d3-request icon indicating copy to clipboard operation
d3-request copied to clipboard
verified publisher icon d3

HTTP Basic Authentication credentials in Google Chrome 64 not transfered to AJAX calls

Open mhuber84 opened this issue 7 years ago • 2 comments

Our project is protected by a HTTP Basic Authentication and we have to enter the username/password on every d3.json() call in Google Chrome.

It seems like in Google Chrome 64 there is a difference between xhr.open(method, url, true, user, password); with user=null and password=null and xhr.open(method, url, true);. In the second case http://mydomain is built as URL and the credentials from the browser cache are submitted and everything is fine. But in the first case a URL like http://null:null@mydomain is build which overwrites the cached credentials. And because the credentials are wrong the browser gives you the authenticate popup. You can see the URLs in the browser's developer toolbar in the network tab.

https://github.com/d3/d3-request/blob/62551679e4f8a0cbce222174db8dcbcf3b0fd437/src/request.js#L107

mhuber84 avatar Jan 31 '18 14:01 mhuber84

basicauth.zip is a minimal test case for this issue.

mhuber84 avatar Jan 31 '18 14:01 mhuber84

There is a bugfix and patch that should resolve this issue:

https://bugs.chromium.org/p/chromium/issues/detail?id=808018

https://bugs.chromium.org/p/chromium/issues/detail?id=808995

nkabrown avatar Feb 08 '18 15:02 nkabrown