dcoutts
commented
11 years ago Any help from safari users on what's going on here would be helpful. We're following the http digest spec as far as we know.
Closed christiaanb closed 10 years ago
dcoutts
commented
11 years ago Any help from safari users on what's going on here would be helpful. We're following the http digest spec as far as we know.
dcoutts
commented
10 years ago What we really need is a log of the HTTP request(s) that Safari sends us when this happens.
christiaanb
commented
10 years ago This is the HTTP request header that I apparently send for http://hackage.haskell.org/package/clash-lib/maintain:
Referer: http://hackage.haskell.org/package/clash-lib
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Cookie: __utma=80028942.1537272425.1381221508.1384438687.1384869324.6; __utmc=80028942; __utmz=80028942.1384438687.5.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.71 (KHTML, like Gecko) Version/6.1 Safari/537.71
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: hackage.haskell.orgDoes this help in any way?
dcoutts
commented
10 years ago @christiaanb thanks. And is that the only request it makes? Given that request, the server will respond asking to authorise, e.g. something like:
HTTP/1.1 401 Unauthorized
Server: nginx/1.4.3
Date: Wed, 27 Nov 2013 19:01:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
WWW-Authenticate: Digest realm="Hackage", qop="", nonce="dbf42f6e026d2b17530284294b8d7a9a", opaque=""
Content-Length: 35So then the question is what it does in response. It is supposed to prompt the user for the password and resend with the appropriate credentials (using http digest auth).
yogsototh
commented
10 years ago A more complete version:
No. Time Source Destination Protocol Length Info
20 30.547782000 192.168.0.51 88.198.224.242 HTTP 257 POST /packages/candidates/ HTTP/1.1 (application/octet-stream)
Frame 20: 257 bytes on wire (2056 bits), 257 bytes captured (2056 bits) on interface 0
Interface id: 0
Encapsulation type: Ethernet (1)
Arrival Time: Dec 4, 2013 21:39:21.906037000 CET
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1386189561.906037000 seconds
[Time delta from previous captured frame: 0.000058000 seconds]
[Time delta from previous displayed frame: 0.000058000 seconds]
[Time since reference or first frame: 30.547782000 seconds]
Frame Number: 20
Frame Length: 257 bytes (2056 bits)
Capture Length: 257 bytes (2056 bits)
[Frame is marked: True]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:mime_multipart:media]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: ___conversation_color_filter___01]
[Coloring Rule String: (ip.addr eq 192.168.0.51 and ip.addr eq 88.198.224.242) and (tcp.port eq 52362 and tcp.port eq 80)]
Ethernet II, Src: Apple_0b:fb:35 (04:54:53:0b:fb:35), Dst: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
Destination: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
Address: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Apple_0b:fb:35 (04:54:53:0b:fb:35)
Address: Apple_0b:fb:35 (04:54:53:0b:fb:35)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.0.51 (192.168.0.51), Dst: 88.198.224.242 (88.198.224.242)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 243
Identification: 0xf21c (61980)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x4d54 [correct]
[Good: True]
[Bad: False]
Source: 192.168.0.51 (192.168.0.51)
Destination: 88.198.224.242 (88.198.224.242)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 52362 (52362), Dst Port: http (80), Seq: 761, Ack: 1, Len: 191
Source port: 52362 (52362)
Destination port: http (80)
[Stream index: 3]
Sequence number: 761 (relative sequence number)
[Next sequence number: 952 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 8235
[Calculated window size: 131760]
[Window size scaling factor: 16]
Checksum: 0x04bd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Timestamps: TSval 1058878723, TSecr 379554676
Kind: Timestamp (8)
Length: 10
Timestamp value: 1058878723
Timestamp echo reply: 379554676
[SEQ/ACK analysis]
[Bytes in flight: 951]
TCP segment data (191 bytes)
[2 Reassembled TCP Segments (951 bytes): #19(760), #20(191)]
[Frame: 19, payload: 0-759 (760 bytes)]
[Frame: 20, payload: 760-950 (191 bytes)]
[Segment count: 2]
[Reassembled TCP length: 951]
[Reassembled TCP Data: 504f5354202f7061636b616765732f63616e646964617465...]
