[Zope] Safari basic authentication problem

Hedley Roos hedley at upfrontsystems.co.za
Wed Aug 12 05:06:41 EDT 2009


Hi

Safari 4.0.2 fails to send an Authorization header to the server when 
the user is authenticated via basic authentication. This results in all 
sorts of permission problems.

I realise this is not a Zope problem but perhaps I can hack some 
temporary solution server-side to convince Safari to play along.

Header examples:

Firefox:
--------
'GET /sweet HTTP/1.1\r\n
Host: 192.168.1.75:23190\r\n
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) 
Gecko/20090716 Ubuntu/9.04 (jaunty) Shiretoko/3.5.1\r\nAccept: 
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 300\r\n
Connection: keep-alive\r\n
Cookie: tree-s="eJzT0MgpMOQKVneEA1dbda4CI67EkgJjLj0AeGcHew"\r\n
Authorization: Basic YWRtaW46bG9jYWw=\r\n
Cache-Control: max-age=0'


Safari:
-------
'GET /sweet HTTP/1.1\r\n
Host: 192.168.1.75:23190\r\n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) 
AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\r\n
Referer: http://192.168.1.75:23190/sweet/pt_editForm\r\n
Accept: 
application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n
Accept-Language: en-US\r\n
Accept-Encoding: gzip, deflate\r\n
Cache-Control: max-age=0\r\n
Cookie: __utma=91023834.1699497027.1250064893.1250064893.1250064893.1; 
__utmb=91023834; __utmc=91023834; 
__utmz=91023834.1250064893.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); 
tree-s="eJzTyCkw5NLIKTDiClZ3hANXW3WuAmOuxEQ9AIOOB9Q"\r\n
Connection: keep-alive'

This thread also discusses the issue: 
http://plope.com/Members/chrism/safari_3_discards_basic_auth

It is fairly simple to replicate - add a Page Template to the root which 
displays request/AUTHENTICATED_USER and navigate to it (while logged in) 
with the respective browsers.

Hedley


More information about the Zope mailing list