rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: SamePaul on September 30, 2010, 05:13:25 PM
-
I'm adopting HFS template to use on mobile browser and encountered some strange quirk.
Some browsers consider path during authentication, so if you authenticate at http://server/some/folder/~login you become logged in for http://server/some/folder/ and deeper. But if after authentication you go to http://server/some/ or http://server/some/other/folder you suddenly discover that browser does not send "Authorization" header anymore. Usually it is not problem, as by default you log in at root folder, i.e. at http://server/~login and hence become logged in for the whole HFS tree. But unfortunately Android browser considers "~login" part as folder, so when after successful authentication you are redirected back to root folder you become unauthorized again. So you are effectively unable to login.
So either you have to restrict access to whole site and thus making anonymous access impossible.
Another solution, which is not available yet, would be to modify HTTP response code within template and switch to corresponding error section like [not found] [overload] [deny] etc.
For example, within template I could inspect protocol (http, https), cookie or any other condition, and then require user authentication accordingly by setting HTTP code to "401 Unauthorized".
Something like
[]
{.if not|{.header|Authorization.}| {: {.http-error|401.} :} .}
<!DOCTYPE...
In this example HFS would set HTTP code to 401 and jumps to [unauthorized] section.
This macro can have optional parameter "no-switch"
{.http-error|401|no-switch.}and in this case HFS just updates error code, but continues to process template normally, i.e. to <!DOCTYPE... and so on.
{.http-error|200|no-switch.}is great example of doing nothing :)
-
Some idea just came up.
Maybe HFS needs additional authentication signal. Something that looks like parameter to browser. Lets say, instead of http://server/~login use something like http://server/?mode=login
Anyway "mode" parameter is used heavily in default template, so here is new meaning. It would solve just my immediate problem, but it seems a lot easier to implement... and who said that we always should solve problems globally? :)
-
I think this applies to many browsers (or it it did in the past), not just Android.
It looks like what has been discussed before
Rejetto's comments
http://www.rejetto.com/forum/index.php/topic,6843.msg1042365.html#msg1042365
http://www.rejetto.com/forum/index.php/topic,7305.0.html
There is a very effective HFS based work around, but last I read from Rejetto, no real HFS based solution?
-
well, Windows versions of FireFox, Chrome and Opera do not have this limitation. Other browsers/platforms I didn't check.
Actually I find this behavior correct - if you become authenticated for some subtree it should not make authenticated to whole tree
I've read both threads but can't say I found "very effective workaround". Can you explain, please?
-
This has all been some time ago, and perhaps applies only to me
and few others, but as I remember it.....
Login below root level caused error with macros like these (user dependant)
if the macro was in a different subdirectory other than the one
logged in on. This did apply to, IE, Opera and Firefox, as well as others tested.
{.if not | {.match|user1;user2|%user%.}| {:{.$error.}:} |
{.if|{.member of|admin-group.}|
I have public web pages with a link to log in to my secure server,
which also has https via stunnel.
Web site address (published public address)
http://MYADDRESS.no-ip.org:PORT/
Server address link
https://MYADDRESS.no-ip.org/~login (which after log in, user is re-directed
to /Gateway folder/ by HFS in accounts/groups) The Gateway folder contains
all secure server content as sub directories.
Use of "List protected items only for allowed users" further enhances desired user access.
In this way a user is always logged in at root level?
Actually, use of /Gateway folder/ and HFS account redirect probably solved that problem.
Logical vfs configuration solves many problems :)