The bug 647010 (HTTP authentication from sub-resources) cause some problems. Change the pref to revert the behavior

VERIFIED FIXED in Firefox 41

Status

()

VERIFIED FIXED
4 years ago
a year ago

People

(Reporter: dragana, Assigned: dragana)

Tracking

(Depends on: 1 bug, {dev-doc-needed})

unspecified
mozilla43
dev-doc-needed
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox40+ wontfix, firefox41+ fixed, firefox42+ fixed, firefox43+ verified, firefox-esr38 unaffected)

Details

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
The bug 647010 cause some problems. Change the pref to revert the behavior.

See also bug 1189268.
(Assignee)

Comment 1

4 years ago
Assignee: nobody → dd.mozilla
Status: NEW → ASSIGNED
Attachment #8651912 - Flags: review?(jduell.mcbugs)
(Assignee)

Updated

4 years ago
See Also: → bug 1189268
(Assignee)

Updated

4 years ago
Depends on: 647010
[Tracking Requested - why for this release]: The patch as landed for Firefox 40.0 via bug 647010 caused lots of troubles for users. See comments on that other bug and maybe other sources like SUMO. I wonder if we should include turning of the pref in one of the next security releases for 40.0.3 if we will have one.
status-firefox40: --- → affected
status-firefox41: --- → affected
status-firefox42: --- → affected
status-firefox43: --- → affected
tracking-firefox40: --- → ?
tracking-firefox41: --- → ?
tracking-firefox42: --- → ?
tracking-firefox43: --- → ?
Summary: The bug 647010 cause some problems. Change the pref to revert the behavior → The bug 647010 (HTTP authentication from sub-resources) cause some problems. Change the pref to revert the behavior
Make sense. Tracking (even for 40 as we might cancel the current build)
tracking-firefox40: ? → +
tracking-firefox41: ? → +
tracking-firefox42: ? → +
tracking-firefox43: ? → +

Updated

4 years ago
Attachment #8651912 - Flags: review?(jduell.mcbugs) → review+
(Assignee)

Updated

4 years ago
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/21ffbd85373a
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
status-firefox43: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Dragana, Jason, do you think we should hot fix this for the 40 users? Thanks
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(dd.mozilla)

Comment 8

4 years ago
If it's easy enough, let's hotfix (this is just a pref change, and we've used both codepaths in releases before, so there's really no risk).  OTOH this is only breaking small corners of the Internet, so if a hotfix is a lot of work we could live with waiting another release.
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(dd.mozilla)
Keywords: dev-doc-needed
(Assignee)

Comment 9

4 years ago
Comment on attachment 8651912 [details] [diff] [review]
bug_1197944.patch

Approval Request Comment
[Feature/regressing bug #]: Bug 647010
[User impact if declined]: Http authentication dialog for cross-origin subresources is blocked. See bug 1200247, 1189268 and some comments in bug 647010
[Describe test coverage new/current, TreeHerder]: This is only pref change. The code path that the pref change will use, was tested by a test in the patch from bug 647010 and also by some users(bug 1200247 and 1189268)
[Risks and why]: Low risk
[String/UUID change made/needed]: none
Attachment #8651912 - Flags: approval-mozilla-beta?
Attachment #8651912 - Flags: approval-mozilla-aurora?
Dragana, there is a chance that we might hotfix this. Could you please also request uplift to mozilla-release?
Flags: needinfo?(dd.mozilla)
Dragana, Jason, do you know whether this also affects esr38?
status-firefox-esr38: --- → ?
Flags: needinfo?(jduell.mcbugs)
Comment on attachment 8651912 [details] [diff] [review]
bug_1197944.patch

Given that this issue is affecting a significant number of our end-users, let's uplift soon to Aurora42 and Beta41.
Attachment #8651912 - Flags: approval-mozilla-beta?
Attachment #8651912 - Flags: approval-mozilla-beta+
Attachment #8651912 - Flags: approval-mozilla-aurora?
Attachment #8651912 - Flags: approval-mozilla-aurora+
I can verify that it works again in Nightly builds at least for the instance I have seen it with internally.
Status: RESOLVED → VERIFIED
status-firefox43: fixed → verified

Comment 16

4 years ago
Comment on attachment 8651912 [details] [diff] [review]
bug_1197944.patch

Review of attachment 8651912 [details] [diff] [review]:
-----------------------------------------------------------------

per comment 10
Attachment #8651912 - Flags: approval-mozilla-release?

Comment 17

4 years ago
re: comment 11: Given that bug 647010 landed on FF 40 I assume this does not affect esr 38.  Dragana can hopefully confirm.
Flags: needinfo?(jduell.mcbugs)
(Assignee)

Comment 18

4 years ago
This change is not in esr 38. It landed only on FF 40.
Flags: needinfo?(dd.mozilla)
Depends on: 1201065
esr38 status -> unaffected based on comment 18.
status-firefox-esr38: ? → unaffected
(Assignee)

Updated

4 years ago
Duplicate of this bug: 1189268
(Assignee)

Updated

4 years ago
Duplicate of this bug: 1201516

Updated

4 years ago
Blocks: 1195091
Comment on attachment 8651912 [details] [diff] [review]
bug_1197944.patch

Removing this flag as this fix landed in 41, 42 and 43.
Attachment #8651912 - Flags: approval-mozilla-release?
Duplicate of this bug: 1200247
status-firefox40: affected → wontfix
You need to log in before you can comment on or make changes to this bug.