Comments (8)
Ok, I think I managed to replicate the issue on different environments.
Basically I have password protection using basic auth on my site via this module https://github.com/nabehiro/HttpAuthModule
I have parts of the site whitelisted from password protection, including any backend urls, like those beginning with /sitecore or /-/
When I have not entered the basic auth creds in the browser for the front-facing site, I'm able to trigger downloads from the ListView or Out-Download.
However, after I entered the basic auth creds in the same browser but different tab, I get the 404 error when triggering the download. Somehow it seems like there's a 302 redirect to a 404 page..
I realised I missed out this warning from the SPE logs:
A request to the handleDownload service could not be completed because the provided credentials are invalid
Comparing the headers of the errored handler request with the one without error, the one that's doing a 302->404 redirect has an additional 'www-authenticate:' in the response headers and 'authorization' in the request headers from the basic auth creds.
Seems related to #1203?
When I implemented the following code in web.config, the download works whether or not I entered basic auth creds, but this seems kinda nuclear lol.
<location path="-/script/handle">
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="www-authenticate:" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
So any ideas on how to fix this?
from console.
As seen in the documentation, most of the services are disabled by defaults. You can enable the handle endpoint if you want to be able to download from the UI provided by SPE.
The error message you pointed out from the log file is the key indicator that the service is disabled.
In short, this is by design and there's nothing to fix but rather configure.
from console.
Read more about it here: https://doc.sitecorepowershell.com/security#configure-web-services
from console.
Hmmm I'm running the code through the SPE ISE though?
Documentation link looks like it's for accessing outside of Sitecore..
Also, I'm able to trigger the Out-Download as long as I do not enter any basic auth creds in my site.
However, when I entered basic auth creds in the same window (hence resulting in the response header having a "www-authenticate:" for the domain), the Out-Download now fails.
from console.
If you are testing this locally you can try the "Shields Down" config to see if everything starts working. Can you tell me the outcome of that?
from console.
Yes, I already have that config in my local and same issue when I entered basic auth creds.
from console.
Ok an update, apparently removing name="www-authenticate:" from web.config did not affect my headers. Had to implement the script workaround in #1203 (comment) instead with extra line req.setRequestHeader("Authorization", "");
below req.open("GET", url, true);
, no web.config changes needed.
from console.
This seems like it was handled and, the issue also appears to be stale.
from console.
Related Issues (20)
- Sitecore 10.2 - Type initializer exception when executing script via WebAPI HOT 4
- 'System.Management.Automation.dll' reference
- Reports - Find Audit Trail from logs HOT 1
- Executing Receive-RemoteItem (Remoting) cause an error in Sitecore 10.3 HOT 1
- Package creation with -recurse childitems HOT 1
- Update-ItemReferrer Not working throwing unexpected error. HOT 2
- In Sitecore we could'nt able to unlock the item other than English version if we have global content manager role HOT 3
- It is not possible to search for scripts in the "Open" dropdown in ISE. HOT 1
- ISE Plugin "Scripts Containing" does not work most of the time HOT 1
- Script execution results should be less in-the-way
- NullReferenceException occurs when trying to accept VersionAddedNotification via PowerShell in Sitecore HOT 1
- The ability to open multiple scripts in tabs in a single ISE HOT 1
- Make "webedit:script" and "item:executescript" accept parameter aliases so it's less problematic to call them
- Add example of Experience Editor notification with an action button executing script HOT 1
- It should be possible to execute PowerShell Script Runner dialog and get script result back as dialog value
- Ribbon collapse button should work as intended HOT 1
- Sitecore 10.4 HOT 4
- Sitecore Powershell Script Elevated Unlock button is unlocking only English pages, for non-English Pages just showing running script but not unlocking items HOT 1
- Add ability to send deferred sheer messages and execute javascript to make it possible to e.g. refresh the content editor tree post script execution HOT 3
- DoubleClick on item in ListView does not run default action as intended but instead throws an error. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from console.