0002707: Times out if server requires login and does not accept second connection

MantisBT - NetSurf
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0002707	NetSurf	Core-specific	public	2019-10-07 21:38	2020-05-27 09:16

Reporter	Greg Cook
Assigned To	Daniel Silverstone
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Platform		OS	RISC OS	OS Version	5.19
Product Version	3.9
Target Version	3.10	Fixed in Version	3.10
Fixed in CI build #	4874
Reported in CI build #	4862
URL of problem page

Summary	0002707: Times out if server requires login and does not accept second connection
Description	NetSurf times out and does not retrieve a page if an HTTP server asks for a login (WWW-Authenticate: Basic), and the user provides one, but the server does not accept a second connection from NetSurf. To cause this the server must: - return 401 Unauthorized unless authentication is given; - be single-threaded; - serve keep-alive connections. Note: this is a likely configuration for Web interfaces in embedded devices. Reproducible: Always. Persists until NetSurf has taken the user's credentials and either (a) it has successfully displayed a page or (b) the first connection has been broken.
Steps To Reproduce	1. Set up an HTTP server as described. (Perl code based on the perlipc(1) manual page is included in the log file, tested in Linux and under MinGW in Windows.) 2. Open a NetSurf browser and enter the following in the URL bar: http://<host>:<port>/ where <host> and <port> are replaced by the server host address and TCP port, respectively. 3. NetSurf displays an "Authentication Requested" page. Enter an appropriate login in the input boxes, then click "Login". Actual result: The cursor-with-hourglass appears and the throbber animates. After 3 minutes, a dialog box appears: Warning from NetSurf: Unknown Expected result: NetSurf should reuse the idle connection and display the requested page.
Additional Information	Workarounds: (a) 1. Attempt to log in, then wait until NetSurf times out. 2. Break the connection to the server. 3. Reconnect to the server. 4. Subsequent requests are displayed as normal. (b) 1. Run a temporary multi-threading or connection-closing HTTP server on the same host and port, requiring authentication. 2. Open NetSurf and log in to the temporary server. 3. Stop the temporary server and run the offending server. 4. Subsequent requests are displayed as normal. At the bottom of the log file is sample Perl code for a server that exercises the bug. Can also be demonstrated by: perl -T httpdir.pl -k -u foo -x bar
Tags	No tags attached.
Relationships
Attached Files	Log.txt (41,026) 2019-10-07 21:38 https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=624&type=bug

Notes

Date Modified	Username	Field	Change
Issue History

2019-10-07 21:38	Greg Cook	New Issue
2019-10-07 21:38	Greg Cook	File Added: Log.txt
2019-10-15 13:47	Vincent Sanders	Status	new => confirmed
2019-10-15 13:47	Vincent Sanders	Category	General => Core-specific
2019-10-16 22:28	Daniel Silverstone	Note Added: 0002105
2019-10-21 10:05	Daniel Silverstone	Assigned To	=> Daniel Silverstone
2019-10-21 10:05	Daniel Silverstone	Status	confirmed => resolved
2019-10-21 10:05	Daniel Silverstone	Resolution	open => fixed
2019-10-21 10:05	Daniel Silverstone	Fixed in Version	=> 3.10
2019-10-21 10:05	Daniel Silverstone	Target Version	=> 3.10
2019-10-21 10:05	Daniel Silverstone	Fixed in CI build #	=> 4874
2019-10-21 10:05	Daniel Silverstone	Note Added: 0002107
2020-05-27 09:16	Vincent Sanders	Status	resolved => closed
2020-05-27 09:16	Vincent Sanders	Note Added: 0002238