Basic auth request (401) when _CONF_CHECK_ISSUE_UPDATE_CONFLICT is true

[iprok]

Hello!

I just updated redmine 4.1 to 5.0 with latest version of your plugin.
Redmine version: 5.0.4.stable
redmine_issue_dynamic_edit 0.9.1 (just cloned from master)

When any issue page is opened I'm getting basic authentication request. The user is already authorized in redmine. I think it's because links like myredmine/issues/9219.json requires the user to be authorized with "basic" http-authorization. If I enter my redmine login and password in this basic auth window, it works as usual.

The request that leads to 401 (I cut away some private info):

curl 'https://redmine.k.com/issues/9193.json' \
  -H 'authority: redmine.k.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: ru-RU,ru;q=0.9' \
  -H 'cookie: autologin=0418; _redmine_session=Znd45e' \
  -H 'dnt: 1' \
  -H 'sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36' \
  --compressed

The request that is answered with 200:

curl 'https://redmine.k.com/issues/9193.json' \
  -H 'authority: redmine.k.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: ru-RU,ru;q=0.9' \
  -H 'authorization: Basic aXA==' \
  -H 'cache-control: max-age=0' \
  -H 'cookie: autologin=04378; _redmine_session=T1bf' \
  -H 'dnt: 1' \
  -H 'sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: cross-site' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36' \
  --compressed

[pr-dtakac]

I have the same experience. When I open issue detail page, after few seconds http authentication window pops up.
It's related to this request:
https://my-hostname.com/issues/12345.json
Initiator:
https://my-hostname.com.com/plugin_assets/redmine_issue_dynamic_edit/javascripts/issue_dynamic_edit.js
It points to row number 307:

fetch(LOCATION_HREF + ".json", {
		method: 'GET',
		crossDomain: true,
	}).then(res => res.text()).then(data => {

Environment:
Redmine version 4.1.1.stable
Ruby version 2.3.3-p222 (2016-11-21) [x86_64-linux-gnu]
Rails version 5.2.4.2
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
SCM:
Git 2.30.2
Filesystem
Redmine plugins:
000_redmine_x_ux_upgrade 1.3.0
easy_mindmup 1.0
easy_wbs 1.5
redmine_agile 1.5.4
redmine_checklists 3.1.18
redmine_contacts 4.3.2
redmine_contacts_helpdesk 4.1.11
redmine_custom_css 0.1.7
redmine_default_assign 0.6
redmine_improved_searchbox 0.0.3
redmine_issue_dynamic_edit 0.9.1
redmine_issues_tree 0.0.14
redmine_people 1.6.0
redmine_questions 1.0.2
redmine_reporter 1.0.3
redmine_resources 1.0.4
redmine_wysiwyg_editor 0.27.1
redmine_zenedit 2.0.0
redmineup_tags 2.0.8

[danowar2k]

Same problem here on Redmine 4.2.8 on Ruby 2.7.6 with other plugins additionals 3.0.5.2 and additional_tags 1.0.4.

[alterdaemon]

same problem here on Redmine 4.2.8 on Ruby 2.7.2

[tiritchi]

Hi,
same issue here, redmine 4.2.5 with LDAP auth.

Hope it will be fixed soon :)

thx

[pbolle]

I have the same problem. It looks like the javascript has been changed to request /issues/51762.json instead of /issues/51762. The change triggers basic auth. The workaround in my case is that I use an older version. The git version that works for me is 750e602.

[Ilogeek]

Hope it will be fixed soon :)
@tiritchi

Code is here and PR are open
Let's go champ' !

Thank you @iprok and @pbolle for the complete and useful answer
Instead of loading the whole issue webpage which may be low if there are a lot of comments I wanted to use the Redmine REST API. It looks like auth is mandatory and give the mentioned issue.
Rolling back to 750e602 may fix the problem (rolling back the checkVersion function update)

[tiritchi]

Hope it will be fixed soon :)
@tiritchi

Code is here and PR are open Let's go champ' !

Thank you @iprok and @pbolle for the complete and useful answer Instead of loading the whole issue webpage which may be low if there are a lot of comments I wanted to use the Redmine REST API. It looks like auth is mandatory and give the mentioned issue. Rolling back to 750e602 may fix the problem (rolling back the checkVersion function update)

To much credit ^^ I would gladly if I known how to.

In the mean time I disabled the conflict check, and it's working. No more auth popup.

I'll patiently wait for you or the community to fix then :)
thanks for your work

[btmndkh]

Has the issue been resolved? When can we expect the fixed version to be released?

[slykereven]

Ok, fix deployed on my redmine and looks functional to me.

Well done @k41n , thanks a lot :)

[dalekgamma]

Can we get a fixed version for this issue? My org will not allow the use of patches/unofficial versions, and this is causing issues since we are also under pressure to disable basic auth.

[Ilogeek]

Last commit f4f2862 may resolve the issue by disabling JSON Redmine API call