Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support BasicAuth in browser extension #4308

Open
DaniSchenk opened this issue Feb 6, 2021 · 2 comments
Open

Support BasicAuth in browser extension #4308

DaniSchenk opened this issue Feb 6, 2021 · 2 comments
Labels
browser-add-on

Comments

@DaniSchenk
Copy link

I installed my own server and I added Basic Auth to protect it. It works from the command line:

curl --data "language=en-US&text=a simple test" https://<user>:<pw>@languagetool.domain.tld/v2/check

{"software":{"name":"LanguageTool","version":"5.2","buildDate":"2020-12-30 14:55","apiVersion":1,"premium":false,"premiumHint":"You might be missing errors only the Premium version can find. Contact us at support<at>languagetoolplus.com.","status":""},"warnings":{"incompleteResults":false},"language":{"name":"English (US)","code":"en-US","detectedLanguage":{"name":"French","code":"fr","confidence":0.815771}},"matches":[{"message":"This sentence does not start with an uppercase letter.","shortMessage":"","replacements":[{"value":"A"}],"offset":0,"length":1,"context":{"text":"a simple test","offset":0,"length":1},"sentence":"a simple test","type":{"typeName":"Other"},"rule":{"id":"UPPERCASE_SENTENCE_START","description":"Checks that a sentence starts with an uppercase letter","issueType":"typographical","category":{"id":"CASING","name":"Capitalization"}},"ignoreForIncompleteSentence":true,"contextForSureMatch":-1}]}

The browser extension is not working. The extension works when the Basic Auth part of the URL is omitted. I also tried using only lowercase names and passwords, only URL save characters, but I had no luck. Am I missing something?

grafik
@DaniSchenk
Copy link
Author

DaniSchenk commented Feb 6, 2021
edited
Loading

I took a quick look into the Firefox extension and could get this error message out of it:

Uncaught (in promise) {…}
message: "Verbindung zu https://user:[email protected]/v2/check fehlgeschlagen (#1, code=undefined)"
reason: "ConnectionError"
response: "Window.fetch: https://user:[email protected]/v2/check is an url with embedded credentials."
stack: undefined
status: 0
<prototype>: {…

FF and other browsers are preventing requests to URLs containing embedded credentials (for obvious reasons). So this issue is not a bug report.

However, my initial problem still persists. How do I secure my server if my clients (extensions) only provide one URL configuration option?
The extension could extract embedded credentials from the URL and add them as Authorization Headers to the request instead, right?

@danielnaber
Copy link
Member

How do I secure my server if my clients (extensions) only provide one URL configuration option?

I don't think this is supported. Maybe you could map the service to a secret URL like /hsdfosrgwr23dd/v2 instead of just /v2?

@danielnaber danielnaber mentioned this issue Jan 1, 2023
Closed
@MrCybertux MrCybertux mentioned this issue Sep 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
browser-add-on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielnaber @DaniSchenk