Chrome fails to show http authentication window

Jon Hadley picture Jon Hadley · Jan 18, 2012 · Viewed 9.7k times · Source

I am developing a Drupal site, within which is a page with an iframe, displaying an external SQL Reporting server driven site.

This iframed site is protected on by HTTP authentication. In all browsers, apart from Chrome, when the page is viewed, the browser driven login box pops up.

In Chrome (Windows & OS X), no login box appears and I get an immediate 401 error from the SQL Reporting Server. I've cleared cache's and even tried on a fresh chrome installation on a VM.

The above method works fine on the clients existing live site, which is ASP driven. Other than CMS technology, the only other obvious difference is domains.

The working live site is referencing a sub domain of itself in the iframe. The development site is referencing a completely different domain.

I've tried /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome -–allow-cross-origin-auth-prompt, which seems to make no difference.

Does Chrome have much tighter cross domain login rules? Or am I missing something else?

Answer

jloper3 picture jloper3 · Jan 18, 2012

According to the devs at chromium, this was an intentional change to protect against phishing attacks. If you say the prod sites reference the same domain, you shouldn't have any issues. http://code.google.com/p/chromium/issues/detail?id=91814