Authentication Pop-up appears because /notifications/sse request uses expired bearer token

[ScharfViktor]

ocis 4.0.0
web 7.1.0-rc.5

Steps:

• user logs in and stay on system more that 5 min

Expected result: no authentication Pop-up

Actual result: after token refreshing appears the authentication Pop-up

because request https://host.docker.internal:9200/ocs/v2.php/apps/notifications/api/v1/notifications/sse uses expired bearer token

[AlexAndBear]

@lookacat could you take over ?

[dschmidt]

But isn't this also an oCIS bug? Even if the token is expired, I wouldnt expect the header to require a password to be sent
Imho it should only be sent when the Authorization header is absent

[JammingBen]

Turns out web was missing the proper X-Requested-With: XMLHttpRequest header in the SSE request.

[dschmidt]

Turns out web was missing the proper X-Requested-With: XMLHttpRequest header in the SSE request.

Ah, yes, that's probably what I was thinking of, not the Authorization header

[ScharfViktor]

looks like that #9654 did not solve the pop-up problem

[JammingBen]

@ScharfViktor It looks like the X-Requested-With: XMLHttpRequest header is not present, or is it cut off down below? Are you sure you're running current master?

[ScharfViktor]

Yes, X-Requested-With: XMLHttpRequest header is present. I use current master

[JammingBen]

Hmm I'm not able to reproduce it on my system. Can you send me your ocis config flags? Also, are you running ocis locally or via our Docker dev setup?

[ScharfViktor]

re-tested on 8.0.0-beta.2
works fine