Closed
Bug 208087
Opened 22 years ago
Closed 22 years ago
[FIX]Stylesheet ignored if authentication needed
Categories
(Core :: CSS Parsing and Computation, defect, P1)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla1.5alpha
People
(Reporter: bugzilla, Assigned: bzbarsky)
Details
(Keywords: regression)
Attachments
(1 file, 1 obsolete file)
|
1.22 KB,
patch
|
darin.moz
:
review+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030522
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030522
If a page does not need authentication, but a css stylesheet in the page is in a
different location which does, the style sheet gets ignored.
The username and password are prompoted and entered but ignored. The page does
not seem to render untill password entered.
However on refresh the stylesheet is applied, as it no longer neccessary to
prompt for authentication. But people not used to site wont realise that
something is missing.
This seem to apply with Mozilla 1.4b and Apache 2 htpasswd authentication.
I havent tested if this is the same for other filetypes, e.g. js files or
images, but it does seem like a seriuos issue, in one way dataloss, although
only visually.
Reproducible: Always
Steps to Reproduce:
1. open browser and go to a page which does not require authentication, but does
contain a link to a stylesheet which does require authentication.
2. you are prompted for name and password, enter this and press okay.
Actual Results:
page rendered without applying stylesheet, however refreses does.
Expected Results:
as it already seem to wait untill password is entered, it should have fetched
the stylesheet and applied as it rendered the page as normal.
|
Reporter | |
Comment 1•22 years ago
|
||
Would like some comment on this, as I recon it is a significant problem.
It wont stop your browsing, and if stylesheet is only mild formating, not really
impact you browsing. however if stylesheet applies the more resourcefull
attributes of CSS, like display: none, and other hide/show features then it
would seriously affect the integrety of the sites involved.
Although having a pw protected style sheet makes less sense if the page itself
is not pw protected, however as ive found out in a few cases, it does happen.
Flags: blocking1.4?
I thought we'd fixed this before. Did it regress?
(I still like the idea of HTTP asserting much earlier than the assertion put in
for bug 199910, which would help us catch things like this when they regress
instead of months later.)
|
|
Assignee | |
Comment 3•22 years ago
|
||
Hmm.. I just tracked back to at least Aug 2002 (when CSSLoader was still using
streamLoader) and we consistently pass in nsnull for the notification callbacks
all along...
What confuses me is that the password _is_ prompted for. That means that we get
a hold of a notification callbacks object, no?
|
|
||
Comment 4•22 years ago
|
||
yes, from the loadgroup. it is a nsIRequest with its own notification callbacks
attribute that channels may/should use if there is not one specified on the
channel explicitly.
|
|
Assignee | |
Comment 5•22 years ago
|
||
OK.... so any ideas what the problem is here, Darin? I assume that the whole
prompting thing is opaque to necko consumers, right? So once I open a channel
and it has a notification callbacks pointer (eg from the loadgroup) I don't have
to do anything to get things to be happy?
|
|
Assignee | |
Comment 6•22 years ago
|
||
Ivar, any chance of a page that shows the problem?
|
|
Reporter | |
Comment 7•22 years ago
|
||
Ive set up http://test.eray.biz/auth.html as an example.
( it is online from about 9am - 1am GMT most days )
Try it first without entering a username & pw. Then enter "test" as username and
pw. Does anyone else see this the same problem?
(Although I cant get mozilla to read the stylesheet at all at the moment...)
This problem does still presist where i first encountered it. but that is my
todo program. and i dont want people to mess around with it!
I however managed to get a similar issue when testing it with Konqueror. It
displayed the page without using the stylesheet and then prompted for the
authentication. It however automaticlly refreshed/reflowed the page and applied
the stylesheet when the authentication was accepted.
That is the actions I expected Mozilla to do as well, but perhaps not show any
of page if first encountering an stylesheet which needs authentication.
Flags: blocking1.4?
|
|
Assignee | |
Comment 8•22 years ago
|
||
When I load that HTML page, I am not prompted for authentication for the
stylesheet, at all. Naturally, the sheet is not applied.
If I load the sheet url first (and authenticate myself), the sheet is thereafter
applied when I load the HTML.
So the problem, then, is in fact that there is no prompting for the
username/password on a normal load of the HTML page... darin, any idea what's
up there?
|
|
Reporter | |
Comment 9•22 years ago
|
||
This issue of not beeing prompted at all now, may be bad server configuration by
me.
However I cant see what I have set up wrong, especially as it is applying the
stylesheet after you have accessed it directly. It works in other browsers and
the logs show the css files is accessed.
The original stylesheet authentication problem occured with my Tomcat
integration, which may be complicate the issue, but as we have seen there is a
problem with plain Apache files.
Can anyone else replicate the problem?
|
|
Assignee | |
Comment 10•22 years ago
|
||
This was caused by the patch in bug 199910.
Assignee: dbaron → bzbarsky
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: regression
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Summary: Stylesheet ignored if authentication needed → [FIX]Stylesheet ignored if authentication needed
Target Milestone: --- → mozilla1.5alpha
|
|
Assignee | |
Comment 11•22 years ago
|
||
|
|
Assignee | |
Updated•22 years ago
|
Attachment #127254 -
Flags: superreview?(dbaron)
Attachment #127254 -
Flags: review?(darin)
|
|
||
Comment 12•22 years ago
|
||
Comment on attachment 127254 [details] [diff] [review]
This fixes http://test.eray.biz/auth.html for me
> nsHttpChannel::GetCallback(const nsIID &aIID, void **aResult)
> {
>+ NS_PRECONDITION(aResult, "Invalid argument in GetCallback!");
at one point in time, someone (not sure who) told me that
NS_PRECONDITION is not to be used anymore... maybe that was
just someone being lame.
> *aResult = nsnull;
>+ nsresult rv = NS_ERROR_NO_INTERFACE;
>+ if (mCallbacks) {
>+ rv = mCallbacks->GetInterface(aIID, aResult);
>+ }
nit: please keep bracket style consistent. i.e., drop the brackets
if not needed. also, seems like it would be better to not assign
to |rv| twice. do this instead:
nsresult rv;
if (mCallbacks)
rv = mCallbacks->GetInterface(aIID, aResult);
else
rv = NS_ERROR_NO_INTERFACE;
there's also no reason to preinitialize |*aResult| since this
function returns a failure code when it cannot get the requested
callback interface (all callers check |rv|).
r=darin with those changes.
Attachment #127254 -
Flags: review?(darin) → review-
|
|
Assignee | |
Updated•22 years ago
|
Attachment #127254 -
Flags: superreview?(dbaron)
|
|
Assignee | |
Comment 13•22 years ago
|
||
|
|
Assignee | |
Updated•22 years ago
|
Attachment #127254 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•22 years ago
|
Attachment #127258 -
Flags: superreview?(dbaron)
Attachment #127258 -
Flags: review?(darin)
|
|
||
Updated•22 years ago
|
Attachment #127258 -
Flags: review?(darin) → review+
Attachment #127258 -
Flags: superreview?(dbaron) → superreview+
|
|
Assignee | |
Comment 14•22 years ago
|
||
Checked in for 1.5a.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•