RPC APIs prevalently require some kind of authentication, often HTTP Basic Auth.
It's currently not even possible to test RPCs and their OpenRPC descriptions:
{
"jsonrpc": "2.0",
"id": 0,
"error": {
"message": "Window.fetch: http://dummy-user:test-password@localhost/rpc is an url with embedded credentials."
}
}Well, yes it is! What's the error?!?
I do understand that it's Window.fetch acting up, and OpenRPC Playground merely provides context. This seems to be a relatively recent issue with browsers: https://medium.com/@lmakarov/say-goodbye-to-urls-with-embedded-credentials-b051f6c7b6a3
Any workarounds? Did I miss the user/password fields in Add transport dialogs?
Removing the dummy-user:test-password@ from the URL just produces NetworkError when attempting to fetch resource. — the RPC call I'm trying to make is never made (i.e. not even a 401 error).
Repro steps
- This nginx snippet:
location /rpc {
auth_basic "This API required authentication.";
auth_basic_user_file /tmp/test.htpasswd;
try_files /dev/null =418;
}
printf "dummy-user:$(openssl passwd -apr1 test-password)\n" > /tmp/test.htpasswd- Try to invoke any OpenRPC method, e.g.
list_pets (doesn't matter) from the Inspector to http://localhost/rpc
Expected behavior
There is a way to test Basic Auth'd RPC endpoints.
Actual behavior
No working way exists.
Desktop
- OS: Linux
- Browser: Firefox 78.0.2
- Browser: Brave Version 1.9.76 Chromium: 81.0.4044.138
RPC APIs prevalently require some kind of authentication, often HTTP Basic Auth.
It's currently not even possible to test RPCs and their OpenRPC descriptions:
{ "jsonrpc": "2.0", "id": 0, "error": { "message": "Window.fetch: http://dummy-user:test-password@localhost/rpc is an url with embedded credentials." } }Well, yes it is! What's the error?!?I do understand that it's
Window.fetchacting up, and OpenRPC Playground merely provides context. This seems to be a relatively recent issue with browsers: https://medium.com/@lmakarov/say-goodbye-to-urls-with-embedded-credentials-b051f6c7b6a3Any workarounds? Did I miss the user/password fields in
Add transportdialogs?Removing the
dummy-user:test-password@from the URL just producesNetworkError when attempting to fetch resource.— the RPC call I'm trying to make is never made (i.e. not even a 401 error).Repro steps
printf "dummy-user:$(openssl passwd -apr1 test-password)\n" > /tmp/test.htpasswdlist_pets(doesn't matter) from the Inspector tohttp://localhost/rpcExpected behavior
There is a way to test Basic Auth'd RPC endpoints.
Actual behavior
No working way exists.
Desktop