613785 - Switch to using tab-modal prompt dialogs for HTTP authentication

Status: RESOLVED FIXED

(Toolkit :: General, defect, P3)

Description

[(no longer active)]

With bug 59314 fixed, we should probably port our HTTP authentication dialogs to be tab-modal and not window-modal.

Comment 1

[gadjo]

duplicate of bug 377496?

Comment 2

[(no longer active)]

This bug will solve bug 377496 as well.

Comment 3

[Michael Lefevre]

And what about bug 567804 "Convert HTTP Auth modal dialog to a doorhanger"?

Comment 4

[(no longer active)]

They're basically covering the same thing, only with two different UI proposals.  We should decide which path we want to take...

Comment 5

[Nikita Popov]

Security related dialogs shouldn't be implemented using the tab-modal dialogs (at least in their current form) as they are easily spoofable.

Comment 6

[Alex Faaborg [:faaborg] (Firefox UX)]

Since as earlier comments mention this has security implications, and is also related to the user's identity, the UX team was planing to use our doorhanger approach over in bug 567804 (also related to the account manager work we have in progress for after Firefox 4:  http://people.mozilla.com/~faaborg/files/firefox4Mockups/accountManager/account%20manager%20i6.png )

Comment 7

[Justin Dolske [:Dolske]]

I'm not particularly thrilled with putting HTTP Auth prompts entirely into content, due to spoofing. Although that's largely already a lost battle. Sigh.

Anyway, I think doorhangers (or something like them) are probably somewhat better, and Account Manager in general even better still.

So, WONTFIX in favor of bug 567804 instead.

Comment 13

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Justin Dolske [:Dolske] from comment #7)
> I'm not particularly thrilled with putting HTTP Auth prompts entirely into
> content, due to spoofing. Although that's largely already a lost battle.
> Sigh.

Spoofing is not much of an issue as long as we only show the dialog box for the document origin, AFAICT.

Comment 14

[Frank Yan (:fryn)]

:shorlander and I are not concerned about spoofing here. Spoofing the prompt is neither more dangerous nor more difficult that spoofing any HTML login form on the web. HTTP authentication is inherently modal and should display a modal prompt that can be dismissed easily by accident.

The solution proposed here is better than the one in bug 567804. Firefox for Windows 8 Metro will be implementing a solution similar to this one.

Comment 15

[Stephan Sokolow]

(In reply to Frank Yan (:fryn) from comment #14)
> :shorlander and I are not concerned about spoofing here. Spoofing the prompt
> is neither more dangerous nor more difficult that spoofing any HTML login
> form on the web. HTTP authentication is inherently modal and should display
> a modal prompt that can be dismissed easily by accident.

I get the impression :Dolske is thinking about taking an opportunity to make spoofing more difficult by making the prompt visibly extend outside the content region.

I suppose another option would be to visually differentiate privileged and unprivileged tab-modal dialogs using some other mechanism. (eg. Tinting or patterning a highly-visible portion of the chrome while a privileged tab-modal is being displayed)

Comment 16

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Frank Yan (:fryn) from comment #14)
> :shorlander and I are not concerned about spoofing here. Spoofing the prompt
> is neither more dangerous nor more difficult that spoofing any HTML login
> form on the web.

Not true. Consider (on page https://victim.example.com/):

    <img src='http://attacker.example.com'>

This can force an HTTP auth prompt for http://attacker.example.com in the UI context of http://victim.example.com, and it is up to the user to notice that he's authenticating for something other than the page by reading the text of the HTTP auth dialog box very carefully, which is an unreasonable expectation for us to make of our users.

However, I agree that, as long as we fix bug 647010, then we don't have to worry about it here. (That's what I was saying in comment 13.) However, if we don't/can't fix bug 647010 then we will need a solution for spoofing. And, we may find that fixing bug 647010 is impossible due to compatibility issues, especially for XHR.

> HTTP authentication is inherently modal and should display
> a modal prompt that can be dismissed easily by accident.

I guess you mean "cannot be dismissed easily by accident." But, I thin it is likely there must be some way to dismiss it on purpose. (The fact that doorhangers can be dismissed accidentally and then become difficult/impossible to resurrect are one of the most serious deficiencies of the doorhanger UX in general.)

I disagree that HTTP authentication inherently requires a modal dialog box. We could always, by default, just display the error page that results when the user refuses to log in and then have the user initiate the login explicitly if he/she chooses. I imagine that we will eventually have to do something similar for SSL client certificate authentication. The advantage of doing things this way is that the error page can give the user instructions regarding which credentials to use amongst other things. However, I agree that a modal prompt is the "safe" choice, assuming there is a way to cancel the dialog box to read the error page. (But, then, you end up again with the problem of "How do I get the HTTP auth dialog box back after I've read the error page?")

Comment 17

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Brian Smith (:bsmith) from comment #16)
> (In reply to Frank Yan (:fryn) from comment #14)
> > :shorlander and I are not concerned about spoofing here. Spoofing the prompt
> > is neither more dangerous nor more difficult that spoofing any HTML login
> > form on the web.
> 
> Not true. Consider (on page https://victim.example.com/):
> 
>     <img src='http://attacker.example.com'>

Also, consider in particular iframes:

<iframe src='http://attacker.com'>
</iframe>

Especially when the iframe is not even visible, it is easy to confuse the user into entering the embedding page's credentials into the embedded iframe page's HTTP auth dialog box.

Comment 18

[Stephan Sokolow]

(In reply to Brian Smith (:bsmith) from comment #17)
> (In reply to Brian Smith (:bsmith) from comment #16)
> > (In reply to Frank Yan (:fryn) from comment #14)
> > > :shorlander and I are not concerned about spoofing here. Spoofing the prompt
> > > is neither more dangerous nor more difficult that spoofing any HTML login
> > > form on the web.
> > 
> > Not true. Consider (on page https://victim.example.com/):
> > 
> >     <img src='http://attacker.example.com'>
> 
> Also, consider in particular iframes:
> 
> <iframe src='http://attacker.com'>
> </iframe>
> 
> Especially when the iframe is not even visible, it is easy to confuse the
> user into entering the embedding page's credentials into the embedded iframe
> page's HTTP auth dialog box.

Good point.

Does anyone have any ideas for a generally-applicable way to provide better indication of the source of a login prompt now that we're in an era where it's so common for a site to be stitched together with content from multiple domains?

