Can no longer access to server with basic HTTP authentication

[spreiter]

My Setup

• Operating System: macOS 10.14.6
• App Version: 3.0.4
• Installation type: dmg &
• App Version: 3.0.3
• Installation type: app Store

• [x] I have tested with the latest version
• [x] I can simulate the issue easily

Description

After the update (first via App Store), both servers are not connected anymore. Server list lost?

Entering the url using https://username:[email protected] results in "No valid server found at the URL" Entering the url with https://xxx.org results in "Validating..." being stuck.

-> No subfolder used!

Using username and password of the HTTP authentication works with version 2.17.11

I also tried to add the server to the config.json file as recommended in #1796 without success.

Current Behavior

Does not connect

Expected Behavior

Does connect.

[freddydopfel]

I am also encountering this issue. Was trying to find a way to downgrade my MacOS clients to 2.17.9 to get them working again.

[spreiter]

The issue persists after upgrade to macOS 10.15 and macOS 11.

Also using the new release 3.1.0, nothing changed...

[spreiter]

Unfortunately still the same with version 3.2 (.1/.2).

[spreiter]

Since nothing changed on this topic, this comment is just to bump the issue 😉

At least entering the URL without username and password does not result in the process being stuck. But entering the URL with credentials still results in "No valid server found at the URL"

[spreiter]

Once again, bumping.

Still the same situation in version 3.5.

[MartinHenselHLL]

This problem still persists in client version 3.7.1 (tested on Windows).

To elaborate further, the following error seems to be the cause (from DevTools -> Console, credentials and server address redacted): 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1337 Uncaught (in promise) TypeError: Failed to execute 'fetch' on 'Window': Request cannot be constructed from a URL that includes credentials: https://user:[email protected]/__meteor__/dynamic-import/fetch at i (6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1337) at 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1337 at 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1 i @ 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1337 (anonymous) @ 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1337 (anonymous) @ 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1 await in (anonymous) (async) a @ 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1 u @ 6823d82bbf984f80d3bbcb33799f26c97653a8df.js?meteor_js_resource=true:1 [server.url-1640080058484.log](https://github.com/RocketChat/Rocket.Chat.Electron/files/7751326/server.url-1640080058484.log)

The full log is attached server.url-1640080058484.log .

[Giovannilamotta]

Same problem here

[fundor333]

Same problem here

[spreiter]

Even though I did not expect any changes, version 3.8.16 is still not capable of connection through basic HTTP authentication. :(

[nicolas-guerrier]

Same issue here (on Linux)

[preeesha]

I believe it's for security concerns that it's disabled.

@jeanfbrito should we allow it?

[spreiter]

I believe it's for security concerns that it's disabled.

@jeanfbrito should we allow it?

I just found this info from Mozilla^1, where it is stated that the feature is deprecated and removed in Chromium. I was not aware of this fact!

I know that this authentication is maybe not preferred, but it prevents web crawlers to index the page.

[jeanfbrito]

This is not supported on Desktop App.