Ubuntu
webbrowser-app package

Download fails on already authenticated site

Bug #1581892 reported by Barry Kolts
40
This bug affects 8 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Confirmed
High
Bill Filler
Canonical System Image backlog
webbrowser-app (Ubuntu)
Confirmed
High
Michael Sheldon

Bug Description

I have a personal website that I use Apache's AuthType Basic to authenticate.
From my phone ( Nexas 4 Mako OTA10 ) I can access the page and login OK. When I download a file I get a HttpError: 401-Unathorized.

More in depth:
When I press the "GetFile" link Apache logs (in access.log):

192.168.0.67 - barry [14/May/2016:17:47:11 -0500] "GET /briefcase/getfile.php?id=45 HTTP/1.1" 200 154936 "http://192.168.0.101/briefcase/index.php?tab=search" "Mozilla/5.0 (Linux; Ubuntu 14.04 like Android 4.4) AppleWebKit/537.36 Chromium/35.0.1870.2 Mobile Safari/537.36"

On my phone the the Download Dialog pops up and I press download apache logs

192.168.0.67 - - [14/May/2016:17:47:33 -0500] "GET /briefcase/getfile.php?id=45 HTTP/1.1" 401 728 "http://192.168.0.101/briefcase/index.php?tab=search" "Mozilla/5.0 (Linux; Ubuntu 14.04 like Android 4.4) AppleWebKit/537.36 Chromium/35.0.1870.2 Mobile Safari/537.36"

The difference is the first has my user name "barry" in it and the second doesn't.

In comparison when doing the same thing from my desktop (14.04) and FireFox Apache logs

192.168.0.2 - barry [14/May/2016:18:04:49 -0500] "GET /briefcase/getfile.php?id=45 HTTP/1.1" 200 492086 "http://192.168.0.101/briefcase/index.php?tab=search" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0"

and displays the "What should FireFox do with this file" dialog and Apache logs nothing further.

On my phone this behavior is the same whether I press "Download" or "Choose an application" from the Download dialog. Also if I long press the link and choose "Save link" the download fails also.

When I tried to download a file from a commercial site I have to log into, the download succeeded. I suspect the difference is the commercial site probably uses something beside "AuthType Basic".

I'm happy to provide any logs or to do more testing.

Thanks

Bill Filler (bfiller)
Changed in webbrowser-app (Ubuntu):
assignee: nobody → Michael Sheldon (michael-sheldon)
Changed in canonical-devices-system-image:
milestone: none → backlog
assignee: nobody → Bill Filler (bfiller)
Changed in webbrowser-app (Ubuntu):
importance: Undecided → High
Changed in canonical-devices-system-image:
importance: Undecided → High
Revision history for this message
Olivier Tilloy (osomon) wrote :

I’m guessing the HTTP Authorization header is not being passed to UDM.

Revision history for this message
Olivier Tilloy (osomon) wrote :

I can reliably reproduce the issue with the example at the bottom of https://www.httpwatch.com/httpgallery/authentication/. Display the image (which prompts username and password), then long-press on it and choose the "Save image" option from the contextual menu.

Changed in webbrowser-app (Ubuntu):
status: New → Confirmed
Olivier Tilloy (osomon)
summary: - Download fails on already athenticated site
+ Download fails on already authenticated site
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.