Skip to content

Pages requiring authorisation do not work on Safari #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
christiaanb opened this issue Oct 15, 2013 · 9 comments · Fixed by #199
Closed

Pages requiring authorisation do not work on Safari #132

christiaanb opened this issue Oct 15, 2013 · 9 comments · Fixed by #199

Comments

@christiaanb
Copy link

Every hackage page that requires authorisation, such as http://hackage.haskell.org/packages/candidates/ or http://hackage.haskell.org/package/<PACKAGE>/maintain gives me the message No authorization provided on Safari.

Using Chrome I do however get the prompt for username/password and everything works perfectly.
@dcoutts
Copy link
Contributor

dcoutts commented Oct 22, 2013

Any help from safari users on what's going on here would be helpful. We're following the http digest spec as far as we know.

@dcoutts
Copy link
Contributor

dcoutts commented Nov 19, 2013

What we really need is a log of the HTTP request(s) that Safari sends us when this happens.

@christiaanb
Copy link
Author

This is the HTTP request header that I apparently send for http://hackage.haskell.org/package/clash-lib/maintain:

Referer: http://hackage.haskell.org/package/clash-lib
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Cookie: __utma=80028942.1537272425.1381221508.1384438687.1384869324.6; __utmc=80028942; __utmz=80028942.1384438687.5.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.71 (KHTML, like Gecko) Version/6.1 Safari/537.71
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: hackage.haskell.org

Does this help in any way?

@dcoutts
Copy link
Contributor

dcoutts commented Nov 27, 2013

@christiaanb thanks. And is that the only request it makes? Given that request, the server will respond asking to authorise, e.g. something like:

HTTP/1.1 401 Unauthorized
Server: nginx/1.4.3
Date: Wed, 27 Nov 2013 19:01:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
WWW-Authenticate: Digest realm="Hackage", qop="", nonce="dbf42f6e026d2b17530284294b8d7a9a", opaque=""
Content-Length: 35

So then the question is what it does in response. It is supposed to prompt the user for the password and resend with the appropriate credentials (using http digest auth).

@yogsototh
Copy link

A more complete version:

No.     Time           Source                Destination           Protocol Length Info
     20 30.547782000   192.168.0.51          88.198.224.242        HTTP     257    POST /packages/candidates/ HTTP/1.1  (application/octet-stream)

