Bug 211774

Summary: Flaky failures fetching modules with HTTP authentication: blocked ... asking for credentials because it is a cross-origin request
Product: WebKit Reporter: philipp.steinberg
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, beidson, rwlbuis, webkit-bug-importer, youennf, ysuzuki
Priority: P2 Keywords: InRadar
Version: Safari 13   
Hardware: All   
OS: Unspecified   

Description philipp.steinberg 2020-05-12 01:19:07 PDT 
Hi,

we have website hosted with AWS and have some problems with a lambda@edge base authentification gatekeeper.
We used the following code to protect one of our sites with basic authentification
https://gist.github.com/lmakarov/e5984ec16a76548ff2b278c06027f1a4

The code is triggered before website calls, so that you have to authentificate before seeing the page.

This works fine with all browsers expect the webkit based. ( we tested with safari on a macbook and a iphone and the epiphany browser)
They bring throw the following errors "blocked asking for credentials because it is a cross-origin request"

I have no idea why the browser is detecting the call as a cross-origin because every resource is on the same domain.

I created a test website to reproduce the error.

url: https://testlambda.w2g.siemens.com/
user: test
password: secret

Best regards
Philipp
Comment 1 Alexey Proskuryakov 2020-05-13 18:03:09 PDT 
This looks like an issue with module loading. 

<script src="runtime-es2015.c5fa8325f89fc516600b.js" type="module">

I can get the page to load sometimes, especially when Cmd-clicking to load in a background tab.

This flakiness can't be right.
Comment 2 Radar WebKit Bug Importer 2020-05-13 18:03:30 PDT 
<rdar://problem/63208848>
Comment 3 philipp.steinberg 2021-03-30 05:30:36 PDT 
Hi I noticed that the issue seems to be solved and no longer appear.
For that reason I removed the test website and close the bug