Hypertext Transfer Protocol
POST /packages/candidates/ HTTP/1.1\r\n
[Expert Info (Chat/Sequence): POST /packages/candidates/ HTTP/1.1\r\n]
[Message: POST /packages/candidates/ HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: POST
Request URI: /packages/candidates/
Request Version: HTTP/1.1
Host: hackage.haskell.org\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate\r\n
Cache-Control: max-age=0\r\n
Accept-Language: en-us\r\n
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryEEQjuH5Z4mioZGR1\r\n
Origin: http://hackage.haskell.org\r\n
Content-Length: 191\r\n
[Content length: 191]
Connection: keep-alive\r\n
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71\r\n
Referer: http://hackage.haskell.org/packages/candidates/upload\r\n
Cookie: __utma=80028942.442160659.1355349219.1386110144.1386186874.21; __utmc=80028942; __utmz=80028942.1386015532.19.17.utmcsr=duckduckgo.com|utmccn=(referral)|utmcmd=referral|utmcct=/\r\n
\r\n
[Full request URI: http://hackage.haskell.org/packages/candidates/]
[HTTP request 1/2]
[Response in frame: 23]
[Next request in frame: 25]
MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: "----WebKitFormBoundaryEEQjuH5Z4mioZGR1"
[Type: multipart/form-data]
First boundary: ------WebKitFormBoundaryEEQjuH5Z4mioZGR1\r\n
Encapsulated multipart part: (application/octet-stream)
Content-Disposition: form-data; name="package"; filename=""\r\n
Content-Type: application/octet-stream\r\n\r\n
Last boundary: \r\n------WebKitFormBoundaryEEQjuH5Z4mioZGR1--\r\n
No. Time Source Destination Protocol Length Info
23 30.707420000 88.198.224.242 192.168.0.51 HTTP 1202 HTTP/1.1 401 Unauthorized (text/html)
Frame 23: 1202 bytes on wire (9616 bits), 1202 bytes captured (9616 bits) on interface 0
Interface id: 0
Encapsulation type: Ethernet (1)
Arrival Time: Dec 4, 2013 21:39:22.065675000 CET
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1386189562.065675000 seconds
[Time delta from previous captured frame: 0.064945000 seconds]
[Time delta from previous displayed frame: 0.064945000 seconds]
[Time since reference or first frame: 30.707420000 seconds]
Frame Number: 23
Frame Length: 1202 bytes (9616 bits)
Capture Length: 1202 bytes (9616 bits)
[Frame is marked: True]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:data:data:data-text-lines]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: ___conversation_color_filter___01]
[Coloring Rule String: (ip.addr eq 192.168.0.51 and ip.addr eq 88.198.224.242) and (tcp.port eq 52362 and tcp.port eq 80)]
Ethernet II, Src: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1), Dst: Apple_0b:fb:35 (04:54:53:0b:fb:35)
Destination: Apple_0b:fb:35 (04:54:53:0b:fb:35)
Address: Apple_0b:fb:35 (04:54:53:0b:fb:35)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
Address: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.198.224.242 (88.198.224.242), Dst: 192.168.0.51 (192.168.0.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1188
Identification: 0x4164 (16740)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 45
Protocol: TCP (6)
Header checksum: 0x0d5c [correct]
[Good: True]
[Bad: False]
Source: 88.198.224.242 (88.198.224.242)
Destination: 192.168.0.51 (192.168.0.51)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: http (80), Dst Port: 52362 (52362), Seq: 1, Ack: 952, Len: 1136
Source port: http (80)
Destination port: 52362 (52362)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
[Next sequence number: 1137 (relative sequence number)]
Acknowledgment number: 952 (relative ack number)
Header length: 32 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 137
[Calculated window size: 17536]
[Window size scaling factor: 128]
Checksum: 0xa4ce [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Timestamps: TSval 379554715, TSecr 1058878723
Kind: Timestamp (8)
Length: 10
Timestamp value: 379554715
Timestamp echo reply: 1058878723
[SEQ/ACK analysis]
[Bytes in flight: 1136]
Hypertext Transfer Protocol
HTTP/1.1 401 Unauthorized\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 401 Unauthorized\r\n]
[Message: HTTP/1.1 401 Unauthorized\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 401
Response Phrase: Unauthorized
Server: nginx/1.4.3\r\n
Date: Wed, 04 Dec 2013 20:39:21 GMT\r\n
Content-Type: text/html; charset=utf-8\r\n
Transfer-Encoding: chunked\r\n
Connection: keep-alive\r\n
WWW-Authenticate: Digest realm="Hackage", qop="", nonce="818853b7cbf0c574aabd9def31b1664c", opaque=""\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.159638000 seconds]
[Request in frame: 20]
[Next request in frame: 25]
[Next response in frame: 27]
HTTP chunked response
Data chunk (842 octets)
Chunk size: 842 octets
Data (842 bytes)
0000 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a <!DOCTYPE html>.
