Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use Inspector on Basic Auth'd endpoints #445

Open
ulidtko opened this issue Jul 19, 2020 · 7 comments
Open

Unable to use Inspector on Basic Auth'd endpoints #445

ulidtko opened this issue Jul 19, 2020 · 7 comments
Labels
enhancement New feature or request triage

Comments

@ulidtko
Copy link

ulidtko commented Jul 19, 2020

RPC APIs prevalently require some kind of authentication, often HTTP Basic Auth.

It's currently not even possible to test RPCs and their OpenRPC descriptions:

{
    "jsonrpc": "2.0",
    "id": 0,
    "error": {
        "message": "Window.fetch: http://dummy-user:test-password@localhost/rpc is an url with embedded credentials."
    }
}

Well, yes it is! What's the error?!?

I do understand that it's Window.fetch acting up, and OpenRPC Playground merely provides context. This seems to be a relatively recent issue with browsers: https://medium.com/@lmakarov/say-goodbye-to-urls-with-embedded-credentials-b051f6c7b6a3

Any workarounds? Did I miss the user/password fields in Add transport dialogs?

Removing the dummy-user:test-password@ from the URL just produces NetworkError when attempting to fetch resource. — the RPC call I'm trying to make is never made (i.e. not even a 401 error).

Repro steps

  1. This nginx snippet: 
         location /rpc {
         auth_basic "This API required authentication.";
         auth_basic_user_file /tmp/test.htpasswd;

         try_files /dev/null =418;
     }
  2. printf "dummy-user:$(openssl passwd -apr1 test-password)\n" > /tmp/test.htpasswd
  3. Try to invoke any OpenRPC method, e.g. list_pets (doesn't matter) from the Inspector to http://localhost/rpc

Expected behavior

There is a way to test Basic Auth'd RPC endpoints.

Actual behavior

No working way exists.

Desktop

  • OS: Linux
  • Browser: Firefox 78.0.2
  • Browser: Brave Version 1.9.76 Chromium: 81.0.4044.138
@shanejonas shanejonas added the enhancement New feature or request label Aug 1, 2020
@stale
Copy link

stale bot commented Oct 2, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Oct 2, 2020
@ulidtko
Copy link
Author

ulidtko commented Oct 2, 2020

@Stale undo.

@stale stale bot removed the stale label Oct 2, 2020
@stale
Copy link

stale bot commented Dec 1, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 1, 2020
@ulidtko
Copy link
Author

ulidtko commented Dec 2, 2020

@Stale undo.

@stale stale bot removed the stale label Dec 2, 2020
@stale
Copy link

stale bot commented Jun 2, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jun 2, 2021
@ulidtko
Copy link
Author

ulidtko commented Jun 8, 2021

@Stale nope, undo.

@ulidtko ulidtko mentioned this issue Jun 8, 2021
Closed
@stale stale bot closed this as completed Jun 16, 2021
@ulidtko
Copy link
Author

ulidtko commented Jun 27, 2021

Yep, just as I said in #543. @Stale undo, you piece of garbage bot.

@shanejonas shanejonas reopened this Jul 26, 2021
@stale stale bot removed the stale label Jul 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shanejonas @ulidtko