Jon Hadley
Jon Hadley

Reputation: 5296

Chrome fails to show http authentication window

I am developing a Drupal site, within which is a page with an iframe, displaying an external SQL Reporting server driven site.

This iframed site is protected on by HTTP authentication. In all browsers, apart from Chrome, when the page is viewed, the browser driven login box pops up.

In Chrome (Windows & OS X), no login box appears and I get an immediate 401 error from the SQL Reporting Server. I've cleared cache's and even tried on a fresh chrome installation on a VM.

The above method works fine on the clients existing live site, which is ASP driven. Other than CMS technology, the only other obvious difference is domains.

The working live site is referencing a sub domain of itself in the iframe. The development site is referencing a completely different domain.

I've tried /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome -–allow-cross-origin-auth-prompt, which seems to make no difference.

Does Chrome have much tighter cross domain login rules? Or am I missing something else?

Upvotes: 5

Views: 15286

Answers (3)

Jesse
Jesse

Reputation: 1713

See http://www.chromium.org/administrators/policy-list-3#AllowCrossOriginAuthPrompt for the policy that can be set versus using flags.

On Windows this can be set via the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. See http://www.chromium.org/administrators/policy-templates for more information.

Upvotes: 1

Karl Adler
Karl Adler

Reputation: 16836

To switch the (in my mind stupid) security-feature off set Browser flag:

--allow-cross-origin-auth-prompt

In Linux close all Browser Instances and type in terminal:

chromium-browser --allow-cross-origin-auth-prompt

For Windows, Mac, Android... take a look here: http://www.chromium.org/developers/how-tos/run-chromium-with-flags

Upvotes: 1

jloper3
jloper3

Reputation: 384

According to the devs at chromium, this was an intentional change to protect against phishing attacks. If you say the prod sites reference the same domain, you shouldn't have any issues. http://code.google.com/p/chromium/issues/detail?id=91814

Upvotes: 5

Related Questions