Bug #83741

HTTP Basic Authentication credentials in Google Chrome 64 not transfered to AJAX calls in d3.js

Added by Marco Huber over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend JavaScript
Target version:
Start date:
2018-01-31
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Our project is protected by a HTTP Basic Authentication and we have to enter the username/password on every d3.json() call in Google Chrome. In TYPO3 8.7 this function is called in the SvgTree.js to build the tree in the tt_content/categories field, in TYPO3 9.x it's called for every(?) tree.

This is a bug in the d3.js (4.10) library, but it affects every TYPO3 8.7 and 9.x. An Update to d3.js 4.13 doesn't help and in d3.js 5.0 there is a similar issue.

https://github.com/d3/d3-request/issues/33
https://github.com/d3/d3-fetch/issues/10

A dirty workaround would be, to set the credentials with some javascript workaround. But I'm not sure if this is the right way. Berhaps the d3.js developers have some ideas on github.


Files

d3.png (101 KB) d3.png Peter Kraume, 2018-01-31 16:16

Related issues

Related to TYPO3 Core - Feature #76108: Refactor Category tree to be based on SVGClosedTymoteusz Motylewski2016-05-10

Actions
Related to TYPO3 Core - Task #93186: Use AjaxRequest instead of broken d3.requestClosed2020-12-30

Actions
#1

Updated by Peter Kraume over 3 years ago

The problem that Marco described started with Google Chrome 64 which had some changes regarding the handling of basic auth credentials in URLs.
Attached is a screenshot which shows the problem.

#2

Updated by Peter Kraume over 3 years ago

  • Category set to Backend JavaScript
#3

Updated by Peter Kraume over 3 years ago

How to reproduce:

TYPO3 8.7:
  • add basic auth protection to the TYPO3 backend or the whole site
  • use at least Google Chrome 64
  • try to add/edit a content element or page properties
    => you're directly prompted for credentials again
TYPO3 9.x
  • add basic auth protection to the TYPO3 backend or the whole site
  • use at least Google Chrome 64
  • try to open any module that contains the page tree or try to refresh the page tree
    => you're directly prompted for credentials again
#4

Updated by Marco Huber over 3 years ago

  • Related to Feature #76108: Refactor Category tree to be based on SVG added
#6

Updated by Mathias Schreiber over 3 years ago

  • Description updated (diff)
#7

Updated by Tymoteusz Motylewski over 3 years ago

One solution would be to migrate to v5 and change the d3.json (swicthing also request component from d3-request to d3-fetch where you can pass configuration options like

d3.json("path/to/file.json", {credentials: "include"});

Another solution would be to patch d3 manually like in my pull request:
https://github.com/d3/d3-request/pull/34/files

#8

Updated by Gerrit Code Review over 3 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55534

#9

Updated by Tymoteusz Motylewski over 3 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#10

Updated by Peter Kraume over 3 years ago

What needs to be done to backport this patch for TYPO3 8.7 as well? On Feb 6th, the next patch release for TYPO3 8.7 is scheduled and it would be great to have this patch in the next release!

#11

Updated by Susanne Moog over 3 years ago

  • Target version set to 8.7.10
#12

Updated by Susanne Moog over 3 years ago

  • Status changed from Resolved to Accepted

Backport still missing

#13

Updated by Gerrit Code Review over 3 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55559

#14

Updated by Gerrit Code Review over 3 years ago

Patch set 2 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55559

#15

Updated by Gerrit Code Review over 3 years ago

Patch set 3 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55559

#16

Updated by Tymoteusz Motylewski over 3 years ago

  • Status changed from Under Review to Resolved
#17

Updated by Benni Mack over 2 years ago

  • Status changed from Resolved to Closed
#18

Updated by Benjamin Franzke 5 months ago

  • Related to Task #93186: Use AjaxRequest instead of broken d3.request added

Also available in: Atom PDF