I am building an application that uses Electron, CouchDB, and JupyterLab(-desktop). CouchDB is proxied by jupyter-server-proxy and available at /couchdb/
. This works perfectly when running the application using jupyter lab
but gives a 401 authentication error when running in Electron.
The Electron window for my extension is created by Jupyterlab-desktop, and uses the default options: https://github.com/jupyterlab/jupyterlab-desktop/blob/25c5d89f9507df2013dd034de91f28839edf7ed4/src/main/sessions.ts#L566
JupyterLab-desktop includes an anaconda environment in which is launches JupyterLab on a random port. I can then open the inspector, and open the very same page in Edge.
In Edge the request returns a 200 status code, and I can copy the request as the following command
fetch("http://localhost:50505/couchdb/schematics/", {
"headers": {
"accept": "application/json",
"accept-language": "en-US,en;q=0.9",
"authorization": "Basic YWRtaW46YWRtaW4=",
"content-type": "application/json",
"if-none-match": "\"02abc16d4f072bb05c3fa16495ef7ab6fa044a29\"",
"sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Microsoft Edge\";v=\"101\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin"
},
"referrer": "http://localhost:50505/mosaic/",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": null,
"method": "GET",
"mode": "cors",
"credentials": "include"
});
I can then go back to the very same page in Electron and execute the very same request to the very same server, and get a 401 error.
The suspicious thing is that it shows "provisional headers" in Electron, making me suspect it's somehow messing with the headers before sending them. At first I wasn't proxying CouchDB and thought it's some CORS thing, but now it's running at the same host and port as the app itself.

The Chrome documentation says it could show provisional headers if it's cached (which I disabled), if the "resource is invalid"(??) or due to "security reasons". Is there some Electron security thing at play here?
I've also looked at the CouchDB logs, and for the successful case it shows
[notice] 2022-05-05T02:15:03.524000Z couchdb@localhost <0.8858.1> 59b71d5eff localhost:50505 127.0.0.1 admin GET /schematics/ 200 ok 4
and for the failed one
[error] 2022-05-05T02:14:01.532000Z couchdb@localhost <0.8350.1> 4db334eadb rexi_server: from: couchdb@localhost(<0.8330.1>) mfa: fabric_rpc:open_shard/2 throw:{unauthorized,<<"You are not authorized to access this db.">>} [{couch_db,open,2,[{file,"src/couch_db.erl"},{line,171}]},{mem3_util,get_or_create_db,2,[{file,"src/mem3_util.erl"},{line,549}]},{fabric_rpc,open_shard,2,[{file,"src/fabric_rpc.erl"},{line,307}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,141}]}]
[notice] 2022-05-05T02:14:01.532000Z couchdb@localhost <0.8330.1> 4db334eadb localhost:50505 127.0.0.1 undefined GET /schematics/ 401 ok 0
I'm completely at a loss why Electron seems to send the request, but somehow mangle it such that it arrives at CouchDB without correct authorization. What's going on here?