Bug: multiple login prompts on web server.

I cannot replicate this with a server running on Linux and using either
up-to date versions of chrome or firefox also running on linux.

The only way I know of for you to get extra login prompts is if the
browser is making multiple requests for different password protected
resources from the server. The calibre webapp does not do this, since it
works by first downloading a single file that contains all assets
bundled up and only after that loads does it make subsequent requests.

So what browser and on what platform are you using? And how are you
running the server? With what options? behind a reverse proxy? With SSL?

From your description I am guessing something along the network path
between the server and the browser is injecting code into the HTML the
server sends, causing the issue. First try running the server+browser on
localhost and see if that eliminates the issue.

Oh and one thing you can do is open the console in your browser (you
might need to install dev tools first) then when you click cancel on the
extra boxes there should be a message in the console detailing exactly
what HTTP request failed authorization.

Or alternatively look in the server logs for the same information.

 status incomplete

If I access the webserver through Chrome Beta 68.0.3440.40 running on an Android phone, I get multiple prompts. Firefox 68.0 on the same phone gets 1 prompt. Chrome (none beta version) 67.0.3396.87 on the same phone gets just 1 prompt.

Running Chromium 65.0.3325.181 on Raspbian OS gets just 1 prompt.

As far as I know, can't access console on mobile version of Chrome.

Does this point to a bug within mobile chrome beta then? I don't use any other site or service that uses the pop-up login style prompt so I don't know if any other site has the same issue as Calibre does on mobile chrome beta.

The popup login is good old HTTP AUTH a thirty year old standard, that
is much easier to use in non-browser clients (does not need
cookies/javascript). The calibre server is designed for use by
non-browser clients as well (OPDS feeds readers, dedicated apps like
calibre companion, etc.)

It certainly seems like a bug in chrome, hard to say for sure without
more details. It would be a real pity if chrome decided to break HTTP
AUTH. You can access the console by using the remote debugging feature
in chrome, a quick google should get you the details (basically connect
via usb cable to a computer running desktop chrome and the console opens
up inside desktop chrome).

I'll try that tomorrow when I'm home, don't have a USB C to USB A cable at work to connect to a computer.

[Expired for calibre because there has been no activity for 60 days.]