serviceworker causes basic auth dialog to not show on subsequent visits #3882

Open
opened 2025-11-02 05:29:27 -06:00 by GiteaMirror · 2 comments
Owner

Originally created by @peterholak on GitHub (Sep 2, 2019).

Affects all versions since the serviceworker was introduced presumably, including 1.10.0+dev-232-gf1c414882.

Problem:

  • Run gitea behind any kind of reverse proxy (e.g. nginx) with configured basic auth (in nginx).
  • Visit it in browser - the auth dialog will be displayed, enter credentials.
  • Close the browser.
  • Reopen the browser, visit the page again.
  • It shows the "401 Unauthorized" page, without displaying the basic auth dialog - even though the WWW-Authenticate header was sent. In Chrome, refreshing the page with F5 doesn't work. Only pressing Ctrl+Shift+R (not possible on mobile obviously) causes the auth dialog to pop up again.

Seems to be related to the PWA / service worker feature. There is plenty of info on this issue on the web, googling serviceworker basic auth shows many relevant results.

Older versions of gitea (tested with 1.6, see below) didn't suffer from this problem, due to not having the PWA feature.

The issue can be reproduced by using the docker-compose file at https://gist.github.com/peterholak/317f4ca1827672aa231c7114a19149b5. After running docker-compose up, the page at localhost:8004 (latest version of gitea from docker hub) suffers from the described problem, while the page at localhost:8005 (version 1.6) does not. (The credentials are user hello, password world.)

If this is not easy to solve, it would be nice to at least be able to disable the PWA in config.

Originally created by @peterholak on GitHub (Sep 2, 2019). Affects all versions since the serviceworker was introduced presumably, including `1.10.0+dev-232-gf1c414882`. Problem: - Run gitea behind any kind of reverse proxy (e.g. nginx) with configured basic auth (in nginx). - Visit it in browser - the auth dialog will be displayed, enter credentials. - Close the browser. - Reopen the browser, visit the page again. - It shows the "401 Unauthorized" page, without displaying the basic auth dialog - even though the `WWW-Authenticate` header was sent. In Chrome, refreshing the page with `F5` doesn't work. Only pressing `Ctrl+Shift+R` (not possible on mobile obviously) causes the auth dialog to pop up again. Seems to be related to the PWA / service worker feature. There is plenty of info on this issue on the web, googling `serviceworker basic auth` shows many relevant results. Older versions of gitea (tested with 1.6, see below) didn't suffer from this problem, due to not having the PWA feature. The issue can be reproduced by using the docker-compose file at https://gist.github.com/peterholak/317f4ca1827672aa231c7114a19149b5. After running `docker-compose up`, the page at `localhost:8004` (latest version of gitea from docker hub) suffers from the described problem, while the page at `localhost:8005` (version 1.6) does not. (The credentials are user `hello`, password `world`.) If this is not easy to solve, it would be nice to at least be able to disable the PWA in config.
GiteaMirror added the type/proposaltype/enhancement labels 2025-11-02 05:29:27 -06:00
Author
Owner

@lunny commented on GitHub (Sep 3, 2019):

PWA should be allowed to be disabled by user.

@lunny commented on GitHub (Sep 3, 2019): PWA should be allowed to be disabled by user.
Author
Owner

@silverwind commented on GitHub (May 22, 2020):

Please retest on master, it might be fixed because the new serviceworker implementation intercepts less.

@silverwind commented on GitHub (May 22, 2020): Please retest on master, it might be fixed because the new serviceworker implementation intercepts less.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3882