Multipass and multi-domain requests

krtek4 / MultiPass

Automatically login to Basic Authentication using data based on URL regexp.

http://gilles.crettenand.info/MultiPass

Do What The F*ck You Want To Public License

87 stars 22 forks source link

Multipass and multi-domain requests #64

Closed DutchessNicole closed 5 years ago

DutchessNicole commented 5 years ago

Hello,

I'm using multipass to perform basic-auth form filling across a set of sites. However, it seems that multipass does not fill in additional requests once the main site has been successfully authenticated.

What I mean is, say we have domain site.domain.com which requires basic-auth. Multipass correctly identifies and authenticates to this site using the regex https*:\/\/.+.domain.com (as indicated by the green dot on the extension icon) However, if that page then loads additional domain content, hosted for instance on images.domain.com, a new basic auth popup appears that is not caught by the multipass plugin.

In this case such additional basic-auth requests are done to a dozen different domains. All use (in this case) the exact same credentials, so I would like to keep it simple in MP and just have the single regex catch all of these.

Is this possible?

krtek4 commented 5 years ago

Hi @DutchessNicole ,

I am not sure I understand, are the additional requests loaded by the webpage itself ? If so it is a usecase I never tested.

I will have to try and check, but probably Chrome isn't using the same mechanism to load content loaded by a page as one opened in a tab. Not sure I can do something here.

DutchessNicole commented 5 years ago

Yes, the page that is loaded then loads additional content from other servers (same domain in this case) which each require another basic-auth login

krtek4 commented 5 years ago

Hi there,

I did multiple tests and wasn't able to reproduce your issue.

You can try for yourself my latest test :

https://files.crettenand.info/test/index.html with test / test for access
loads https://files.crettenand.info/test/test.jpg with test2 / test2 for access

If you configure Multipass using the following :

[
    {"url":"https://files.crettenand.info/test/", "username":"test", "password":"test", "priority":"2"},
    {"url":"https://files.crettenand.info/test/test.jpg", "username":"test2", "password":"test", "priority":"1"}
]

Both the HTML and image should load without asking for any password.

I also tested with both ressources having the same username / password, and it works fine if you remove the Multipass rule for the image.

Can you provide a screenshort (or describe if you have sensible information), what you can see if you open the Multipass panel on the page that poses an issue ?

Is the small "pill" on the icon red ? Are their multiple lines colored in yellow ?

DutchessNicole commented 5 years ago

Thank you for the reply. As it turns out the company started messing around with my account just as I installed the plugin and for that reason it didn't properly work.

Your test case does indeed work correctly, so I guess Multipass does handle the situation properly.

This issue is resolved.