Chrome fails to show http authentication window

Question

I am developing a Drupal site, within which is a page with an iframe, displaying an external SQL Reporting server driven site.

This iframed site is protected on by HTTP authentication. In all browsers, apart from Chrome, when the page is viewed, the browser driven login box pops up.

In Chrome (Windows & OS X), no login box appears and I get an immediate 401 error from the SQL Reporting Server. I've cleared cache's and even tried on a fresh chrome installation on a VM.

The above method works fine on the clients existing live site, which is ASP driven. Other than CMS technology, the only other obvious difference is domains.

The working live site is referencing a sub domain of itself in the iframe. The development site is referencing a completely different domain.

I've tried /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome -–allow-cross-origin-auth-prompt, which seems to make no difference.

Does Chrome have much tighter cross domain login rules? Or am I missing something else?

Answer 1

According to the devs at chromium, this was an intentional change to protect against phishing attacks. If you say the prod sites reference the same domain, you shouldn't have any issues. http://code.google.com/p/chromium/issues/detail?id=91814

Answer 2

To switch the (in my mind stupid) security-feature off set Browser flag:

--allow-cross-origin-auth-prompt

In Linux close all Browser Instances and type in terminal:

chromium-browser --allow-cross-origin-auth-prompt

For Windows, Mac, Android... take a look here: http://www.chromium.org/developers/how-tos/run-chromium-with-flags

Answer 3

See http://www.chromium.org/administrators/policy-list-3#AllowCrossOriginAuthPrompt for the policy that can be set versus using flags.

On Windows this can be set via the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. See http://www.chromium.org/administrators/policy-templates for more information.