API Proxy does not forward basic auth credentials

[mark-rushakoff]

Our API server uses basic auth. When we use Lineman's API proxy feature, the Chrome developer console shows us that we are making requests with the basic auth headers, but our API server logs show that no basic auth headers are present on the incoming requests.

We're happy to spend some time on a pull request for this, but we would need a little guidance on where to start because we're still pretty new to Node and Express.

[searls]

Lineman uses http-proxy@0.10.x for proxying

Recommend you look into how to accomplish this here: https://github.com/nodejitsu/node-http-proxy

[mark-rushakoff]

We dug into this some more, and we found that when we set basic auth headers with curl, our API server behind the Lineman proxy did correctly see the basic auth credentials. We believe the problem now is Chrome or configuration related (seeing some Google results about Chrome not sending basic auth headers unless the server rejects the request in a particular way), so I'm going to close this issue.

[mark-rushakoff]

If anyone else runs into a similar issue, here's what was going on: even though you use the basic auth credentials in Chrome's URL bar (e.g. visiting http://user:pass@localhost:8000), Chrome first attempts to retrieve other resources without using the basic auth creds. Our API server was correctly returning a HTTP 401 Unauthorized response, but Chrome won't reattempt with basic auth creds included unless the server includes a WWW-Authenticate header. At the time, our API server wasn't including that header; now that it is returning the header, the Lineman proxy works as expected.

[searls]

Ah yeah, I believe that Chrome no longer officially supports basic auth in URL strings (most browsers don't). I wasn't even sure it was still possible w/o security flags