{{ message }}
Web terminal: attempt automatic authentication before prompting#105059
Merged
Conversation
Previously the web terminal always opened with a 'Username:' / 'Password:' prompt (or, when embedded in an iframe without a URL-supplied user, waited silently for credentials via postMessage). For embedding scenarios where the default user has an empty password, this is unnecessary friction. Now the web terminal performs an initial connection attempt using the URL-supplied user (or 'default') with an empty password. If the server rejects it, the existing fallback runs: interactive prompt, or postMessage when embedded without a URL user.
Contributor
`play.html` posts `webterminal-credentials` exactly once on iframe `load`. With auto-auth running on startup, that message could arrive while `waitingForCredentials` was still `false` and be silently dropped; the subsequent `ws.onclose` flipped the flag to `true`, but no second message ever came, leaving the embedded terminal stuck. Pre-arm `waitingForCredentials` before the initial auto-auth attempt when embedded without a URL-supplied user, so a one-shot parent message is consumed regardless of timing (the in-flight connection is replaced). Also clear `initialAutoAuth` when parent credentials arrive, so a subsequent failure prompts interactively instead of waiting for another (non-existent) parent message. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 task
Member
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Previously the web terminal always opened with a
Username:/Password:prompt, or — when embedded in an iframe without a URL-supplieduser— waited silently for credentials viapostMessage. For embedding scenarios where the default user has an empty password (e.g. a vanilla single-node install), that is unnecessary friction.With this change, the web terminal performs an initial connection attempt on load using the URL-supplied
userparameter (ordefaultwhen absent) and an empty password. If the server rejects the authentication (close code1008), the existing fallback runs: the interactiveUsername:/Password:prompt, orpostMessage-supplied credentials when embedded in an iframe without a URLuser.The URL
passwordparameter is intentionally not supported — passwords in URLs end up in browser history, referrer headers, server access logs, and proxy logs.Changelog category (leave one):
Changelog entry:
The web terminal now attempts an automatic connection with the default credentials (or the URL-supplied
userparameter) on load, falling back to the existing interactive prompt only if authentication fails. This makes it usable out-of-the-box on a fresh install and easier to embed in an iframe.Version info
26.5.1.776