Comment 19

[Florian Bender]

Bug 647010 is about only allowing HTTP auth from the top level document. Does this cover your concerns?

Comment 20

[Roberto Spadim]

well give the url and the frame name information to user, it's better to check what password browser is asking about when we have many passwords to enter

Comment 21

[Justin Dolske [:Dolske]]

(In reply to Brian Smith (:bsmith) from comment #16)

> However, I agree that, as long as we fix bug 647010, then we don't have to
> worry about it here. (That's what I was saying in comment 13.) However, if
> we don't/can't fix bug 647010 then we will need a solution for spoofing.
> And, we may find that fixing bug 647010 is impossible due to compatibility
> issues, especially for XHR.

Yeah, this is the crux of the issue. Can we try fixing bug 647010 now, seeing if that sticks, and then go with a tab-modal prompt? It probably needs to stick though an actual release to shake out the full impact of things it might break... Frank, how's that match with Metro's timing? (Or maybe Metro can take a fix for 647010 in the interm, lest legacy compat issues prevent Firefox Desktop from shipping it.)

> (The fact that
> doorhangers can be dismissed accidentally and then become
> difficult/impossible to resurrect are one of the most serious deficiencies
> of the doorhanger UX in general.)

Fodder for another bug, that that's quite intentional.

> I disagree that HTTP authentication inherently requires a modal dialog box.

Well, it does if you're loading resources within the page. The most obvious example being loading a script that triggers authentication... The rest of the page may depend upon effects of the script's execution.

But if 647010 is actually going to only allow the top-level doc itself to trigger authentication, then you're right. The "prompt" can just be an error page with a username+password entry field.

I'm all for 647010, but I fear that it carries a pretty big webcompat risk. And so we either need to tread carefully and try to fix it, or ensure that any auth prompt changes we make here are non-spoofable.

Note that there are 2 subtly different issues:

One is that a cross-origin auth prompt is something many users won't understand (no matter what the UI is), and so we should do things like 647010 to make that problem go away.

The other is that given the web-we-have and not the web-we-want, how do we do our best to give users the info/tools to make the best of a bad situation? (Specifically for users to do understand or have been told what to look for.)

Comment 22

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Justin Dolske [:Dolske] from comment #21)
> Yeah, this is the crux of the issue. Can we try fixing bug 647010 now,
> seeing if that sticks, and then go with a tab-modal prompt? It probably
> needs to stick though an actual release to shake out the full impact of
> things it might break... Frank, how's that match with Metro's timing? (Or
> maybe Metro can take a fix for 647010 in the interm, lest legacy compat
> issues prevent Firefox Desktop from shipping it.)

I think that we should start working on bug 647010, but I don't think that bug 647010 should block this bug. I just want to make sure that people understand that spoofing *is* still a concern and fixing this bug isn't the last word on improving the HTTP auth experience; i.e. I want to avoid running into the "we just modified the HTTP auth UX once, and it would be too confusing to change it again so soon" type of argument.

> > I disagree that HTTP authentication inherently requires a modal dialog box.
> 
> Well, it does if you're loading resources within the page. The most obvious
> example being loading a script that triggers authentication... The rest of
> the page may depend upon effects of the script's execution.

Right, though I am curious about how much of a problem it would be in practice. It is something we could definitely measure the impact of with telemetry, "relatively easily." If people think it would be valuable to consider a non-modal HTTP auth prompt, either now or in the future, we could investigate it.

> But if 647010 is actually going to only allow the top-level doc itself to
> trigger authentication, then you're right. The "prompt" can just be an error
> page with a username+password entry field.

The motivation for bug 647010 is to prevent some kinds of cross-origin attacks, and we can prevent those types of attacks while still allowing same-origin subresources to trigger the HTTP auth prompt. However, if the UX teams think it would be useful to limit the prompt to only the top-level document, then we could experiment with that as part of bug 647010.

> I'm all for 647010, but I fear that it carries a pretty big webcompat risk.
> And so we either need to tread carefully and try to fix it, or ensure that
> any auth prompt changes we make here are non-spoofable.

I suggest that we assume that we can fix bug 647010 so that we can make forward progress on this bug, and if that assumption turns out to be wrong, then we can consider implementing alternative approaches to subresource-based spoofing later.

Comment 24

[Jan Pokorný]

Please note that having tab-modal prompt, [bug 896253] with
infinite-load-until-the-first-and-only-auth-prompt-proceeded can only be
amplified because it can happen with only a single FF window opened
(as opposed to current situation in which the bug is only exposed with
more windows accessing the same authed site -- quite rare).

Comment 29

[Marco Mucci [:MarcoM]]

Carry over to Iteration it-30c-29a-28b.3

Comment 30

[Michael Maslaney [:mmaslaney] (mmaslaney@mozilla.com)]

Assets and spec posted in bug 977037

Comment 31

[Florian Bender]

I don't think this bug is supposed to be marked as fixed, is it? Though, if you want to continue the implementation in Bug 977037, please mark as duplicate.

Comment 33

[(no longer active)]

This bug is neither fixed, nor a dupe of bug 977037.  Bug 977037 is just covering the designs, and doesn't focus on the implementation work, which should presumably happen here.

Comment 34

[Marco Mucci [:MarcoM]]

Returning to the Backlog for Gavin, Chad and Madhava to review.

Comment 35

[Serg]

Hey guys! Just wandering if you are going to fix this? It's 2014 already.

Comment 36

[Nicolas Barbulesco]

(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #0)

> we should probably port our HTTP authentication
> dialogs to be tab-modal and not window-modal

Yes. And the menus have to be operational.

I have a Firefox tab asking me authentication. 
To look up my auth info, I need to go to a webmail. So I press Apple N, to create a new window. 
This does not work. Because the menu bar is crippled. 
So I go to Safari to open the needed webmail. 
This is a failure of Firefox.

This needs to be improved. Thank you.

Comment 37

[Brendan Hide]

(In reply to Nicolas Barbulesco from comment #36)
> Yes. And the menus have to be operational.
> 
> I have a Firefox tab asking me authentication. 
> To look up my auth info, I need to go to a webmail. So I press Apple N, to
> create a new window. 
> This does not work. Because the menu bar is crippled. 
> So I go to Safari to open the needed webmail. 
> This is a failure of Firefox.
Apologies if this is just a "+1" - but I feel I must echo the above sentiment.

