quickly!

[bugy]

Hi @Nottt are cookies enabled? That's the only issue i can think about

[Nottt]

I am not sure, if they aren't then this is the default because I didn't change that stuff.

I tried private and non private tabs too

[bugy]

Could you check please?

[bugy]

I mean cookies option

[Nottt]

As you can see, the option to block cookies is not enabled.

[bugy]

That's sad. Unfortunately, I don't have an iphone to debug it myself :( Could you try to edit src/utils/tornado_utils.py file, and modify get_secure_cookie method:

def get_secure_cookie(request_handler, key):
    value = request_handler.get_secure_cookie(key)

    import logging
    LOGGER = logging.getLogger('tornado_utils')
    LOGGER.info('secure cookie: ' + repr(value))
    LOGGER.info('raw cookie: ' + repr(request_handler.get_cookie(key)))

    if value is None:
        return None

    return value.decode('utf-8')

After that, please restart the server, try to do some requests from iphone, and check the server.log

[Nottt]

Can you try this?

https://www.browserstack.com/test-on-safari-browser

if the free trial is not enough, just let me know how much it costs. I use containers and stuff and I'm not sure how I would edit that stuff and keep it persistent after a docker restart

[bugy]

I'll try it. It will take some time, because I'm working today and also have to create a server with credentials :) But I'll do my best to solve it until Monday

[Nottt]

Perhaps you can find someone you know that has an iphone and would let you test it?

I can try to do the change you did later, but like i said i really have no ideal how to debug this myself.

I also have tried using https / http and no success. I don't have cookies issues like that in other websites.

But I must say i proxy my scripts with cloudflare, and use basic nginx authentication

[bugy]

But I must say i proxy my scripts with cloudflare, and use basic nginx authentication

Hmm, this completely changes my understanding of the issue. Your users log in via a default browser login page, right, not the script server one? And script-server conf.json file has no auth section. In other words, they do not see the following form:

If this is correct, then it has nothing to do with a script server. Because script server asks for login only when auth is enabled. When users are identified based on a header, coming from a proxy, script server just reads the header

[Nottt]

I see the login pop up, I can login and use the scripts normally, but every action I do, any click, anything, it triggers the login pop up again, so it's a hassle to use it

[bugy]

Hi @Nottt it seems to be a problem for other users (non script server too): https://stackoverflow.com/questions/37169737/safari-ios-basic-authentication-dialog-on-every-page-load https://www.reddit.com/r/nginx/comments/6bd9jl/basic_auth_login_loop_nginx/ https://discussions.apple.com/thread/8414341 https://forum.nginx.org/read.php?2,285874

(not the same, but similar): https://stackoverflow.com/questions/52507245/nginx-proxy-pass-websocket-basic-authentication-safari-endless-loop-in

[bugy]

Since script server supports basic auth now on its own, may be you can try to use this one instead?

[Nottt]

My conf.json only have this related

    "user_header_name": "X-Auth-Name",
    "trusted_ips": [
      "172.18.0.0/16"
    ],

And I was looking at the documentation I only see this:

Type of authentication provider. Supported types:

ldap (requires python ldap3 module)
google_oauth
gitlab
htpasswd

I don't want to use ldap oath or anything else, and htpasswd is what I am already using so I don't understand what you are saying

[bugy]

Hi @Nottt, currently you configure htpasswd via nginx. I suggest to configure it in script server instead. Because, apparently, ios safari has issues with basic auth in nginx

[Nottt]

It is not working for me... this is my config.json

{
  "port": 5000,
  "address": "0.0.0.0",
  "title": "SCRIPTS",
  "access": {
    "allowed_users": [
      "admin"
    ],
    "admin_users": [
      "admin"
    ],
    "trusted_ips": [
      "172.18.0.0/16"
    ],
"auth": {
    "type": "htpasswd",
    "htpasswd_path": "/app/scripts/htpasswd"
},
    "logging": {
      "execution_file": "$DATE-$ID.log",
      "execution_date_format": "%y-%m-%d_%H-%M"
    }
  }
}

I have removed the auth part from nginx, and now when I try to access I don't see a login pop up, only 403 forbidden.

[bugy]

@Nottt looks good to me. Could you check server.log for any errors? Also, which server version are you using?

[Nottt]

How to check the version?

I believe I am using the latest since I use my docker that auto updates on restart

[bugy]

@Nottt i missed it. You need to move auth section on a top level. Not inside access section

[Nottt]

You are right! It's working now, both in pc and iphone.

Finally the only thing missing for a long time is fixed xD

thanks a lot!

[bugy]

Nice, happy to hear that! Sorry that i couldn't help with nginx, but I'm not an expert there

[Nottt]

Do you have a bitcoin wallet for donations ?

[bugy]

No, I'm not into bitcoin, but thanks :)