Metamask-extension: Unable to add custom network with basic auth in url
Describe the bug
I've got an ETH mainnet node running behind nginx reverse proxy with basic auth in place. I can access it using using url formatted this way: https://user:[email protected]. It worked without issues in metamask too, was using it with success until something broke in metamask in v8.1.0 (worked fine on v8.0.10).
Prerequisites:
ETH node running behind nginx reverse proxy with basic auth in place
_sorry, I'm not able to share my own!_
Steps to reproduce (REQUIRED)
Steps to reproduce the behavior, libraries used with version number, and/or any setup information to easily reproduce:
- Open metamask on main page (wallet overview)
- Click on "Networks" placeholder on top
- Click on "Custom RPC" position
- Fill "Network name" with anything
- Fill "New RPC URL" with url to ETH mainnet node behind nginx reverse proxy with basic auth in place
- Fill "Chain ID" with your expected chain ID (
1in my case as this is ETH mainnet node) - Click on "Save" button
Expected behavior
Metamask should work with my mainnet ETH node behind reverse proxy with basic auth in place.
Screenshots
Browser details (please complete the following information):
- OS: OS X
- Browser: Chrome Version 86.0.4240.183 (Official Build) (64-bit)
- MetaMask Version: 8.1.3
Additional context (Error Messages, etc.)
Works fine on metamask 8.0.10. Broken on 8.1.0.
Getting Could not fetch chain ID. Is your RPC URL correct? error.
Maybe related to this PR: https://github.com/MetaMask/metamask-extension/pull/9487
drptbl
All 4 comments
This is affecting us as well for connecting to private networks. I have seen in the metamask console the following log:
ui.js:179 Failed to fetch the chainId from the endpoint. TypeError: Failed to execute 'fetch' on 'Window': Request cannot be constructed from a URL that includes credentials: MY_URL
It seems like they are using the builtin fetch that does not allow to use URL with credentials.
It could be fixed if they implement the conversion to authorization header: https://stackoverflow.com/questions/45067331/request-with-url-that-includes-credentials
like this:
var headers = new Headers();
headers.append('Authorization', 'Basic ' + btoa(username + ':' + password));
fetch('https://host.com', {headers: headers})
Username and password can be extracted from the url using a regular expression that would also skip this header appending if the url does not match (does not have basic auth)
This way it wouldn't block us to use private networks in metamask, since metamask has no way of specifying headers in custom RPCs.
sirasistant
on 5 Nov 2020
tmashuang
on 5 Nov 2020
@sirasistant The Authorization header seems to be set similar to your snippet in an underlying module here:
However, I see a recent change to move from fetch-ponyfill -> node-fetch here: https://github.com/AlayaNetwork/samurai-eth-json-rpc-middleware/commit/2b513d95d9d4a45c84e94b6c2bb97255c3e14611
Not sure if that has caused an unexpected breaking change?
vdamle
on 5 Nov 2020
Thanks for solving this! 馃帀
drptbl
on 9 Nov 2020
Related issues
beether
路
4Comments
whyrusleeping
路
3Comments
aakilfernandes
路
3Comments
aecc
路
3Comments
BassBauman
路
3Comments
Most helpful comment
This is affecting us as well for connecting to private networks. I have seen in the metamask console the following log:
ui.js:179 Failed to fetch the chainId from the endpoint. TypeError: Failed to execute 'fetch' on 'Window': Request cannot be constructed from a URL that includes credentials: MY_URLIt seems like they are using the builtin
fetchthat does not allow to use URL with credentials.It could be fixed if they implement the conversion to authorization header: https://stackoverflow.com/questions/45067331/request-with-url-that-includes-credentials
like this:
Username and password can be extracted from the url using a regular expression that would also skip this header appending if the url does not match (does not have basic auth)
This way it wouldn't block us to use private networks in metamask, since metamask has no way of specifying headers in custom RPCs.