In my case when I open Firefox on either my laptop or desktop, about 10-15 pinned tabs autoload, of which about 7 of these tabs steal focus due to their authentication dialogs.

For me I would prefer to have those tabs higlight (or flash or whatever, as long as it doesn't steal focus) and only ask me for the auth when I actually click on the tab. The present alternative is quickly clicking "Cancel" for each popup and re-loading them later on.

As with Nicolas experience, this is a fail, temporarily making Firefox inconvenient/unusable until I've gone through each of these tabs.

"Steal focus" should be a swearphrase.

Comment 38

[(Currently slow to respond) Philipp Sackl [:phlsa] (Firefox UX) please use needinfo]

Specs can be found in this bug: 977037

Comment 40

[glukout39]

FireFox 36.0.4 - problem still here :(

Comment 41

[glukout39]

FireFox 39.0.3 - problem still here :(

Comment 42

[janderson2000]

Shutting off authentication from more than one origin point was not a bug fix. It was a breaking of useful functionality.  A strongly-worded embedded warning with the ability to add and store an exception would have been a much better solution instead of just pulling the rug on thousands of sites that rely on this functionality and have for years and years.

Comment 44

[were.weasel]

It was put to my attention that this bug is actively exploited in the wild to extort ransom from website visitors. The attackers site keeps reloading so that the authentication dialog will immediately pop up again if closed, denying the victim any access to Firefox.
The authentication message reads something like "Your browser has been locked. Call 0800-xxx to regain access."

The only solution is to kill the firefox process with system tools. When firefox is then restarted and set to automatically restore the previous session the dialog will immediately occur again.

Comment 48

[Matt Cosentino]

Seems to me that this is a serious issue and should be upgraded to P1. I just encountered a page with a fake Firefox error page and a repeated HTTP authentication dialog and I was unable to close the tab to get out of the loop. Anything that lets a page cripple the browser needs to be fixed.

Comment 50

[Daniel]

7 years old and still in Quantum? Definitely P1.

Comment 55

[Mike Conca [:mconca]]

The WebExtensions team is in the initial stages of providing a tab hiding API under bug 1410548. One of the issues we are encountering is that a hidden tab that runs into an HTTP auth request must be forcibly shown to the user, since it is window-modal and would block all interaction with the browser if it were to remain hidden.

While this isn't strictly blocking the implementation of hidden tabs, it definitely destroys the user's workflow. Making HTTP auth tab-modal would present a much nicer user experience when they are using hidden tabs.

Comment 56

[Graham Perrin]

> Switch to using tab-modal prompt dialogs for HTTP authentication

Please: will the switch allow LastPass to regain functionality that was lost in the shift to WebExtensions APIs?

<https://discourse.mozilla.org/t/-/19745/8?u=grahamperrin> relates to LastPass premium support ticket # 6529225 

> … LastPass 4.2.1.21 is not compatible with modal authentication dialogues …

Comment 57

[landy2005]

Yep, after upgrade to 58, I see this issue (as many other people),
because Firefox now complete hangs on any page with HTTP auth.

Only way for fix - kill FF process and do not open any page with HTTP authentication..

My case on Mac OS 10.10.5, Fixefox 58.0.1

Comment 58

[Jim]

Alternative workaround that has worked for me:

Put mouse over tab close button (X).
Press escape (ESC) immediately followed by left mouse button (LMB) click.
Depending on speed of the server you may need to try a couple times but I can usually close the tab before it issues another authentication dialog.

Comment 66

[Daniel]

How is this still unassigned after DDOSing users?

Comment 67

[Matthew N. [:MattN]]

Attachment: Screen Shot showing how the tab-modal PaymentRequest dialog overlaps chrome

We can probably use an approach similar to the Web Payments dialog which was still connected to the .browserContainer but also overlapped the chrome using absolute positioning (via a hack using HTML since XUL doesn't support abs. pos.). I think we could move all <tabmodalprompt> inside an <html:div> like .paymentDialogContainer and then have CSS trigger the position:absolute depending on which prompt is top-most since I assume we don't want regular alert()/confirm() to overlap chrome, only http-auth.

https://searchfox.org/mozilla-central/rev/c21d6620d384dfb13ede6054015da05a6353b899/browser/components/payments/paymentUIService.js#68-75,188-193

Comment 69

[treffner]

Rant (yeah, I'm kinda sorry for it, but I didn't find another quick way to highlight how important this is ... heck! just look how many duplicates you get of this and how many people CC this issue):
You must be kidding me that this 9 year old defect only has P3 priority. This is a main blocker for me and should be P1. Please raise the priority immediately.

Comment 70

[Matt Cosentino]

Absolutely agree.

Comment 72

[Albert Scheiner [:alberts]]

As the design from bug 977037 is already somewhat dated by now, should it be reopened to adjust the UI?

Comment 74

[Paul Zühlcke [:pbz]]

Attachment: Bug 613785 - Updated http auth prompt tests to support tab prompts. r=gijs

Depends on D75566

Comment 75

[Paul Zühlcke [:pbz]]

Attachment: Bug 613785 - Tab modal http auth prompts. r=johannh

Depends on D75567

Comment 76

[Pulsebot]

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fdc328259d08
Updated http auth prompt tests to support tab prompts. r=johannh
https://hg.mozilla.org/integration/autoland/rev/333d10fedb1a
Tab modal http auth prompts. r=johannh

Comment 77

[Paul Zühlcke [:pbz]]

This got backed out along with Bug 1633370. I'm currently working on the new UX for tab chrome prompts. It's probably better to re-land this once the new UI is done.

Comment 78

[Matthew N. [:MattN]]

Backout: https://hg.mozilla.org/mozilla-central/rev/ab03f197f649

Comment 79

[Pulsebot]

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/aeeb3f688098
Updated http auth prompt tests to support tab prompts. r=extension-reviewers,Gijs,zombie
https://hg.mozilla.org/integration/autoland/rev/4738b2f8406d
Tab modal http auth prompts. r=johannh

Comment 80

[Bogdan Tara[:bogdan_tara | bogdant]]

Backed out 3 changesets (bug 1633370, bug 613785) for test_alert_opened_before_session_starts failures.

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&searchStr=marionette&tochange=4738b2f8406d718f29d8168046e948c6a07eae3b&fromchange=c84b2f303275e16c946117a8d0859fd3c8b0f29f&selectedTaskRun=dAQvZSLqQZi1kqJMpR0uGg.1

Backout link: https://hg.mozilla.org/integration/autoland/rev/a82361f4787aaf24b3814249e756d08c80fb2686

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=315152856&repo=autoland&lineNumber=39118

[task 2020-09-08T23:56:34.959Z] 23:56:34     INFO - TEST-START | testing/marionette/harness/marionette_harness/tests/unit/test_modal_dialogs.py TestModalAlerts.test_alert_opened_before_session_starts
[task 2020-09-08T23:56:34.963Z] 23:56:34     INFO -  1599609394958	Marionette	DEBUG	Closed connection 9
[task 2020-09-08T23:56:34.963Z] 23:56:34     INFO -  1599609394959	Marionette	DEBUG	Accepted connection 10 from 127.0.0.1:58306
[task 2020-09-08T23:56:34.964Z] 23:56:34     INFO -  1599609394960	Marionette	DEBUG	10 -> [0,1,"WebDriver:NewSession",{"strictFileInteractability":true}]
[task 2020-09-08T23:56:34.964Z] 23:56:34     INFO -  1599609394961	Marionette	TRACE	[15] Frame script loaded
[task 2020-09-08T23:56:34.964Z] 23:56:34     INFO -  1599609394961	Marionette	TRACE	[15] Frame script registered
[task 2020-09-08T23:56:34.965Z] 23:56:34     INFO -  1599609394962	Marionette	DEBUG	10 <- [1,1,null,{"sessionId":"e2b792a8-6746-4ed6-aa27-9d2f7c7b19d8","capabilities":{"browserName":"firefox","browserVersion":"82.0a ... mp/tmpiKgglC.mozrunner","moz:shutdownTimeout":60000,"moz:useNonSpecCompliantPointerOrigin":false,"moz:webdriverClick":true}}]
[task 2020-09-08T23:56:34.967Z] 23:56:34     INFO -  1599609394965	Marionette	DEBUG	10 -> [0,2,"WebDriver:SetTimeouts",{"script":30000}]
[task 2020-09-08T23:56:34.967Z] 23:56:34     INFO -  1599609394965	Marionette	DEBUG	10 <- [1,2,null,{"value":null}]
[task 2020-09-08T23:56:34.967Z] 23:56:34     INFO -  1599609394966	Marionette	DEBUG	10 -> [0,3,"WebDriver:SetTimeouts",{"pageLoad":300000}]
[task 2020-09-08T23:56:34.968Z] 23:56:34     INFO -  1599609394966	Marionette	DEBUG	10 <- [1,3,null,{"value":null}]
[task 2020-09-08T23:56:34.972Z] 23:56:34     INFO -  1599609394968	Marionette	DEBUG	10 -> [0,4,"WebDriver:SetTimeouts",{"implicit":0}]
[task 2020-09-08T23:56:34.972Z] 23:56:34     INFO -  1599609394968	Marionette	DEBUG	10 <- [1,4,null,{"value":null}]
[task 2020-09-08T23:56:34.973Z] 23:56:34     INFO -  1599609394969	Marionette	DEBUG	10 -> [0,5,"WebDriver:GetChromeWindowHandle",{}]
[task 2020-09-08T23:56:34.973Z] 23:56:34     INFO -  1599609394969	Marionette	DEBUG	10 <- [1,5,null,{"value":"1"}]
[task 2020-09-08T23:56:34.973Z] 23:56:34     INFO -  1599609394970	Marionette	DEBUG	10 -> [0,6,"WebDriver:GetChromeWindowHandles",{}]
[task 2020-09-08T23:56:34.973Z] 23:56:34     INFO -  1599609394970	Marionette	DEBUG	10 <- [1,6,null,["1"]]
[task 2020-09-08T23:56:34.973Z] 23:56:34     INFO -  1599609394970	Marionette	DEBUG	10 -> [0,7,"WebDriver:GetWindowHandle",{}]
[task 2020-09-08T23:56:34.974Z] 23:56:34     INFO -  1599609394970	Marionette	DEBUG	10 <- [1,7,null,{"value":"15"}]
[task 2020-09-08T23:56:34.976Z] 23:56:34     INFO -  1599609394971	Marionette	DEBUG	10 -> [0,8,"WebDriver:GetWindowHandles",{}]
[task 2020-09-08T23:56:34.976Z] 23:56:34     INFO -  1599609394972	Marionette	DEBUG	10 <- [1,8,null,["15"]]
[task 2020-09-08T23:56:34.977Z] 23:56:34     INFO -  1599609394974	Marionette	DEBUG	10 -> [0,9,"WebDriver:GetWindowHandles",{}]
[task 2020-09-08T23:56:34.977Z] 23:56:34     INFO -  1599609394975	Marionette	DEBUG	10 <- [1,9,null,["15"]]
[task 2020-09-08T23:56:34.978Z] 23:56:34     INFO -  1599609394975	Marionette	DEBUG	10 -> [0,10,"WebDriver:NewWindow",{"type":"tab","focus":false,"private":false}]
[task 2020-09-08T23:56:34.994Z] 23:56:34     INFO -  1599609394983	Marionette	TRACE	Received DOM event TabOpen for [object XULElement]
[task 2020-09-08T23:56:35.034Z] 23:56:35     INFO -  DEBUG: Adding blocker ContentParent: id=7fb88b0af000 for phase xpcom-will-shutdown
[task 2020-09-08T23:56:35.034Z] 23:56:35     INFO -  DEBUG: Adding blocker ContentParent: id=7fb88b0af000 for phase profile-before-change
[task 2020-09-08T23:56:35.076Z] 23:56:35     INFO -  1599609395070	Marionette	TRACE	[34] Frame script loaded
[task 2020-09-08T23:56:35.076Z] 23:56:35     INFO -  1599609395072	Marionette	TRACE	[34] Frame script registered
[task 2020-09-08T23:56:35.104Z] 23:56:35     INFO -  1599609395098	Marionette	DEBUG	10 <- [1,10,null,{"handle":"34","type":"tab"}]
[task 2020-09-08T23:56:35.120Z] 23:56:35     INFO -  1599609395115	Marionette	DEBUG	10 -> [0,11,"WebDriver:GetWindowHandles",{}]
[task 2020-09-08T23:56:35.120Z] 23:56:35     INFO -  1599609395115	Marionette	DEBUG	10 <- [1,11,null,["15","34"]]
[task 2020-09-08T23:56:35.120Z] 23:56:35     INFO -  1599609395116	Marionette	DEBUG	10 -> [0,12,"WebDriver:GetWindowHandles",{}]
[task 2020-09-08T23:56:35.120Z] 23:56:35     INFO -  1599609395116	Marionette	DEBUG	10 <- [1,12,null,["15","34"]]
[task 2020-09-08T23:56:35.140Z] 23:56:35     INFO -  1599609395135	Marionette	DEBUG	10 -> [0,13,"WebDriver:SwitchToWindow",{"handle":"34","focus":true}]
[task 2020-09-08T23:56:35.161Z] 23:56:35     INFO -  1599609395158	Marionette	TRACE	Received DOM event TabSelect for [object XULElement]
[task 2020-09-08T23:56:35.177Z] 23:56:35     INFO -  1599609395168	Marionette	DEBUG	10 <- [1,13,null,{"value":null}]
[task 2020-09-08T23:56:35.177Z] 23:56:35     INFO -  1599609395171	Marionette	DEBUG	10 -> [0,14,"Marionette:GetContext",{}]
[task 2020-09-08T23:56:35.177Z] 23:56:35     INFO -  1599609395171	Marionette	DEBUG	10 <- [1,14,null,{"value":"content"}]
[task 2020-09-08T23:56:35.177Z] 23:56:35     INFO -  1599609395173	Marionette	DEBUG	10 -> [0,15,"Marionette:SetContext",{"value":"chrome"}]
[task 2020-09-08T23:56:35.177Z] 23:56:35     INFO -  1599609395174	Marionette	DEBUG	10 <- [1,15,null,{"value":null}]
[task 2020-09-08T23:56:35.177Z] 23:56:35     INFO -  1599609395175	Marionette	DEBUG	10 -> [0,16,"WebDriver:ExecuteScript",{"script":"Components.utils.import(\"resource://gre/modules/Preferences.jsm\");\n\n           ... e,false],"filename":"../../venv/lib/python2.7/site-packages/marionette_driver/marionette.py","sandbox":"default","line":770}]
[task 2020-09-08T23:56:35.180Z] 23:56:35     INFO -  1599609395179	Marionette	DEBUG	10 <- [1,16,null,{"value":null}]
[task 2020-09-08T23:56:35.182Z] 23:56:35     INFO -  1599609395179	Marionette	DEBUG	10 -> [0,17,"Marionette:SetContext",{"value":"content"}]
[task 2020-09-08T23:56:35.182Z] 23:56:35     INFO -  1599609395180	Marionette	DEBUG	10 <- [1,17,null,{"value":null}]
[task 2020-09-08T23:56:35.183Z] 23:56:35     INFO -  1599609395180	Marionette	DEBUG	10 -> [0,18,"WebDriver:Navigate",{"url":"http://127.0.0.1:34551/http_auth"}]
[task 2020-09-08T23:56:35.186Z] 23:56:35     INFO -  1599609395184	Marionette	TRACE	Using browsing context 34
[task 2020-09-08T23:56:35.201Z] 23:56:35     INFO -  1599609395193	Marionette	TRACE	[34] Received DOM event beforeunload for about:blank
[task 2020-09-08T23:56:35.310Z] 23:56:35     INFO -  1599609395307	Marionette	TRACE	Received observer notification common-dialog-loaded
[task 2020-09-08T23:56:35.311Z] 23:56:35     INFO -  1599609395308	Marionette	DEBUG	10 <- [1,18,null,{"value":null}]
[task 2020-09-08T23:56:35.320Z] 23:56:35     INFO -  1599609395315	Marionette	DEBUG	10 -> [0,19,"WebDriver:GetTimeouts",{}]
[task 2020-09-08T23:56:35.320Z] 23:56:35     INFO -  1599609395315	Marionette	DEBUG	10 <- [1,19,null,{"implicit":0,"pageLoad":300000,"script":30000}]
[task 2020-09-08T23:56:35.320Z] 23:56:35     INFO -  1599609395316	Marionette	DEBUG	10 -> [0,20,"WebDriver:GetAlertText",{}]
[task 2020-09-08T23:56:35.320Z] 23:56:35     INFO -  1599609395316	Marionette	DEBUG	10 <- [1,20,null,{"value":"http://127.0.0.1:34551 is requesting your username and password. The site says: “secret”"}]
[task 2020-09-08T23:56:35.320Z] 23:56:35     INFO -  1599609395316	Marionette	DEBUG	10 -> [0,21,"WebDriver:DeleteSession",{}]
[task 2020-09-08T23:56:35.321Z] 23:56:35     INFO -  1599609395319	Marionette	DEBUG	10 <- [1,21,null,{"value":null}]
[task 2020-09-08T23:56:35.329Z] 23:56:35     INFO -  1599609395324	Marionette	DEBUG	Closed connection 10
[task 2020-09-08T23:56:35.330Z] 23:56:35     INFO -  1599609395326	Marionette	DEBUG	Accepted connection 11 from 127.0.0.1:58310
[task 2020-09-08T23:56:35.332Z] 23:56:35     INFO -  1599609395328	Marionette	DEBUG	11 -> [0,1,"WebDriver:NewSession",{"strictFileInteractability":true}]
[task 2020-09-08T23:56:35.334Z] 23:56:35     INFO -  1599609395331	Marionette	TRACE	[15] Frame script loaded
[task 2020-09-08T23:56:35.334Z] 23:56:35     INFO -  1599609395331	Marionette	TRACE	[34] Frame script loaded
[task 2020-09-08T23:56:35.334Z] 23:56:35     INFO -  1599609395332	Marionette	TRACE	[15] Frame script registered
[task 2020-09-08T23:56:35.334Z] 23:56:35     INFO -  1599609395332	Marionette	TRACE	[34] Frame script registered
[task 2020-09-08T23:56:35.338Z] 23:56:35     INFO -  1599609395335	Marionette	DEBUG	11 <- [1,1,null,{"sessionId":"3c981ab5-977b-4b94-ab28-8aface957fe9","capabilities":{"browserName":"firefox","browserVersion":"82.0a ... mp/tmpiKgglC.mozrunner","moz:shutdownTimeout":60000,"moz:useNonSpecCompliantPointerOrigin":false,"moz:webdriverClick":true}}]
[task 2020-09-08T23:56:35.338Z] 23:56:35     INFO -  1599609395336	Marionette	DEBUG	11 -> [0,2,"WebDriver:DismissAlert",{}]
[task 2020-09-08T23:56:35.340Z] 23:56:35     INFO -  1599609395336	Marionette	DEBUG	11 <- [1,2,{"error":"no such alert","message":"","stacktrace":"WebDriverError@chrome://marionette/content/error.js:175:5\nNoSuchAle ... e://gre/modules/LoginManagerAuthPrompter.jsm:760:30\nrun@resource://gre/modules/LoginManagerAuthPrompter.jsm:187:27\n"},null]
[task 2020-09-08T23:56:35.341Z] 23:56:35     INFO -  1599609395339	Marionette	DEBUG	11 -> [0,3,"Marionette:GetContext",{}]
[task 2020-09-08T23:56:35.344Z] 23:56:35     INFO -  1599609395339	Marionette	DEBUG	11 <- [1,3,null,{"value":"content"}]
[task 2020-09-08T23:56:35.345Z] 23:56:35     INFO -  1599609395341	Marionette	DEBUG	11 -> [0,4,"Marionette:SetContext",{"value":"chrome"}]
[task 2020-09-08T23:56:35.345Z] 23:56:35     INFO -  1599609395341	Marionette	DEBUG	11 <- [1,4,null,{"value":null}]
[task 2020-09-08T23:56:35.347Z] 23:56:35     INFO -  1599609395343	Marionette	DEBUG	11 -> [0,5,"WebDriver:TakeScreenshot",{"full":true,"hash":false,"id":null,"scroll":true}]
[task 2020-09-08T23:56:35.348Z] 23:56:35     INFO -  1599609395343	Marionette	TRACE	Using browsing context 1
[task 2020-09-08T23:56:35.425Z] 23:56:35     INFO - TEST-UNEXPECTED-ERROR | testing/marionette/harness/marionette_harness/tests/unit/test_modal_dialogs.py TestModalAlerts.test_alert_opened_before_session_starts | NoAlertPresentException: 
[task 2020-09-08T23:56:35.426Z] 23:56:35     INFO - stacktrace:
[task 2020-09-08T23:56:35.426Z] 23:56:35     INFO - 	WebDriverError@chrome://marionette/content/error.js:175:5
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	NoSuchAlertError@chrome://marionette/content/error.js:376:5
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	GeckoDriver.prototype._checkIfAlertIsPresent@chrome://marionette/content/driver.js:3381:11
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	GeckoDriver.prototype.dismissDialog@chrome://marionette/content/driver.js:3294:8
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	despatch@chrome://marionette/content/server.js:303:40
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	execute@chrome://marionette/content/server.js:273:16
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	onPacket/<@chrome://marionette/content/server.js:246:20
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	onPacket@chrome://marionette/content/server.js:247:9
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	_onJSONObjectReady/<@chrome://marionette/content/transport.js:501:20
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	openPromptSync@resource://gre/modules/Prompter.jsm:1081:17
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	nsIPrompt_promptUsernameAndPassword@resource://gre/modules/Prompter.jsm:1521:10
[task 2020-09-08T23:56:35.427Z] 23:56:35     INFO - 	promptAuth@resource://gre/modules/Prompter.jsm:1664:17
[task 2020-09-08T23:56:35.428Z] 23:56:35     INFO - 	promptAuthBC@resource://gre/modules/Prompter.jsm:689:14
[task 2020-09-08T23:56:35.428Z] 23:56:35     INFO - 	promptAuth@resource://gre/modules/LoginManagerAuthPrompter.jsm:760:30
[task 2020-09-08T23:56:35.428Z] 23:56:35     INFO - 	run@resource://gre/modules/LoginManagerAuthPrompter.jsm:187:27
[task 2020-09-08T23:56:35.428Z] 23:56:35     INFO - Traceback (most recent call last):
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -   File "/builds/worker/workspace/build/venv/lib/python2.7/site-packages/marionette_harness/marionette_test/testcases.py", line 196, in run
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -     testMethod()
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -   File "/builds/worker/workspace/build/tests/marionette/tests/testing/marionette/harness/marionette_harness/tests/unit/test_modal_dialogs.py", line 206, in test_alert_opened_before_session_starts
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -     alert.dismiss()
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -   File "/builds/worker/workspace/build/venv/lib/python2.7/site-packages/marionette_driver/marionette.py", line 378, in dismiss
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -     self.marionette._send_message("WebDriver:DismissAlert")
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -   File "/builds/worker/workspace/build/venv/lib/python2.7/site-packages/marionette_driver/decorators.py", line 26, in _
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -     return func(*args, **kwargs)
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -   File "/builds/worker/workspace/build/venv/lib/python2.7/site-packages/marionette_driver/marionette.py", line 602, in _send_message
[task 2020-09-08T23:56:35.429Z] 23:56:35     INFO -     self._handle_error(err)
[task 2020-09-08T23:56:35.430Z] 23:56:35     INFO -   File "/builds/worker/workspace/build/venv/lib/python2.7/site-packages/marionette_driver/marionette.py", line 622, in _handle_error
[task 2020-09-08T23:56:35.430Z] 23:56:35     INFO -     raise errors.lookup(error)(message, stacktrace=stacktrace)
[task 2020-09-08T23:56:35.430Z] 23:56:35     INFO - TEST-INFO took 441ms
[task 2020-09-08T23:56:35.430Z] 23:56:35     INFO -  1599609395392	Marionette	DEBUG	11 <- [1,5,null,{"value":"iVBORw0KGgoAAAANSUhEUgAABQAAAAQQCAYAAAC9RfbYAAAgAElEQVR4nOzd23OU953g//kDMv/KXm3t1e9yrnzjcmV+VZlMNqlKJvEmt ... AjAAIAAFA2awcgQJkACAAAQJkACOyeAAgAAECZAAjsngAIAABAmQAI7J4ACAAAQJkACOyeAAgAAECZAAjsngAIAABA2QdjdW0fo0V/uwAAAABJRU5ErkJggg=="}]
[task 2020-09-08T23:56:35.430Z] 23:56:35     INFO -  1599609395394	Marionette	DEBUG	11 -> [0,6,"Marionette:SetContext",{"value":"content"}]
[task 2020-09-08T23:56:35.430Z] 23:56:35     INFO -  1599609395394	Marionette	DEBUG	11 <- [1,6,null,{"value":null}]
[task 2020-09-08T23:56:35.431Z] 23:56:35     INFO -  1599609395394	Marionette	DEBUG	11 -> [0,7,"Marionette:GetContext",{}]
[task 2020-09-08T23:56:35.431Z] 23:56:35     INFO -  1599609395394	Marionette	DEBUG	11 <- [1,7,null,{"value":"content"}]
[task 2020-09-08T23:56:35.432Z] 23:56:35     INFO -  1599609395395	Marionette	DEBUG	11 -> [0,8,"Marionette:SetContext",{"value":"content"}]
[task 2020-09-08T23:56:35.432Z] 23:56:35     INFO -  1599609395395	Marionette	DEBUG	11 <- [1,8,null,{"value":null}]
[task 2020-09-08T23:56:35.433Z] 23:56:35     INFO -  1599609395395	Marionette	DEBUG	11 -> [0,9,"WebDriver:GetPageSource",{}]
[task 2020-09-08T23:56:35.433Z] 23:56:35     INFO -  1599609395397	Marionette	DEBUG	11 <- [1,9,null,{"value":"<html><head></head><body></body></html>"}]
[task 2020-09-08T23:56:35.434Z] 23:56:35     INFO -  1599609395397	Marionette	DEBUG	11 -> [0,10,"Marionette:SetContext",{"value":"content"}]
[task 2020-09-08T23:56:35.434Z] 23:56:35     INFO -  1599609395397	Marionette	DEBUG	11 <- [1,10,null,{"value":null}]
[task 2020-09-08T23:56:35.435Z] 23:56:35     INFO -  1599609395405	Marionette	DEBUG	11 -> [0,11,"Marionette:GetContext",{}]
[task 2020-09-08T23:56:35.435Z] 23:56:35     INFO -  1599609395405	Marionette	DEBUG	11 <- [1,11,null,{"value":"content"}]
[task 2020-09-08T23:56:35.435Z] 23:56:35     INFO -  1599609395407	Marionette	DEBUG	11 -> [0,12,"Marionette:SetContext",{"value":"chrome"}]
[task 2020-09-08T23:56:35.436Z] 23:56:35     INFO -  1599609395407	Marionette	DEBUG	11 <- [1,12,null,{"value":null}]
[task 2020-09-08T23:56:35.436Z] 23:56:35     INFO -  1599609395408	Marionette	DEBUG	11 -> [0,13,"WebDriver:ExecuteScript",{"script":"Components.utils.import(\"resource://gre/modules/Preferences.jsm\");\n             ... -allow"],"filename":"../../venv/lib/python2.7/site-packages/marionette_driver/marionette.py","sandbox":"default","line":708}]
[task 2020-09-08T23:56:35.437Z] 23:56:35     INFO -  1599609395410	Marionette	DEBUG	11 <- [1,13,null,{"value":null}]
[task 2020-09-08T23:56:35.437Z] 23:56:35     INFO -  1599609395411	Marionette	DEBUG	11 -> [0,14,"Marionette:SetContext",{"value":"content"}]
[task 2020-09-08T23:56:35.438Z] 23:56:35     INFO -  1599609395411	Marionette	DEBUG	11 <- [1,14,null,{"value":null}]
[task 2020-09-08T23:56:35.438Z] 23:56:35     INFO -  1599609395411	Marionette	DEBUG	11 -> [0,15,"WebDriver:GetWindowHandles",{}]
[task 2020-09-08T23:56:35.439Z] 23:56:35     INFO -  1599609395412	Marionette	DEBUG	11 <- [1,15,null,["15","34"]]
[task 2020-09-08T23:56:35.440Z] 23:56:35     INFO -  1599609395412	Marionette	DEBUG	11 -> [0,16,"WebDriver:SwitchToWindow",{"handle":"34","focus":true}]
[task 2020-09-08T23:56:35.446Z] 23:56:35     INFO -  1599609395413	Marionette	DEBUG	11 <- [1,16,null,{"value":null}]
[task 2020-09-08T23:56:35.450Z] 23:56:35     INFO -  1599609395413	Marionette	DEBUG	11 -> [0,17,"WebDriver:CloseWindow",{}]
[task 2020-09-08T23:56:35.458Z] 23:56:35     INFO -  1599609395441	Marionette	TRACE	Received DOM event TabClose for [object XULElement]
[task 2020-09-08T23:56:35.463Z] 23:56:35     INFO -  1599609395459	Marionette	TRACE	Received observer notification message-manager-disconnect
[task 2020-09-08T23:56:35.465Z] 23:56:35     INFO -  1599609395459	Marionette	DEBUG	11 <- [1,17,null,["15"]]
[task 2020-09-08T23:56:35.466Z] 23:56:35     INFO -  JavaScript error: resource://gre/modules/Prompter.jsm, line 1189: NS_ERROR_NOT_AVAILABLE: prompt aborted by user
[task 2020-09-08T23:56:35.467Z] 23:56:35     INFO -  1599609395462	Marionette	DEBUG	11 -> [0,18,"WebDriver:SwitchToWindow",{"handle":"15","focus":true}]
[task 2020-09-08T23:56:35.472Z] 23:56:35     INFO -  1599609395463	Marionette	DEBUG	11 <- [1,18,null,{"value":null}]
[task 2020-09-08T23:56:35.473Z] 23:56:35     INFO -  1599609395463	Marionette	DEBUG	11 -> [0,19,"WebDriver:GetChromeWindowHandles",{}]
[task 2020-09-08T23:56:35.474Z] 23:56:35     INFO -  1599609395463	Marionette	DEBUG	11 <- [1,19,null,["1"]]
[task 2020-09-08T23:56:35.474Z] 23:56:35     INFO -  1599609395465	Marionette	DEBUG	11 -> [0,20,"WebDriver:GetWindowHandles",{}]
[task 2020-09-08T23:56:35.475Z] 23:56:35     INFO -  1599609395466	Marionette	DEBUG	11 <- [1,20,null,["15"]]
[task 2020-09-08T23:56:35.477Z] 23:56:35     INFO -  1599609395467	Marionette	DEBUG	11 -> [0,21,"WebDriver:DeleteSession",{}]
[task 2020-09-08T23:56:35.478Z] 23:56:35     INFO -  1599609395471	Marionette	DEBUG	11 <- [1,21,null,{"value":null}]
...

