WebPagetest Forums
Basic auth is sent to subsequent domains as well - Printable Version

+- WebPagetest Forums (https://www.webpagetest.org/forums)
+-- Forum: WebPagetest (/forumdisplay.php?fid=7)
+--- Forum: Bugs/Issues (/forumdisplay.php?fid=10)
+--- Thread: Basic auth is sent to subsequent domains as well (/showthread.php?tid=15484)



Basic auth is sent to subsequent domains as well - michaeldr - 09-05-2018 07:01 PM

If I enable basic auth for running a test on https://foo.com and foo.com page contains, for example, a js file loaded from https://cdn.bar.com/bundle.js then the basic auth Authorization header is being sent to that domain as well.

Do you think this is a desired behaviour ?


RE: Basic auth is sent to subsequent domains as well - pmeenan - 09-06-2018 04:56 AM

Desired or not, it is the expected behavior. The auth header is added to all requests and there isn't support for only adding it to requests for certain origins.


RE: Basic auth is sent to subsequent domains as well - michaeldr - 09-17-2018 03:40 AM

(09-06-2018 04:56 AM)pmeenan Wrote:  Desired or not, it is the expected behavior. The auth header is added to all requests and there isn't support for only adding it to requests for certain origins.

Expected where ? As far as I know, this is not how the browser works.