Bug 5809

Summary: Cannot use Safari to confgure Linksys router
Product: WebKit Reporter: James Lucas <mjlucas>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: ap, rifepe
Priority: P2 Keywords: InRadar
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   

James Lucas
Reported 2005-11-23 03:39:28 PST
There is a bug in the linksys router (eg. WRT54G) and using Safari to configure through the web interface. Safari will immediately display the 401 Unauthorized page instead of requesting the user for authentication information. It appears that the router has no realm sent with the WWW-Authenticate header. The HTTP/1.0 Specification states that "The realm attribute (case-insensitive) is required for all authentication schemes which issue a challenge." however browsers such as Firefox and IE both handle this missing realm while Safari fails. A example response from the Linksys router is HTTP/1.0 401 Unauthorized Server: httpd Date: Wed, 23 Nov 2005 22:17:20 GMT WWW-Authenticate: Basic Content-Type: text/html Connection: close <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD> <BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4> Authorization required. </BODY></HTML> The correct WWW-Authenticate header should be WWW-Authenticate: Basic realm="realm name" I found a past report on http://www.macfixit.com/article.php?story=20040116073545527.
Attachments
Add attachment proposed patch, testcase, etc.
James Lucas
Comment 1 2005-12-02 21:22:40 PST
After futher investigation this appears to be a "problem" with NSURLConnection. With some test code the delegate method "didReceiveAuthenticationChallenge" is never called. Is this a bug that should be reported to Apple? No other browsers fail when a authentication realm is not set in the HTTP headers.
Joost de Valk (AlthA)
Comment 2 2006-02-13 16:03:10 PST
Reassigning to webkit-unassigned, to make sure more people see this.
Joost de Valk (AlthA)
Comment 3 2006-02-15 16:17:05 PST
Confirmed as a lot of people in the refered url seem to have this problem.
David Kilzer (:ddkilzer)
Comment 4 2007-06-12 10:53:43 PDT
See also Bug 13600.
James Lucas
Comment 5 2007-06-12 16:57:49 PDT
If the WWW-Authenticate header does not supply a realm then NSURLConnection does not perform any authentication. The linksys router have disabled the realm string being sent in their version of the LightHTTPd code. I fixed the linksys issue by fixing the offending line in their source and recompiling (LightHTTPd source is fine, Linksys have just commented out lines in their version) Both Firefox and IE work when a realm is not set (Even though this appears to be against spec) See: http://www.ietf.org/rfc/rfc2617.txt [" The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge."]
Alexey Proskuryakov
Comment 6 2007-06-23 04:13:41 PDT
*** Bug 13600 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 7 2007-06-23 04:17:30 PDT
<rdar://problem/5289792>
Alexey Proskuryakov
Comment 8 2007-08-08 13:39:21 PDT
Closing as INVALID, as the issue is not in open source WebKit. It will be handled internally by Apple engineers.
Note You need to log in before you can comment on or make changes to this bug.