2

I have a problem with Basic Authentication. The server was an Apache httpd server 2.2.12 and I have created a location protected by basic auth:

<Location /basictest>
    AuthType Basic
    AuthName "BasicAuth di Test"
    AuthBasicProvider file
    AuthUserFile /etc/apache2/basictest.passwords
    Require valid-user
</Location>

In the password file /etc/apache2/basictest.passwords I have defined two:

user:password

pippo:pippo£
kanji:誰か確認上記これらのフ

If I test the access with Chrome (47.x) all works fine, but if I test the link with Firefox (43.x) or with Safari Web Browser on iOS(Safari/601.1) the authentication failed because the base64 encoding of user:password use a wrong character set (Windows-1252)! In Chrome test case the character set used was UTF-8

Chrome ---------> cGlwcG86cGlwcG/Cow==
Safari/FireFox -> cGlwcG86cGlwcG+j

In the meantime we waiting https://www.rfc-editor.org/rfc/rfc7617 implementations, can I force FireFox and Safari to use UTF-8 on base64 encryption as Chrome's behavior?

Community
  • 1
  • 1
mordillo123
  • 33
  • 5

1 Answers1

2

I dont sure if its a bug because browsers work with different encode/chars.

Already use UTF-8 anyway:

 - Opera 10  
 - Chrome

Uses a different encoding but has no problem with req param (so ASCII is still OK):

Firefox 1-4  (UTF-16 lower bytes)
Safari 4-5   (ISO-8859-1)
IE:Mac 5     (MacRoman)
IE 5-8       (CP_ACP)
IEMobile 6-8 (CP_ACP)
Netscape 4   (CP_ACP)
Opera 5      (CP_ACP)

https://bugzilla.mozilla.org/show_bug.cgi?id=41489#c90

About his doubts. The Basic authentication does not provide support for non-ISO-8859-1 characters.

You can try to convert the characters in .htaccess to UTF8, not tested, not sure if it works. How to change the default encoding to UTF-8 for Apache?

I recommend using another authentication method or create a login page.

If other colleagues have a better solution, please let me know.

Community
  • 1
  • 1
calraiden
  • 1,686
  • 1
  • 27
  • 37