Closed Bug 1177386 Opened 10 years ago Closed 10 years ago

On iOS9 every HTTPS site results in a basic auth dialog being shown

Categories

(Firefox for iOS :: General, defect)

Product:
Firefox for iOS
Component:
General
Platform:
Other
iOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
fxios + ---

People

(Reporter: st3fan, Unassigned)

References

Details

(Whiteboard: noteworthy)

Attachments

(1 file)

PR: https://github.com/mozilla/firefox-ios/pull/637
47 bytes, text/x-github-pull-request
wesj
: review+
Details | Review
On iOS9 every HTTPS site results in a basic auth dialog being shown. Is it possible that we now get a callback that gives us an opportunity to inspect the SSL certificate? Maybe we are interpreting that as a request for basic auth?
This patch inverts the comparison on `protectionSpace.authenticationMethod` so that we better check for *Basic* and *Digest*. I think this fails on iOS 9 because they now actually trigger `NSURLAuthenticationMethodServerTrust`. (Which we can then use to verify the SSL chain!)
Attachment #8626093 - Flags: review?(wjohnston)
Attachment #8626093 - Flags: review?(wjohnston) → review+
Fixed. But also needed the following followup fix: https://github.com/mozilla/firefox-ios/commit/d71e56e8dc801d60a9fd50d138150d1c4e4e398a Which calls the completionHandler with NSURLSessionAuthChallengeDisposition.PerformDefaultHandling if we don't know how to handle it. (Ie, when it is not Basic or Digest auth)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: noteworthy
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: