Open sid-code opened 6 years ago
I tried testing with https://httpbin.org/basic-auth/user/password
and could not reproduce. In fact switching to that tab (so un-suspending it) didn't even cause _on_authentication_required
to get entered, I had to reload. I guess it loaded from cache (disabling the cache in the inspector didn't help). I also tried with a local app so I could test it with a css file, still couldn't reproduce, nor with an image from another origin, nor with a style link added via JS.
I'm on Qt 5.11.1.
Do you have a public test site?
Instead of using --temp-basedir
you can use --basedir /tmp/basic-auth-test/
to make a clean basedir and re-use that for the second run.
I can reproduce that with crashes.qutebrowser.org which I have in my netrc file, even without having to restart. It happens because netrc is only used once until a new page is loaded (because we can't detect wrong passwords, so that'd be an endless loop otherwise). Instead, we probably should have a list of URLs where netrc was already used or so.
@toofar
Do you have a public test site?
I've just put one up: https://skulk.org/netrc auth: general:password
There is a css file on that page. However, I cannot reproduce this exact issue, as it never asks for any password on that website even if I resume it from a suspended state. The offending web application that I'm using must be doing something funky to trick qutebrowser into asking for a password.
@The-Compiler
Thanks for putting time into this. I'm not entirely understanding what this sentence means in the context of this issue:
netrc is only used once until a new page is loaded
How does this cause qutebrowser to ask for my password for a random css file served under that domain? I'm reading through all the relevant code I can find, so if I can understand the issue I'll attempt to fix it.
Here's what (I think) happens:
netrc_used
gets unset)netrc_used
netrc_used
is setThe problem that netrc_used
is trying to solve is what happens when the password is wrong:
I understand now. However, why does this not happen on my test site https://skulk.org/netrc (general:password) which loads a htpasswd-protected css file? Is it because the distance (temporally) between the two password-protected requests is so small that qutebrowser ends up doing the right thing?
I don't know. I'd expect QtWebEngine to not even ask for a password twice (because it should know that the same password is still valid), but it does.
Hey, I think I've actually fixed it by doing what you said! I replaced netrc_used: bool
in the TabData class with netrc_used_for: dict[url, bool]
and changed some code and now it seems to work! I only did it for the webengine backend. If I were to write a pull request, would you prefer I also implemented it for webkit?
Why would it need to be a dict? Sounds easier to just make it a set of URLs. As for QtWebKit, you'll probably need to adjust that code as well so it keeps working at all, as TabData
is the same IIRC.
Version info (see
:version
): v1.5.1Does the bug happen if you start with
--temp-basedir
? (if applicable): This can't really be reproduced with a temporary basedir because it involves closing qutebrowser, re-opening, and resuming the tab from the suspended state.Description The .netrc is ignored when a tab wakes up from being suspended. The incredibly irritating modal password prompt shows up for some random .css file loaded by the page. I can dismiss it (press escape) and refresh the page and it won't show up again.
How to reproduce