0010 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6c <html>.<head>.<l
0020 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 ink rel="stylesh
0030 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 61 74 eet" href="/stat
0040 69 63 2f 68 61 63 6b 61 67 65 2e 63 73 73 22 20 ic/hackage.css"
0050 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 type="text/css"
0060 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 65 />.<link rel="se
0070 61 72 63 68 22 20 74 79 70 65 3d 22 61 70 70 6c arch" type="appl
0080 69 63 61 74 69 6f 6e 2f 6f 70 65 6e 73 65 61 72 ication/opensear
0090 63 68 64 65 73 63 72 69 70 74 69 6f 6e 2b 78 6d chdescription+xm
00a0 6c 22 20 74 69 74 6c 65 3d 22 48 61 63 6b 61 67 l" title="Hackag
00b0 65 22 20 68 72 65 66 3d 22 2f 70 61 63 6b 61 67 e" href="/packag
00c0 65 73 2f 6f 70 65 6e 73 65 61 72 63 68 2e 78 6d es/opensearch.xm
00d0 6c 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 48 61 63 l" />.<title>Hac
00e0 6b 61 67 65 3a 20 4e 6f 20 61 75 74 68 6f 72 69 kage: No authori
00f0 7a 61 74 69 6f 6e 20 70 72 6f 76 69 64 65 64 3c zation provided<
0100 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a /title>.</head>.
0110 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d .<body>.<div id=
0120 22 70 61 67 65 2d 68 65 61 64 65 72 22 3e 0a 3c "page-header">.<
0130 75 6c 20 63 6c 61 73 73 3d 22 6c 69 6e 6b 73 22 ul class="links"
0140 20 69 64 3d 22 70 61 67 65 2d 6d 65 6e 75 22 3e id="page-menu">
0150 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 .<li><a href="/"
0160 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 0a 3e 3c >Home</a></li.><
0170 6c 69 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d li><form action=
0180 22 2f 70 61 63 6b 61 67 65 73 2f 73 65 61 72 63 "/packages/searc
0190 68 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 20 h" method="get"
01a0 63 6c 61 73 73 3d 22 73 65 61 72 63 68 22 3e 3c class="search"><
01b0 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 button type="sub
01c0 6d 69 74 22 3e 53 65 61 72 63 68 26 6e 62 73 70 mit">Search 
01d0 3b 3c 2f 62 75 74 74 6f 6e 3e 3c 69 6e 70 75 74 ;</button><input
01e0 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d type="text" nam
01f0 65 3d 22 74 65 72 6d 73 22 20 2f 3e 3c 2f 66 6f e="terms" /></fo
0200 72 6d 3e 3c 2f 6c 69 0a 3e 3c 6c 69 3e 3c 61 20 rm></li.><li><a
0210 68 72 65 66 3d 22 2f 70 61 63 6b 61 67 65 73 2f href="/packages/
0220 22 3e 42 72 6f 77 73 65 3c 2f 61 3e 3c 2f 6c 69 ">Browse</a></li
0230 0a 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f .><li><a href="/
0240 72 65 63 65 6e 74 22 3e 57 68 61 74 27 73 20 6e recent">What's n
0250 65 77 3c 2f 61 3e 3c 2f 6c 69 0a 3e 3c 6c 69 3e ew</a></li.><li>
0260 3c 61 20 68 72 65 66 3d 22 2f 75 70 6c 6f 61 64 <a href="/upload
0270 22 3e 55 70 6c 6f 61 64 3c 2f 61 3e 3c 2f 6c 69 ">Upload</a></li
0280 0a 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f .><li><a href="/
0290 61 63 63 6f 75 6e 74 73 22 3e 55 73 65 72 20 61 accounts">User a
02a0 63 63 6f 75 6e 74 73 3c 2f 61 3e 3c 2f 6c 69 0a ccounts</a></li.