Frame 20: 257 bytes on wire (2056 bits), 257 bytes captured (2056 bits) on interface 0
    Interface id: 0
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec  4, 2013 21:39:21.906037000 CET
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1386189561.906037000 seconds
    [Time delta from previous captured frame: 0.000058000 seconds]
    [Time delta from previous displayed frame: 0.000058000 seconds]
    [Time since reference or first frame: 30.547782000 seconds]
    Frame Number: 20
    Frame Length: 257 bytes (2056 bits)
    Capture Length: 257 bytes (2056 bits)
    [Frame is marked: True]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http:mime_multipart:media]
    [Number of per-protocol-data: 1]
    [Hypertext Transfer Protocol, key 0]
    [Coloring Rule Name: ___conversation_color_filter___01]
    [Coloring Rule String: (ip.addr eq 192.168.0.51 and ip.addr eq 88.198.224.242) and (tcp.port eq 52362 and tcp.port eq 80)]
Ethernet II, Src: Apple_0b:fb:35 (04:54:53:0b:fb:35), Dst: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
    Destination: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
        Address: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Apple_0b:fb:35 (04:54:53:0b:fb:35)
        Address: Apple_0b:fb:35 (04:54:53:0b:fb:35)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.0.51 (192.168.0.51), Dst: 88.198.224.242 (88.198.224.242)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 243
    Identification: 0xf21c (61980)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x4d54 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.0.51 (192.168.0.51)
    Destination: 88.198.224.242 (88.198.224.242)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 52362 (52362), Dst Port: http (80), Seq: 761, Ack: 1, Len: 191
    Source port: 52362 (52362)
    Destination port: http (80)
    [Stream index: 3]
    Sequence number: 761    (relative sequence number)
    [Next sequence number: 952    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)
    Header length: 32 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 8235
    [Calculated window size: 131760]
    [Window size scaling factor: 16]
    Checksum: 0x04bd [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        Timestamps: TSval 1058878723, TSecr 379554676
            Kind: Timestamp (8)
            Length: 10
            Timestamp value: 1058878723
            Timestamp echo reply: 379554676
    [SEQ/ACK analysis]
        [Bytes in flight: 951]
    TCP segment data (191 bytes)
[2 Reassembled TCP Segments (951 bytes): #19(760), #20(191)]
    [Frame: 19, payload: 0-759 (760 bytes)]
    [Frame: 20, payload: 760-950 (191 bytes)]
    [Segment count: 2]
    [Reassembled TCP length: 951]
    [Reassembled TCP Data: 504f5354202f7061636b616765732f63616e646964617465...]
Hypertext Transfer Protocol
    POST /packages/candidates/ HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): POST /packages/candidates/ HTTP/1.1\r\n]
            [Message: POST /packages/candidates/ HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: POST
        Request URI: /packages/candidates/
        Request Version: HTTP/1.1
    Host: hackage.haskell.org\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Encoding: gzip, deflate\r\n
    Cache-Control: max-age=0\r\n
    Accept-Language: en-us\r\n
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryEEQjuH5Z4mioZGR1\r\n
    Origin: http://hackage.haskell.org\r\n
    Content-Length: 191\r\n
        [Content length: 191]
    Connection: keep-alive\r\n
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71\r\n
    Referer: http://hackage.haskell.org/packages/candidates/upload\r\n
    Cookie: __utma=80028942.442160659.1355349219.1386110144.1386186874.21; __utmc=80028942; __utmz=80028942.1386015532.19.17.utmcsr=duckduckgo.com|utmccn=(referral)|utmcmd=referral|utmcct=/\r\n
    \r\n
    [Full request URI: http://hackage.haskell.org/packages/candidates/]
    [HTTP request 1/2]
    [Response in frame: 23]
    [Next request in frame: 25]
MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: "----WebKitFormBoundaryEEQjuH5Z4mioZGR1"
    [Type: multipart/form-data]
    First boundary: ------WebKitFormBoundaryEEQjuH5Z4mioZGR1\r\n
    Encapsulated multipart part:  (application/octet-stream)
        Content-Disposition: form-data; name="package"; filename=""\r\n
        Content-Type: application/octet-stream\r\n\r\n
    Last boundary: \r\n------WebKitFormBoundaryEEQjuH5Z4mioZGR1--\r\n

No.     Time           Source                Destination           Protocol Length Info
     23 30.707420000   88.198.224.242        192.168.0.51          HTTP     1202   HTTP/1.1 401 Unauthorized  (text/html)

