更改基本的HTTP身份验证领域和登录对话框消息

huangapple go评论88阅读模式
英文:

Change Basic HTTP Authentication realm and login dialog message

问题

我想要更改在实施基本身份验证期间弹出的消息。当前的默认消息是:

更改基本的HTTP身份验证领域和登录对话框消息

> 服务器需要用户名和密码。

对我来说更准确的消息是:
> 服务器需要电子邮件和密码。

我的问题是,我找不到或者不知道这个消息是在哪里设置的,是否可以更改。大部分在线上的问题都是关于基本身份验证的实现,但这不是我的问题——我可以很好地实现它。我只需要一个更准确的响应给用户。

以下是我如何使用echo强制身份验证窗口的示例代码:

c.Response().Header().Set(echo.HeaderWWWAuthenticate, `Basic realm="Your Email is your Username"`)
return echo.ErrUnauthorized

注意:只有Firefox显示领域消息。Chrome和Opera都不显示。

英文:

I want to change the message that pops up during implementation of Basic Auth.The current default message is:

更改基本的HTTP身份验证领域和登录对话框消息

> Server requires a username and password.

Something that would be more accurate for me is :
> Server requires an Email and Password.

My problem is that i can't find or don't know where this message is set and if it can be changed. Most of the questions online are about Basic Auth implemention but this is not my problem -- i can implement it very fine. I just need a more accurate response for the user.

Here is how i force an authentication window using echo:

c.Response().Header().Set(echo.HeaderWWWAuthenticate, `Basic realm="Your Email is your Username"`)
return echo.ErrUnauthorized

NB: Only Firefox shows the realm message. Both Chrome and Opera do not.

答案1

得分: 7

这与Go语言无关,实际上与浏览器在接收该标头时的行为有关。

看起来Chrome/Chromium在这方面存在已知问题,与开发团队认为该功能不安全有关,所以我认为除非您采用其他身份验证机制,否则无法在您的端解决此问题。

请参阅以下链接获取更多详细信息:

https://bugs.chromium.org/p/chromium/issues/detail?id=544244#c32

英文:

This is not related to Go but actually to browser behaviour when receiving that header.

It seems Chrome/Chromium has a known issue with this related to the feature not considered secure by the development team, so I don't think you'd be able to fix it on your side unless you resort to some other authentication mechanism.

See here for more details:

https://bugs.chromium.org/p/chromium/issues/detail?id=544244#c32

答案2

得分: 3

谢谢您的回复,但它们并不令人满意。我不得不在这个主题上进行一些阅读。

正确的答案是登录提示/对话框是用户代理/浏览器内置的响应,服务器无法更改。这也解释了为什么一些浏览器显示领域而其他浏览器则不显示。

根据维基百科的基本访问身份验证,服务器所做的只是:

> 当服务器希望用户代理向服务器进行身份验证时,它必须对未经身份验证的请求做出适当的响应。
>
> 未经身份验证的请求应返回一个包含HTTP 401未经授权状态[4]和WWW-Authenticate字段[5]的响应头。
>
> 基本身份验证的WWW-Authenticate字段(最常用)构造如下:
>
> WWW-Authenticate: Basic realm="User Visible Realm"

英文:

Thanks for the responses but they were not satisfactory. I had to do some reading on this topic.

The correct answer is that the login prompt/dialog is a response built into the user-agent/browser and cannot be changed by the server. This also explains why some browsers show realm while others don't.

According to Wikipedia Basic access authentication all the server does is:

> When the server wants the user agent to authenticate itself towards the server, it must respond appropriately to unauthenticated requests.
>
>Unauthenticated requests should return a response whose header contains a HTTP 401 Unauthorized status[4] and a WWW-Authenticate field.[5]
>
>The WWW-Authenticate field for basic authentication (used most often) is constructed as following:
>
>WWW-Authenticate: Basic realm="User Visible Realm"

huangapple
  • 本文由 发表于 2017年8月14日 09:22:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/45666306.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定