github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #5192] Dashboard fetch fails with "Request cannot be constructed from a URL that includes credentials" when accessing via Basic Auth in URL #4054

New issue
Closed
opened 2026-05-05 14:34:11 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 14:34:11 -06:00
Owner
Copy link

Originally created by @richex-cn on GitHub (Mar 4, 2026).
Original GitHub issue: https://github.com/fatedier/frp/issues/5192

Bug Description

When accessing the frp dashboard using a URL that includes HTTP Basic Auth credentials directly (e.g. https://user:password@yourdomain.com:7500/), the dashboard frontend fails to load server info.
A browser console error appears:

Failed to execute 'fetch' on 'Window': Request cannot be constructed from a URL that includes credentials: ../api/serverinfo

After this error, a popup shows: "Get server info from frps failed!"

If I remove the user:password@ part from the URL and let the browser prompt for credentials, everything works normally.

Image

Expected behavior

The dashboard should load normally even when credentials are provided in the URL (many users bookmark such URLs for quick access without repeated login prompts).

Environment

  • Browser: Chrome 145

Additional context

This is a browser security restriction: modern browsers forbid constructing fetch() requests from a URL that contains embedded credentials (username:password@) for security reasons (URL leaking, logging, etc.).

Thanks for this great tool!

frpc Version

0.67.0

frps Version

0.67.0

System Architecture

windows/amd64

Configurations

# frps.toml
bindPort = 7000

auth.token = "123456"

webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "123456"
webServer.pprofEnable = false

Logs

No response

Steps to reproduce

  1. Configure frps with dashboard enabled and HTTP Basic Auth
  2. Access the dashboard using a convenience URL with credentials embedded:
    https://admin:yourpass@dashboard.example.com:7500/
  3. Dashboard shows error popup.

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @richex-cn on GitHub (Mar 4, 2026). Original GitHub issue: https://github.com/fatedier/frp/issues/5192 ### Bug Description When accessing the frp dashboard using a URL that includes HTTP Basic Auth credentials directly (e.g. `https://user:password@yourdomain.com:7500/`), the dashboard frontend fails to load server info. A browser console error appears: ``` Failed to execute 'fetch' on 'Window': Request cannot be constructed from a URL that includes credentials: ../api/serverinfo ``` After this error, a popup shows: **"Get server info from frps failed!"** If I remove the `user:password@` part from the URL and let the browser prompt for credentials, everything works normally. <img width="606" height="140" alt="Image" src="https://github.com/user-attachments/assets/7f0e1229-ef3d-40f5-95fd-0b0d4a6fd7d3" /> ### Expected behavior The dashboard should load normally even when credentials are provided in the URL (many users bookmark such URLs for quick access without repeated login prompts). ### Environment - Browser: Chrome 145 ### Additional context This is a browser security restriction: modern browsers forbid constructing `fetch()` requests from a URL that contains embedded credentials (username:password@) for security reasons (URL leaking, logging, etc.). Thanks for this great tool! ### frpc Version 0.67.0 ### frps Version 0.67.0 ### System Architecture windows/amd64 ### Configurations ``` # frps.toml bindPort = 7000 auth.token = "123456" webServer.addr = "0.0.0.0" webServer.port = 7500 webServer.user = "admin" webServer.password = "123456" webServer.pprofEnable = false ``` ### Logs _No response_ ### Steps to reproduce 1. Configure frps with dashboard enabled and HTTP Basic Auth 2. Access the dashboard using a convenience URL with credentials embedded: `https://admin:yourpass@dashboard.example.com:7500/` 3. Dashboard shows error popup. ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [x] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror 2026-05-05 14:34:11 -06:00
gitea-mirror commented 2026-05-05 14:34:14 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 19, 2026):

Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

<!-- gh-comment-id:4086722980 --> @github-actions[bot] commented on GitHub (Mar 19, 2026): Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.
gitea-mirror commented 2026-05-05 14:34:15 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Mar 20, 2026):

This is a browser security restriction — modern browsers block fetch() from URLs with embedded credentials (user:password@host). This is not something frp can or should work around. Please access the dashboard without credentials in the URL and let the browser prompt for authentication instead.

<!-- gh-comment-id:4098557468 --> @fatedier commented on GitHub (Mar 20, 2026): This is a browser security restriction — modern browsers block fetch() from URLs with embedded credentials (user:password@host). This is not something frp can or should work around. Please access the dashboard without credentials in the URL and let the browser prompt for authentication instead.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#4054
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?