Bug: multiple login prompts on web server.
Bug #1782068 reported by
lightmaster
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
calibre |
Expired
|
Undecided
|
Unassigned |
Bug Description
Every time I log into the Calibre web server, it asks for my username and password 3 times. I've figured out that I can enter it correct the first time, and then hit cancel for the second and third prompts so I don't have to type it multiple times.
It asks on the submission page if this is a security vulnerability. Since this bug has to do with login prompts, I'm not sure whether or not there's a security hole that could be exploited here, so I'll tick that box just in case. Apologies if this is not the correct thing to do.
Calibre version: 3.27.1
OS: Ubuntu 16.04 (headless server)
information type: | Private Security → Public |
To post a comment you must log in.
I cannot replicate this with a server running on Linux and using either
up-to date versions of chrome or firefox also running on linux.
The only way I know of for you to get extra login prompts is if the
browser is making multiple requests for different password protected
resources from the server. The calibre webapp does not do this, since it
works by first downloading a single file that contains all assets
bundled up and only after that loads does it make subsequent requests.
So what browser and on what platform are you using? And how are you
running the server? With what options? behind a reverse proxy? With SSL?
From your description I am guessing something along the network path
between the server and the browser is injecting code into the HTML the
server sends, causing the issue. First try running the server+browser on
localhost and see if that eliminates the issue.