Frame 23: 1202 bytes on wire (9616 bits), 1202 bytes captured (9616 bits) on interface 0
    Interface id: 0
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec  4, 2013 21:39:22.065675000 CET
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1386189562.065675000 seconds
    [Time delta from previous captured frame: 0.064945000 seconds]
    [Time delta from previous displayed frame: 0.064945000 seconds]
    [Time since reference or first frame: 30.707420000 seconds]
    Frame Number: 23
    Frame Length: 1202 bytes (9616 bits)
    Capture Length: 1202 bytes (9616 bits)
    [Frame is marked: True]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http:data:data:data-text-lines]
    [Number of per-protocol-data: 1]
    [Hypertext Transfer Protocol, key 0]
    [Coloring Rule Name: ___conversation_color_filter___01]
    [Coloring Rule String: (ip.addr eq 192.168.0.51 and ip.addr eq 88.198.224.242) and (tcp.port eq 52362 and tcp.port eq 80)]
Ethernet II, Src: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1), Dst: Apple_0b:fb:35 (04:54:53:0b:fb:35)
    Destination: Apple_0b:fb:35 (04:54:53:0b:fb:35)
        Address: Apple_0b:fb:35 (04:54:53:0b:fb:35)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
        Address: FreeboxS_61:0d:a1 (14:0c:76:61:0d:a1)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.198.224.242 (88.198.224.242), Dst: 192.168.0.51 (192.168.0.51)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 1188
    Identification: 0x4164 (16740)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 45
    Protocol: TCP (6)
    Header checksum: 0x0d5c [correct]
        [Good: True]
        [Bad: False]
    Source: 88.198.224.242 (88.198.224.242)
    Destination: 192.168.0.51 (192.168.0.51)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: http (80), Dst Port: 52362 (52362), Seq: 1, Ack: 952, Len: 1136
    Source port: http (80)
    Destination port: 52362 (52362)
    [Stream index: 3]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 1137    (relative sequence number)]
    Acknowledgment number: 952    (relative ack number)
    Header length: 32 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 137
    [Calculated window size: 17536]
    [Window size scaling factor: 128]
    Checksum: 0xa4ce [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        Timestamps: TSval 379554715, TSecr 1058878723
            Kind: Timestamp (8)
            Length: 10
            Timestamp value: 379554715
            Timestamp echo reply: 1058878723
    [SEQ/ACK analysis]
        [Bytes in flight: 1136]
Hypertext Transfer Protocol
    HTTP/1.1 401 Unauthorized\r\n
        [Expert Info (Chat/Sequence): HTTP/1.1 401 Unauthorized\r\n]
            [Message: HTTP/1.1 401 Unauthorized\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Version: HTTP/1.1
        Status Code: 401
        Response Phrase: Unauthorized
    Server: nginx/1.4.3\r\n
    Date: Wed, 04 Dec 2013 20:39:21 GMT\r\n
    Content-Type: text/html; charset=utf-8\r\n
    Transfer-Encoding: chunked\r\n
    Connection: keep-alive\r\n
    WWW-Authenticate: Digest realm="Hackage", qop="", nonce="818853b7cbf0c574aabd9def31b1664c", opaque=""\r\n
    \r\n
    [HTTP response 1/2]
    [Time since request: 0.159638000 seconds]
    [Request in frame: 20]
    [Next request in frame: 25]
    [Next response in frame: 27]
    HTTP chunked response
        Data chunk (842 octets)
            Chunk size: 842 octets
            Data (842 bytes)

