Basic Authentication headers aren't pick up when connecting a core

Created on 27 March 2019, over 5 years ago
Updated 10 July 2024, 6 months ago

Your documentation describes how to add a site with HTTP Basic authentication enabled. However, the current version of the Dashboard does not allow you to save a core without successful connection and the AJAX connection checker does not pick up Authorization header even if it is provided before I try to fill the URL of the core.

Steps to reproduce:

- Create any Drupal instance and protect it with HTTP Basic authentication (either with .htaccess or with the Shield module).
- Click on Add Core action on the dashboard
- Fill Authorization header as the documentation says
- Fill the URL of the Drupal instance

Expected behavior:

The core can successfully connected and the Authentication Secret form block and the Save button shows up

Actual behavior:

AJAX connection checker says Can not connect to this domain.

No log event issued. No exceptions logged.

Potential workaround:

I can add a site while I remove HTTP Basic authentication and put it back on when DRD Authorization succeeds because as I see, jobs and Drush tasks pick up the headers correctly. But Authorization header (this provides the HTTP Basic / Digest authentication) would be important to picked up during the AJAX check, or alternatively, provide an option to enable saving "faulty" cores that can be re-triggered later.

Feature request
Status

Needs work

Version

4.0

Component

User interface

Created by

🇭🇺Hungary hron84

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇳🇱Netherlands aoturoa

    In the 'Add core' form you have the ability to select a Host, which in turn can have the Authorization headers already set.
    If the AJAX post also gets the Host field value send to the backend, the URL checker might be able to utilize that input.

  • 🇩🇪Germany jurgenhaas Gottmadingen

    @aoturoa that's correct. However, we should not assume that each core on a host has the same credentials. It should be working with its individual credentials, if present.

Production build 0.71.5 2024