Built-in web-server doesn’t print warnings to log for certain files
which are or can be missing but that’s OK for them:
- package-info.json - update information file, which is available only
with binary packages supporting automatic updates;
- favicon.ico - the file is located in img-subdirectory; web-clients
requesting the file from the root directory are doing this wrong;
- apple-touch-icon*.png - iOS safari asks for these files, but we don’t
have nice icons.
Implemented authorization via X-Auth-Token to overcome Safari’s bug,
where it may stop sending HTTP Basic Auth header when executing ajax
requests leading to communication errors in web-interface. With
X-Auth-Token only the first request must include HTTP Basic Auth, for
sub-sequential requests the web-interface sends X-Auth-Token, received
from server on first request. The web-interface even tries to remove
the HTTP Basic Auth header from request to improve security; this
however works only in Chrome, other tested browsers still send the Auth
data anyway (IE, Safari, Firefox).
