5809 – Cannot use Safari to confgure Linksys router

Bug 5809 - Cannot use Safari to confgure Linksys router

Summary: Cannot use Safari to confgure Linksys router

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Duplicates (1):	13600 (view as bug list)
Depends on:
Blocks:

Reported:	2005-11-23 03:39 PST by James Lucas
Modified:	2007-08-08 13:39 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Lucas 2005-11-23 03:39:28 PST

There is a bug in the linksys router (eg. WRT54G) and using Safari to configure through the web 
interface. Safari will immediately display the 401 Unauthorized page instead of requesting the user for 
authentication information.

It appears that the router has no realm sent with the WWW-Authenticate header.

The HTTP/1.0 Specification states that "The realm attribute (case-insensitive) is required for all 
authentication schemes which issue a challenge." however browsers such as Firefox and IE both handle 
this missing realm while Safari fails.

A example response from the Linksys router is

HTTP/1.0 401 Unauthorized
Server: httpd
Date: Wed, 23 Nov 2005 22:17:20 GMT
WWW-Authenticate: Basic
Content-Type: text/html
Connection: close

<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>
Authorization required.
</BODY></HTML>

The correct WWW-Authenticate header should be WWW-Authenticate: Basic realm="realm name"

I found a past report on http://www.macfixit.com/article.php?story=20040116073545527.

Comment 1 James Lucas 2005-12-02 21:22:40 PST

After futher investigation this appears to be a "problem" with NSURLConnection. With some test code the 
delegate method "didReceiveAuthenticationChallenge" is never called.

Is this a bug that should be reported to Apple? No other browsers fail when a authentication realm is not 
set in the HTTP headers.

Comment 2 Joost de Valk (AlthA) 2006-02-13 16:03:10 PST

Reassigning to webkit-unassigned, to make sure more people see this.

Comment 3 Joost de Valk (AlthA) 2006-02-15 16:17:05 PST

Confirmed as a lot of people in the refered url seem to have this problem.

Comment 4 David Kilzer (:ddkilzer) 2007-06-12 10:53:43 PDT

See also Bug 13600.

Comment 5 James Lucas 2007-06-12 16:57:49 PDT

If the WWW-Authenticate header does not supply a realm then NSURLConnection does not perform any authentication.

The linksys router have disabled the realm string being sent in their version of the LightHTTPd code. I fixed the linksys issue by fixing the offending line in their source and recompiling (LightHTTPd source is fine, Linksys have just commented out lines in their version)

Both Firefox and IE work when a realm is not set (Even though this appears to be against spec)

See: http://www.ietf.org/rfc/rfc2617.txt
[" The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge."]

Comment 6 Alexey Proskuryakov 2007-06-23 04:13:41 PDT

*** Bug 13600 has been marked as a duplicate of this bug. ***

Comment 7 Alexey Proskuryakov 2007-06-23 04:17:30 PDT

<rdar://problem/5289792>

Comment 8 Alexey Proskuryakov 2007-08-08 13:39:21 PDT

Closing as INVALID, as the issue is not in open source WebKit. It will be handled internally by Apple engineers.