0000  3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a   <!DOCTYPE html>.
0010  3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6c   <html>.<head>.<l
0020  69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68   ink rel="stylesh
0030  65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 61 74   eet" href="/stat
0040  69 63 2f 68 61 63 6b 61 67 65 2e 63 73 73 22 20   ic/hackage.css" 
0050  74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20   type="text/css" 
0060  2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 65   />.<link rel="se
0070  61 72 63 68 22 20 74 79 70 65 3d 22 61 70 70 6c   arch" type="appl
0080  69 63 61 74 69 6f 6e 2f 6f 70 65 6e 73 65 61 72   ication/opensear
0090  63 68 64 65 73 63 72 69 70 74 69 6f 6e 2b 78 6d   chdescription+xm
00a0  6c 22 20 74 69 74 6c 65 3d 22 48 61 63 6b 61 67   l" title="Hackag
00b0  65 22 20 68 72 65 66 3d 22 2f 70 61 63 6b 61 67   e" href="/packag
00c0  65 73 2f 6f 70 65 6e 73 65 61 72 63 68 2e 78 6d   es/opensearch.xm
00d0  6c 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 48 61 63   l" />.<title>Hac
00e0  6b 61 67 65 3a 20 4e 6f 20 61 75 74 68 6f 72 69   kage: No authori
00f0  7a 61 74 69 6f 6e 20 70 72 6f 76 69 64 65 64 3c   zation provided<
0100  2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a   /title>.</head>.
0110  0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d   .<body>.<div id=
0120  22 70 61 67 65 2d 68 65 61 64 65 72 22 3e 0a 3c   "page-header">.<
0130  75 6c 20 63 6c 61 73 73 3d 22 6c 69 6e 6b 73 22   ul class="links"
0140  20 69 64 3d 22 70 61 67 65 2d 6d 65 6e 75 22 3e    id="page-menu">
0150  0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22   .<li><a href="/"
0160  3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 0a 3e 3c   >Home</a></li.><
0170  6c 69 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d   li><form action=
0180  22 2f 70 61 63 6b 61 67 65 73 2f 73 65 61 72 63   "/packages/searc
0190  68 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 20   h" method="get" 
01a0  63 6c 61 73 73 3d 22 73 65 61 72 63 68 22 3e 3c   class="search"><
01b0  62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62   button type="sub
01c0  6d 69 74 22 3e 53 65 61 72 63 68 26 6e 62 73 70   mit">Search&nbsp
01d0  3b 3c 2f 62 75 74 74 6f 6e 3e 3c 69 6e 70 75 74   ;</button><input
01e0  20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d    type="text" nam
01f0  65 3d 22 74 65 72 6d 73 22 20 2f 3e 3c 2f 66 6f   e="terms" /></fo
0200  72 6d 3e 3c 2f 6c 69 0a 3e 3c 6c 69 3e 3c 61 20   rm></li.><li><a 
0210  68 72 65 66 3d 22 2f 70 61 63 6b 61 67 65 73 2f   href="/packages/
0220  22 3e 42 72 6f 77 73 65 3c 2f 61 3e 3c 2f 6c 69   ">Browse</a></li
0230  0a 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f   .><li><a href="/
0240  72 65 63 65 6e 74 22 3e 57 68 61 74 27 73 20 6e   recent">What's n
0250  65 77 3c 2f 61 3e 3c 2f 6c 69 0a 3e 3c 6c 69 3e   ew</a></li.><li>
0260  3c 61 20 68 72 65 66 3d 22 2f 75 70 6c 6f 61 64   <a href="/upload
0270  22 3e 55 70 6c 6f 61 64 3c 2f 61 3e 3c 2f 6c 69   ">Upload</a></li
0280  0a 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f   .><li><a href="/
0290  61 63 63 6f 75 6e 74 73 22 3e 55 73 65 72 20 61   accounts">User a
02a0  63 63 6f 75 6e 74 73 3c 2f 61 3e 3c 2f 6c 69 0a   ccounts</a></li.
02b0  3e 3c 2f 75 6c 3e 0a 3c 61 20 63 6c 61 73 73 3d   ></ul>.<a class=
02c0  22 63 61 70 74 69 6f 6e 22 20 68 72 65 66 3d 22   "caption" href="
02d0  2f 22 3e 48 61 63 6b 61 67 65 20 3a 3a 20 5b 50   /">Hackage :: [P
02e0  61 63 6b 61 67 65 5d 3c 2f 61 3e 0a 3c 2f 64 69   ackage]</a>.</di
02f0  76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e   v>..<div id="con
0300  74 65 6e 74 22 3e 0a 3c 68 31 3e 4e 6f 20 61 75   tent">.<h1>No au
0310  74 68 6f 72 69 7a 61 74 69 6f 6e 20 70 72 6f 76   thorization prov
0320  69 64 65 64 3c 2f 68 31 3e 0a 0a 3c 70 3e 3c 2f   ided</h1>..<p></
0330  70 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64   p>..</div>.</bod
0340  79 3e 0a 3c 2f 68 74 6d 6c 3e                     y>.</html>
                Data: 3c21444f43545950452068746d6c3e0a3c68746d6c3e0a3c...
                [Length: 842]
            Chunk boundary
        End of chunked encoding
            Chunk size: 0 octets
            Chunk boundary
Line-based text data: text/html
    <!DOCTYPE html>\n
    <html>\n
    <head>\n
    <link rel="stylesheet" href="/static/hackage.css" type="text/css" />\n
    <link rel="search" type="application/opensearchdescription+xml" title="Hackage" href="/packages/opensearch.xml" />\n
    <title>Hackage: No authorization provided</title>\n
    </head>\n
    \n
    <body>\n
    <div id="page-header">\n
    <ul class="links" id="page-menu">\n
    <li><a href="/">Home</a></li\n
    ><li><form action="/packages/search" method="get" class="search"><button type="submit">Search&nbsp;</button><input type="text" name="terms" /></form></li\n
    ><li><a href="/packages/">Browse</a></li\n
    ><li><a href="/recent">What's new</a></li\n
    ><li><a href="/upload">Upload</a></li\n
    ><li><a href="/accounts">User accounts</a></li\n
    ></ul>\n
    <a class="caption" href="/">Hackage :: [Package]</a>\n
    </div>\n
    \n
    <div id="content">\n
    <h1>No authorization provided</h1>\n
    \n
    <p></p>\n
    \n
    </div>\n
    </body>\n
    </html>

