serviceworker causes basic auth dialog to not show on subsequent visits

[peterholak]

Affects all versions since the serviceworker was introduced presumably, including 1.10.0+dev-232-gf1c414882.

Problem:

• Run gitea behind any kind of reverse proxy (e.g. nginx) with configured basic auth (in nginx).
• Visit it in browser - the auth dialog will be displayed, enter credentials.
• Close the browser.
• Reopen the browser, visit the page again.
• It shows the "401 Unauthorized" page, without displaying the basic auth dialog - even though the WWW-Authenticate header was sent. In Chrome, refreshing the page with F5 doesn't work. Only pressing Ctrl+Shift+R (not possible on mobile obviously) causes the auth dialog to pop up again.

Seems to be related to the PWA / service worker feature. There is plenty of info on this issue on the web, googling serviceworker basic auth shows many relevant results.

Older versions of gitea (tested with 1.6, see below) didn't suffer from this problem, due to not having the PWA feature.

The issue can be reproduced by using the docker-compose file at https://gist.github.com/peterholak/317f4ca1827672aa231c7114a19149b5. After running docker-compose up, the page at localhost:8004 (latest version of gitea from docker hub) suffers from the described problem, while the page at localhost:8005 (version 1.6) does not. (The credentials are user hello, password world.)

If this is not easy to solve, it would be nice to at least be able to disable the PWA in config.

[lunny]

PWA should be allowed to be disabled by user.

[silverwind]

Please retest on master, it might be fixed because the new serviceworker implementation intercepts less.