02b0 3e 3c 2f 75 6c 3e 0a 3c 61 20 63 6c 61 73 73 3d ></ul>.<a class=
02c0 22 63 61 70 74 69 6f 6e 22 20 68 72 65 66 3d 22 "caption" href="
02d0 2f 22 3e 48 61 63 6b 61 67 65 20 3a 3a 20 5b 50 /">Hackage :: [P
02e0 61 63 6b 61 67 65 5d 3c 2f 61 3e 0a 3c 2f 64 69 ackage]</a>.</di
02f0 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e v>..<div id="con
0300 74 65 6e 74 22 3e 0a 3c 68 31 3e 4e 6f 20 61 75 tent">.<h1>No au
0310 74 68 6f 72 69 7a 61 74 69 6f 6e 20 70 72 6f 76 thorization prov
0320 69 64 65 64 3c 2f 68 31 3e 0a 0a 3c 70 3e 3c 2f ided</h1>..<p></
0330 70 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 p>..</div>.</bod
0340 79 3e 0a 3c 2f 68 74 6d 6c 3e y>.</html>
Data: 3c21444f43545950452068746d6c3e0a3c68746d6c3e0a3c...
[Length: 842]
Chunk boundary
End of chunked encoding
Chunk size: 0 octets
Chunk boundary
Line-based text data: text/html
<!DOCTYPE html>\n
<html>\n
<head>\n
<link rel="stylesheet" href="/static/hackage.css" type="text/css" />\n
<link rel="search" type="application/opensearchdescription+xml" title="Hackage" href="/packages/opensearch.xml" />\n
<title>Hackage: No authorization provided</title>\n
</head>\n
\n
<body>\n
<div id="page-header">\n
<ul class="links" id="page-menu">\n
<li><a href="/">Home</a></li\n
><li><form action="/packages/search" method="get" class="search"><button type="submit">Search </button><input type="text" name="terms" /></form></li\n
><li><a href="/packages/">Browse</a></li\n
><li><a href="/recent">What's new</a></li\n
><li><a href="/upload">Upload</a></li\n
><li><a href="/accounts">User accounts</a></li\n
></ul>\n
<a class="caption" href="/">Hackage :: [Package]</a>\n
</div>\n
\n
<div id="content">\n
<h1>No authorization provided</h1>\n
\n
<p></p>\n
\n
</div>\n
</body>\n
</html>
mchakravarty
commented
10 years ago Just to say that this is a rather annoying bug!
hesselink
commented
10 years ago Here is the best data I can extract from the Safari debugger:
Request headers:
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cache-Control max-age=0
DNT 1
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/6.1.1 Safari/537.73.11Response headers:
Date Wed, 22 Jan 2014 10:14:43 GMT
Www-Authenticate Digest realm="Hackage", qop="", nonce="161fcd8a52248d644ad4e7ecd47de1f9", opaque=""
Server nginx/1.4.3
Connection keep-alive
Transfer-Encoding Identity
Content-Type text/html; charset=utf-8The nastiest thing about this bug is that it means any authenticated page on hackage cannot be accessed on an iPad or iPhone, since these don't have the option of installing a different browser.
mchakravarty
commented
10 years ago @hesselink You can install other browsers (including Chrome) on iOS devices. You just cannot make it the default browser (for opening attachments and the like).
Nevertheless, I would greatly appreciate if anybody had any idea what is going wrong here.
hesselink
commented
10 years ago You are right. I assumed it wouldn't help, as they use the same underlying engine, but I just tested Chrome, and I could log in on hackage using it. That gives us a workaround, at least.
As for the underlying cause, I've done a bit of googling, but haven't found anything definitive. There seems to be a lot of grumbling about differing implementations of digest authentication in browsers and bugs relating to it, though. So perhaps tweaking some of the parameters, or changing of the quoting, could shed some light on it.
Every hackage page that requires authorisation, such as
http://hackage.haskell.org/packages/candidates/orhttp://hackage.haskell.org/package/<PACKAGE>/maintaingives me the messageNo authorization providedon Safari.Using Chrome I do however get the prompt for username/password and everything works perfectly.