The rclone web-gui struggles from many problems due to the current HTTP authentication system being used for authenticating served from the rclone.
The web-gui depends on this mechanism to authenticate with the rclone server. But according to the Mozilla documentation, this is deprecated. https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Access_using_credentials_in_the_URL . And hence, causing a lot of problems like multiple login windows.
The alternative can be something a token-based system like the one used in the jupyter notebook (python) authentication here. What we could do, is provide this mechanism for serving GUI files, which should ensure that:
A user could use a token to log in automatically on the localhost.
For a remote user, he should be able to use a username and a password to log in.
I have very little experience with the server-side of things and would appreciate it if someone could help me with that. I would take up the task in the GUI side of things.
When you do an http request with username/password it gets converted into an Authorization header in basic auth
So the simplest thing would be to allow rclone to pass the username/password as GET parameters when we open the browser which we do already as the login_token.
We could replace username/password with an opaque token but it will be the same scheme fundamentally.
If the username password gets parsed through the url, we get through, otherwise, we see an error. And after refresh it somehow manages to get the token.
So if we serve the static files without auth then the initial fetch should be OK without auth. The app can then grab the token from the URL parameter and it is away.
I'm just trying to think if serving just the static files without auth
