Closed jpmens closed 5 months ago
Occurs on iPadOS as well.
<ip-address> - jip [03/Feb/2024:18:32:25 +0000] "GET /owntracks/ws/last HTTP/1.1" 101 130363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15"
<ip-address> - - [03/Feb/2024:18:33:35 +0000] "GET /owntracks/ws/last HTTP/1.1" 401 4970 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15"
From one second to the next.
Possibly solved with a Satisfy in spite of it not making much sense to me.
AuthType Basic
AuthName "My OwnTracks"
AuthBasicProvider file
AuthUserFile "/usr/local/owntracks/userdata/htpasswd"
Require valid-user
Satisfy any
Solved.
That wasn't the solution; I didn't notice that authentication didn't work at all. Back to square 1.
I could really use some help here. This is the config. Firefox and Chrome (on Macos) behave the way I think they should. Safari (on Macos, iPadOS, and iOS) prompt for re-authentication after a minute or two, in spite of checking the "Save Password" box.
I think it has something to do with the websocket connection from frontend/
and from last/
.
It shouldn't be a TLS issue; disabling, i.e. configuring for port 80, doesn't solve the issue. It's proxy related.
(screenshot as my toots are autodeleted.)
Dirk says:
this configuration works for the websockets in confluence: Edit: yes, also with Safari, but it doesn’t use BasicAuth. So it may help or not.
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:1111%{REQUEST_URI} [P]
</Location>
It doesn't work.
zimpenfish says:
Had the same problem with Hugo’s livereload websocket. Solved it by creating a cookie after the first successful login and using that as an alternate authentication method. Not ideal at all but the only way I could find to avoid this with Safari.
This is my nginx configuration.\
map $cookie_thingauth $mysite_hascookie {
"COOKIE_VALUE" "off";
default "auth/realm";
}
...
location /xyz/ {
auth_basic $mysite_hascookie;
auth_basic_user_file "/pw/file";
add_header Set-Cookie "thingauth=COOKIE_VALUE;max-age=86400;path=/;secure";
...
}
thingauth and COOKIE_VALUE have to match between the two blocks. Hopefully that helps and if there’s a better solution, I’d love to know myself.
This is looking promising...
zimpenfish's solution appears to be working, and thank so much for that!
Cookies are being replaced when they expire, and I've not had Safari prompt for credentials since yesterday's launch.
Cannot reproduce on either Firefox or Chrome (on Mac). Safari periodically asks for basic auth credentials in spite of saving them.