Content
View differences
Updated by Wieland Lindenthal about 1 year ago
### Steps to reproduce
1. Set a session timeout of 5 minutes in [admin settings](https://openproject.local/admin/settings/authentication)
2. Go to a meeting page (/projects/:slug/meetings/:id)
3. Suspend your computer (e.g. close laptop lid) for at least 5 minutes
4. Resume computer and open meetings tab, wait a bit
### What is the buggy behavior?
The browser shows a pop-up to enter username and password (not an OpenProject login form, a browser pop-up).
### What is the expected behavior?
No UI feedback. That might look surprising but there are far too many reasons why Weak expectations. Any of:
* Redirecting user to login form (careful: is data-loss possible this way?)
* Showing an error could appear message that are only temporary, like network outages or server redeployments. Then it is even annoying that a rather low prio meeting can't be polled in the background polling has a permanent effect on the front-end, e.g. an error flash message. I believe we simply swallow this kind of errors.
* no UI feedback
### Technical notes (Root Cause)
The cause of this seems to be, that the frontend code polling `/projects/:slug/meetings/:id/check_for_updates` does not include the `X-Authentication-Scheme: Session` header. All other frontend requests we do, include this header. It is used to guide the server's response in the `WWW-Authenticate` header, which the user interprets to decide whether a login form should be shown or not.
The root cause might be the same as for #64091.
### Screenshots
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/605017/content">
1. Set a session timeout of 5 minutes in [admin settings](https://openproject.local/admin/settings/authentication)
2. Go to a meeting page (/projects/:slug/meetings/:id)
3. Suspend your computer (e.g. close laptop lid) for at least 5 minutes
4. Resume computer and open meetings tab, wait a bit
### What is the buggy behavior?
The browser shows a pop-up to enter username and password (not an OpenProject login form, a browser pop-up).
### What is the expected behavior?
No UI feedback. That might look surprising but there are far too many reasons why
* Redirecting user to login form (careful: is data-loss possible this way?)
* Showing an
* no UI feedback
The cause of this seems to be, that the frontend code polling `/projects/:slug/meetings/:id/check_for_updates` does not include the `X-Authentication-Scheme: Session` header. All other frontend requests we do, include this header. It is used to guide the server's response in the `WWW-Authenticate` header, which the user interprets to decide whether a login form should be shown or not.
The root cause might be the same as for #64091.
### Screenshots
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/605017/content">