@mchakravarty
Copy link

Just to say that this is a rather annoying bug!

@hesselink
Copy link
Contributor

Here is the best data I can extract from the Safari debugger:

Request headers:

Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cache-Control   max-age=0
DNT 1
User-Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/6.1.1 Safari/537.73.11

Response headers:

Date    Wed, 22 Jan 2014 10:14:43 GMT
Www-Authenticate    Digest realm="Hackage", qop="", nonce="161fcd8a52248d644ad4e7ecd47de1f9", opaque=""
Server  nginx/1.4.3
Connection  keep-alive
Transfer-Encoding   Identity
Content-Type    text/html; charset=utf-8

The nastiest thing about this bug is that it means any authenticated page on hackage cannot be accessed on an iPad or iPhone, since these don't have the option of installing a different browser.

@mchakravarty
Copy link

@hesselink You can install other browsers (including Chrome) on iOS devices. You just cannot make it the default browser (for opening attachments and the like).

Nevertheless, I would greatly appreciate if anybody had any idea what is going wrong here.

@hesselink
Copy link
Contributor

You are right. I assumed it wouldn't help, as they use the same underlying engine, but I just tested Chrome, and I could log in on hackage using it. That gives us a workaround, at least.

As for the underlying cause, I've done a bit of googling, but haven't found anything definitive. There seems to be a lot of grumbling about differing implementations of digest authentication in browsers and bugs relating to it, though. So perhaps tweaking some of the parameters, or changing of the quoting, could shed some light on it.

hesselink added a commit to hesselink/hackage-server that referenced this issue Feb 27, 2014
@hesselink
Fix authentication in Safari.
16edafe 
I'm not sure what the TODO meant, but an empty qop field makes
authentication in Safari fail immediately. With the field set to auth,
authentication seems to work in the latest Firefox, Safari, Chrome and
Internet Explorer. This is with HTTP 4000.2.10.

Fixes haskell#132.
@hesselink hesselink mentioned this issue Feb 27, 2014
Merged
hesselink added a commit to hesselink/hackage-server that referenced this issue Apr 8, 2014
@hesselink
Fix authentication in Safari.
53311d6 
We now offer 'qop="auth"', because without it, authentication in
Safari fails immediately. With the field set to auth, authentication
seems to work in the latest Firefox, Safari, Chrome and Internet
Explorer. However, the HTTP package as used in cabal-install has a bug
where it send 'qop="auth"' without an 'nc' or 'cnonce' field. So we
are lenient: when these fields are not present, we fall back to no
qop.

Fixes haskell#132.

[1] haskell/HTTP#54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix authentication in Safari. hesselink/hackage-server
5 participants
@hesselink @christiaanb @yogsototh @mchakravarty @dcoutts