-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
session过期后浏览器弹出原生登录框 #3213
Comments
pr welcome |
/kind improvement |
/assign |
@longjuan ,建议在生产环境禁用 BasicAuth 的认证方式。 |
这不是一个 feature 吗? |
可以移除这个 feature 么?不过这也会造成破坏性更新,得慎重考虑。 /meow |
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
只要在生产环境不会出现弹出原生登录框的情况那么,在生产环境保留 basicAuth 是否也是可行的 |
可以。先解决掉弹窗问题。 |
@longjuan 此 issue 依然需要,感谢贡献 |
好的 |
这项与此 issue 无关,可以不考虑,只需要解决 basicAuth 不弹出原生登录框即可 |
经过以上讨论,暂时不禁用 BasicAuth 认证方式,因为这可能会造成破坏性更新。可能已经有人正在使用这种认证方式了。目前还是按照 PR 描述中的方案解决即可。 |
...
好的 |
/shrug |
<!-- Thanks for sending a pull request! Here are some tips for you: 1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。 1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>. 2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。 2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. 3. 请确保你已经添加并运行了适当的测试。 3. Ensure you have added or ran the appropriate tests for your PR. --> #### What type of PR is this? /kind improvement /area console <!-- 添加其中一个类别: Add one of the following kinds: /kind bug /kind cleanup /kind documentation /kind feature /kind optimization 适当添加其中一个或多个类别(可选): Optionally add one or more of the following kinds if applicable: /kind api-change /kind deprecation /kind failing-test /kind flake /kind regression --> #### What this PR does / why we need it: 添加`X-Requested-With=XMLHttpRequest`请求头,以阻止spring security 带上`WWW-Authenticate`响应头导致弹出原生登录框。 #### Which issue(s) this PR fixes: <!-- PR 合并时自动关闭 issue。 Automatically closes linked issue when PR is merged. 用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)` Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> Fixes halo-dev/halo#3213 #### Screenshots: <!-- 如果此 PR 有 UI 的改动,最好截图说明这个 PR 的改动。 If there are UI changes to this PR, it is best to take a screenshot to illustrate the changes to this PR. eg. Before: ![screenshot-before](https://user-images.githubusercontent.com/screenshot.png) After: ![screenshot-after](https://user-images.githubusercontent.com/screenshot.png) --> #### Special notes for your reviewer: 使session过期后(直接删除cookie的session或重启后端),继续操作console端,预期不会弹出原生登录框且console端原有的重新登录form正常弹出。 详情https://spring.io/guides/tutorials/spring-security-and-angular-js/ 中搜索X-Requested-With #### Does this PR introduce a user-facing change? <!-- 如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。 否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change), Release Note 需要以 `action required` 开头。 If no, just write "NONE" in the release-note block below. If yes, a release note is required: Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required". --> ```release-note 防止浏览器弹出原生登录框 ```
…ole#836) <!-- Thanks for sending a pull request! Here are some tips for you: 1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。 1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>. 2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。 2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. 3. 请确保你已经添加并运行了适当的测试。 3. Ensure you have added or ran the appropriate tests for your PR. --> #### What type of PR is this? /kind improvement /area console <!-- 添加其中一个类别: Add one of the following kinds: /kind bug /kind cleanup /kind documentation /kind feature /kind optimization 适当添加其中一个或多个类别(可选): Optionally add one or more of the following kinds if applicable: /kind api-change /kind deprecation /kind failing-test /kind flake /kind regression --> #### What this PR does / why we need it: 添加`X-Requested-With=XMLHttpRequest`请求头,以阻止spring security 带上`WWW-Authenticate`响应头导致弹出原生登录框。 #### Which issue(s) this PR fixes: <!-- PR 合并时自动关闭 issue。 Automatically closes linked issue when PR is merged. 用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)` Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> Fixes halo-dev#3213 #### Screenshots: <!-- 如果此 PR 有 UI 的改动,最好截图说明这个 PR 的改动。 If there are UI changes to this PR, it is best to take a screenshot to illustrate the changes to this PR. eg. Before: ![screenshot-before](https://user-images.githubusercontent.com/screenshot.png) After: ![screenshot-after](https://user-images.githubusercontent.com/screenshot.png) --> #### Special notes for your reviewer: 使session过期后(直接删除cookie的session或重启后端),继续操作console端,预期不会弹出原生登录框且console端原有的重新登录form正常弹出。 详情https://spring.io/guides/tutorials/spring-security-and-angular-js/ 中搜索X-Requested-With #### Does this PR introduce a user-facing change? <!-- 如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。 否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change), Release Note 需要以 `action required` 开头。 If no, just write "NONE" in the release-note block below. If yes, a release note is required: Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required". --> ```release-note 防止浏览器弹出原生登录框 ```
是什么版本出现了此问题?
2.2.0
使用的什么数据库?
H2
使用的哪种方式部署?
Docker
在线站点地址
No response
发生了什么?
当session过期后,继续在console端操作,弹出原生登录提示框。
console端已有重新登录提示框,弹出原生登录框影响体验。
原因是响应头里有
WWW-Authenticate: Basic realm="Realm"
相关日志输出
No response
附加信息
根据spring security的指引文档,可在请求头加入
X-Requested-With=XMLHttpRequest
详情https://spring.io/guides/tutorials/spring-security-and-angular-js/ 中搜索
X-Requested-With
可利用axios的defaults.headers.common实现
https://github.com/axios/axios#custom-instance-defaults
The text was updated successfully, but these errors were encountered: