[GH-ISSUE #232] Using BasicAuth causes Shiori UI to not show up in Safari (blocked cross-origin request) #174

New issue

Closed

opened 2026-02-25 23:33:37 +03:00 by kerem · 3 comments

kerem commented 2026-02-25 23:33:37 +03:00

Owner

Copy link

Originally created by @Pixtriks on GitHub (Feb 15, 2020).
Original GitHub issue: https://github.com/go-shiori/shiori/issues/232

When running Shiori behind Traefik and BasicAuth the following errors pop-up in the Safari inspector:

[Error] Blocked https://example.com/js/component/bookmark.js from asking for credentials because it is a cross-origin request.
[Error] Blocked https://example.com/js/component/pagination.js from asking for credentials because it is a cross-origin request.
[Error] Blocked https://example.com/js/page/home.js from asking for credentials because it is a cross-origin request.
[Error] Blocked https://example.com/js/component/dialog.js from asking for credentials because it is a cross-origin request.
[Error] Blocked https://example.com/js/page/setting.js from asking for credentials because it is a cross-origin request.
[Error] Blocked https://example.com/js/page/base.js from asking for credentials because it is a cross-origin request.

These errors cause the UI to not work on macOS and iOS Safari.
The issue does not occur when using Firefox. Tested on macOS 10.15.2 and iOS 13.3.

This may be related: https://stackoverflow.com/questions/56557082/safari-blocked-https-from-asking-for-credentials-because-it-is-a-cross-o

Originally created by @Pixtriks on GitHub (Feb 15, 2020). Original GitHub issue: https://github.com/go-shiori/shiori/issues/232 When running Shiori behind Traefik and BasicAuth the following errors pop-up in the Safari inspector: ``` [Error] Blocked https://example.com/js/component/bookmark.js from asking for credentials because it is a cross-origin request. [Error] Blocked https://example.com/js/component/pagination.js from asking for credentials because it is a cross-origin request. [Error] Blocked https://example.com/js/page/home.js from asking for credentials because it is a cross-origin request. [Error] Blocked https://example.com/js/component/dialog.js from asking for credentials because it is a cross-origin request. [Error] Blocked https://example.com/js/page/setting.js from asking for credentials because it is a cross-origin request. [Error] Blocked https://example.com/js/page/base.js from asking for credentials because it is a cross-origin request. ``` These errors cause the UI to not work on macOS and iOS Safari. The issue does not occur when using Firefox. Tested on macOS 10.15.2 and iOS 13.3. This may be related: https://stackoverflow.com/questions/56557082/safari-blocked-https-from-asking-for-credentials-because-it-is-a-cross-o <img width="985" alt="Capture d’écran 2020-02-15 à 17 31 58" src="https://user-images.githubusercontent.com/6831735/74591563-33b31400-5019-11ea-8307-ffda7fb097b6.png"> <img width="1240" alt="Capture d’écran 2020-02-15 à 17 31 19" src="https://user-images.githubusercontent.com/6831735/74591564-36ae0480-5019-11ea-97fe-1f1d1fa587ac.png">

kerem 2026-02-25 23:33:37 +03:00

• closed this issue
• added the
  component:backend
  tag:help-wanted
  tag:stale
  tag:more-info
  labels

kerem commented 2026-02-25 23:33:37 +03:00

Author

Owner

Copy link

@Pixtriks commented on GitHub (Feb 21, 2020):

The same issue occurs while using traefik-forward-auth in combination with an OpenID Connect provider. It looks like Shiori is having difficulties with handeling the authentication token/cookie. Maybe something can be changed in the way the JavaScript code requests these files?

<!-- gh-comment-id:589832905 --> @Pixtriks commented on GitHub (Feb 21, 2020): The same issue occurs while using traefik-forward-auth in combination with an OpenID Connect provider. It looks like Shiori is having difficulties with handeling the authentication token/cookie. Maybe something can be changed in the way the JavaScript code requests these files?

kerem commented 2026-02-25 23:33:37 +03:00

Author

Owner

Copy link

@deanishe commented on GitHub (Aug 6, 2020):

Could you please post the full request from the web inspector? It sounds like Traefik might be sending headers that are telling the browser not to allow Shiori.

<!-- gh-comment-id:670231974 --> @deanishe commented on GitHub (Aug 6, 2020): Could you please post the full request from the web inspector? It sounds like Traefik might be sending headers that are telling the browser not to allow Shiori.

kerem commented 2026-02-25 23:33:37 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (Mar 31, 2022):

This issue has been automatically marked as stale because it has not had any activity for quite some time.
It will be closed if no further activity occurs.
Thank you for your contributions.

<!-- gh-comment-id:1084798056 --> @stale[bot] commented on GitHub (Mar 31, 2022): This issue has been automatically marked as stale because it has not had any activity for quite some time. It will be closed if no further activity occurs. Thank you for your contributions.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/all-ad9dc7761f

dependabot/github_actions/all-7ab03d418b

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

feat/bookmarks-api-v1

dependabot/npm_and_yarn/webapp/npm_and_yarn-7372c7abf2

deps/update202509

feat/pdf-archiver

feat/apiv1/tags

release/v1.7

fix/thumbnail-cache

gh-pages

fix/openbsd-test-speed

release/v1.6.1

release/v1.6.0

fmartingr/windows-tests

afero-removal

ci/windows-macos

feat/cookie-auth

webroot-support-new-server

fix/secret-key-makefile

frontend-jwt-auth

fmartingr/issue663

fix/remove-tag-package-name

fmartingr/issue455

fix/delete-pr-tags

feat/cross-api-authentication

feat/api-v1-to-master

release/v1.5.5

feat/api-next

release/v1.5.5-rc.2

deps/go-1.20

fix/bookmark-update

draft/gorm

v1.8.0

v1.8.0-rc.1

v1.7.4

v1.7.3

v1.7.2

v1.7.2-rc.1

v1.7.1

v1.7.0

v1.7.0-rc.3

v1.7.0-rc.2

v1.7.0-rc.1

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc.7

v1.6.0-rc.6

v1.6.0-rc.5

v1.6.0-rc.4

v1.6.0-rc.3

v1.6.0-rc.2

v1.6.0-rc.1

v1.5.5

v1.5.5-rc.2

v1.5.5-rc.1

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.0

v0.9

Labels

Clear labels   

component:backend

  

component:builds

  

component:builds

  

component:extension

  

component:frontend

  

component:readability

  

database

  

database:mysql

  

database:postgres

  

database:sqlite

  

feature:ebooks

  

github_actions

  

good first issue

  

hacktoberfest

  

note:duplicate?

  

note:fixed?

  

note:out-of-scope?

  

os:windows

  

priority:high

  

priority:low

  

pull-request

Mirrored from GitHub Pull Request

  

resolution:as-intended

  

resolution:cant-reproduce

  

resolution:duplicate

  

resolution:fixed

  

resolution:wontfix

  

tag:TBD

  

tag:big-task

  

tag:help-wanted

  

tag:huge-data

  

tag:meta

  

tag:more-info

  

tag:next

  

tag:no-stale

  

tag:requires-migrations

  

tag:research

  

tag:security 🛡️

  

tag:stale

  

tag:waiting-for-assignee

  

type:bug

  

type:documentation

  

type:enhancement

  

type:meta

  

type:ux

  

user:cli

  

user:web

No labels

component:backend

component:builds

component:builds

component:extension

component:frontend

component:readability

database

database:mysql

database:postgres

database:sqlite

feature:ebooks

github_actions

good first issue

hacktoberfest

note:duplicate?

note:fixed?

note:out-of-scope?

os:windows

priority:high

priority:low

pull-request

resolution:as-intended

resolution:cant-reproduce

resolution:duplicate

resolution:fixed

resolution:wontfix

tag:TBD

tag:big-task

tag:help-wanted

tag:huge-data

tag:meta

tag:more-info

tag:next

tag:no-stale

tag:requires-migrations

tag:research

tag:security 🛡️

tag:stale

tag:waiting-for-assignee

type:bug

type:documentation

type:enhancement

type:meta

type:ux

user:cli

user:web

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/shiori#174

No description provided.