Comment 81

[Paul Zühlcke [:pbz]]

Attachment: Bug 613785 - Updated marionette modal#findModalDialogs to support SubDialog prompts. r=whimboo

Depends on D75568

Comment 82

[Pulsebot]

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9df275f6cd8d
Updated http auth prompt tests to support tab prompts. r=extension-reviewers,Gijs,zombie
https://hg.mozilla.org/integration/autoland/rev/c8555693674c
Tab modal http auth prompts. r=johannh
https://hg.mozilla.org/integration/autoland/rev/0f7dc1b122c6
Updated marionette modal#findModalDialogs to support SubDialog prompts. r=whimboo,marionette-reviewers

Comment 83

[Pulsebot]

Backout by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c6d80d05c8f4
Backed out 3 changesets for license failure at toolkit/components/pictureinpicture/docs/PiP-diagram.svg on a CLOSED TREE

Comment 84

[Cristina Coroiu [:ccoroiu]]

Sorry for the backout, relanding.

Comment 85

[Pulsebot]

Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7603440e6c36
Updated http auth prompt tests to support tab prompts. r=extension-reviewers,Gijs,zombie on a CLOSED TREE
https://hg.mozilla.org/integration/autoland/rev/3729a6bb6ab2
Tab modal http auth prompts. r=johannh on a CLOSED TREE
https://hg.mozilla.org/integration/autoland/rev/184b034f637d
Updated marionette modal#findModalDialogs to support SubDialog prompts. r=whimboo,marionette-reviewers on a CLOSED TREE

Comment 86

[Razvan Maries]

https://hg.mozilla.org/mozilla-central/rev/7603440e6c36
https://hg.mozilla.org/mozilla-central/rev/3729a6bb6ab2
https://hg.mozilla.org/mozilla-central/rev/184b034f637d

Comment 87

[Paul Wise]

Thanks for fixing this!

Does the fix also mean that the TLS client cert auth dialogs are also fixed, or will they need a similar fix? The bug for those is https://bugzilla.mozilla.org/show_bug.cgi?id=1401466

Comment 88

[Paul Wise]

Also, it would be great to have a screenshot of what the new UI looks like attached to this bug.

Comment 89

[Paul Zühlcke [:pbz]]

(In reply to Paul Wise from comment #87)

Thanks for fixing this!

Does the fix also mean that the TLS client cert auth dialogs are also fixed, or will they need a similar fix? The bug for those is https://bugzilla.mozilla.org/show_bug.cgi?id=1401466

That's separate window code, but it should be possible to also show that in the TabDialogBox.

(In reply to Paul Wise from comment #88)

Also, it would be great to have a screenshot of what the new UI looks like attached to this bug.

You can see it in the latest Nightly when you open a site that requires basic auth. For example: https://jigsaw.w3.org/HTTP/Basic/

Comment 90

[Oana Botisan, Desktop QA]

I verified the fix using latest Nightly 83.0a1 on Windows 10 x64, Ubuntu 18.04 x64 and macOS 10.13. The issue is not reproducing anymore.
However when I used Firefox 82.0b2 on Windows 10 x64 and Ubuntu 18.04 x64, the window-modal was displayed.

Comment 91

[Paul Zühlcke [:pbz]]

The auth tab prompts are currently only enabled for Nightly.

Comment 93

[Kuzma Fesenko]

Hi all,

As a user of Nightly, I have noticed the new modal pop-up for HTTP authentication. While I do like the look and feel of the new prompt, I have run into a slight issue when using a password manager to auto-fill the username and password. The password manager utilizes the window's title to match the appropriate entry and previously the prompt had a window title of "Authentication Required". After this change, the title is simply "Firefox Nightly" which would still work, but is a bit ambiguous and might match more entries than intended.

My question is, I'm wondering if it's possible to set the tab's title to use the same one as the previous prompt? I'm sure this would help out a lot of others using password managers.

Comment 94

[Johann Hofmann [:johannh]]

(In reply to Kuzma Fesenko from comment #93)

Hi all,

As a user of Nightly, I have noticed the new modal pop-up for HTTP authentication. While I do like the look and feel of the new prompt, I have run into a slight issue when using a password manager to auto-fill the username and password. The password manager utilizes the window's title to match the appropriate entry and previously the prompt had a window title of "Authentication Required". After this change, the title is simply "Firefox Nightly" which would still work, but is a bit ambiguous and might match more entries than intended.

My question is, I'm wondering if it's possible to set the tab's title to use the same one as the previous prompt? I'm sure this would help out a lot of others using password managers.

This is a valid suggestion, can you file a new bug, please?

Comment 95

[Kuzma Fesenko]

(In reply to Kuzma Fesenko from comment #93)

Hi all,

As a user of Nightly, I have noticed the new modal pop-up for HTTP authentication. While I do like the look and feel of the new prompt, I have run into a slight issue when using a password manager to auto-fill the username and password. The password manager utilizes the window's title to match the appropriate entry and previously the prompt had a window title of "Authentication Required". After this change, the title is simply "Firefox Nightly" which would still work, but is a bit ambiguous and might match more entries than intended.

My question is, I'm wondering if it's possible to set the tab's title to use the same one as the previous prompt? I'm sure this would help out a lot of others using password managers.

(In reply to Johann Hofmann [:johannh] from comment #94)

(In reply to Kuzma Fesenko from comment #93)

Hi all,

As a user of Nightly, I have noticed the new modal pop-up for HTTP authentication. While I do like the look and feel of the new prompt, I have run into a slight issue when using a password manager to auto-fill the username and password. The password manager utilizes the window's title to match the appropriate entry and previously the prompt had a window title of "Authentication Required". After this change, the title is simply "Firefox Nightly" which would still work, but is a bit ambiguous and might match more entries than intended.

My question is, I'm wondering if it's possible to set the tab's title to use the same one as the previous prompt? I'm sure this would help out a lot of others using password managers.

This is a valid suggestion, can you file a new bug, please?

Will do!

Comment 96

[karlicoss]

Hi, I believe this has made to Firefox 83, and my first thought when I saw the new prompt was that I was being spoofed. Had to do some hg repo archaeology to confirm that it indeed was a legitimate change and find the corresponding bugzilla issue..
Perhaps worth including in the changelog, so people aren't confused by the change? Thanks!