Trap site uses repeated http auth prompts to keep the user on the page
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
People
(Reporter: firefox-bugzilla, Assigned: mayhemer, NeedInfo)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: csectype-dos, sec-low, Whiteboard: [necko-active][adv-main52+])
Attachments
(3 files, 5 obsolete files)
226.47 KB,
image/png
|
Details | |
20.46 KB,
patch
|
mayhemer
:
review+
jcristau
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
20.21 KB,
patch
|
Details | Diff | Splinter Review |
Comment 1•8 years ago
|
||
Comment 3•8 years ago
|
||
Updated•8 years ago
|
Comment 5•8 years ago
|
||
![]() |
Assignee | |
Comment 6•8 years ago
|
||
![]() |
Assignee | |
Updated•8 years ago
|
Comment 8•8 years ago
|
||
Comment 9•8 years ago
|
||
Comment 10•8 years ago
|
||
Comment 11•8 years ago
|
||
![]() |
Assignee | |
Comment 12•8 years ago
|
||
![]() |
||
Comment 13•8 years ago
|
||
![]() |
Assignee | |
Comment 14•8 years ago
|
||
![]() |
||
Comment 15•8 years ago
|
||
![]() |
Assignee | |
Comment 16•8 years ago
|
||
![]() |
||
Comment 17•8 years ago
|
||
![]() |
Assignee | |
Updated•8 years ago
|
![]() |
Assignee | |
Comment 18•8 years ago
|
||
![]() |
||
Comment 19•8 years ago
|
||
![]() |
Assignee | |
Comment 20•8 years ago
|
||
![]() |
||
Comment 21•8 years ago
|
||
![]() |
Assignee | |
Comment 22•8 years ago
|
||
![]() |
Assignee | |
Comment 23•8 years ago
|
||
Comment 24•8 years ago
|
||
Comment 25•8 years ago
|
||
Comment 26•8 years ago
|
||
![]() |
Assignee | |
Comment 27•8 years ago
|
||
![]() |
Assignee | |
Comment 28•8 years ago
|
||
Comment 29•8 years ago
|
||
![]() |
Assignee | |
Comment 30•8 years ago
|
||
Comment 31•8 years ago
|
||
Comment 32•8 years ago
|
||
Comment 33•8 years ago
|
||
Comment 34•8 years ago
|
||
![]() |
Assignee | |
Comment 35•8 years ago
|
||
Comment 36•8 years ago
|
||
![]() |
Assignee | |
Comment 37•8 years ago
|
||
![]() |
||
Comment 38•8 years ago
|
||
![]() |
Assignee | |
Comment 39•8 years ago
|
||
![]() |
Assignee | |
Comment 40•8 years ago
|
||
![]() |
Assignee | |
Comment 41•8 years ago
|
||
Comment 42•8 years ago
|
||
![]() |
Assignee | |
Comment 43•8 years ago
|
||
![]() |
Assignee | |
Comment 44•8 years ago
|
||
![]() |
Assignee | |
Comment 45•8 years ago
|
||
Comment 46•8 years ago
|
||
![]() |
Assignee | |
Comment 48•8 years ago
|
||
![]() |
Assignee | |
Updated•8 years ago
|
Comment 49•8 years ago
|
||
Comment 50•8 years ago
|
||
![]() |
Assignee | |
Comment 51•8 years ago
|
||
Comment 52•8 years ago
|
||
bugherder |
Comment 54•8 years ago
|
||
![]() |
Assignee | |
Comment 55•8 years ago
|
||
Comment 56•8 years ago
|
||
![]() |
Assignee | |
Comment 57•8 years ago
|
||
Comment 58•8 years ago
|
||
Comment 59•8 years ago
|
||
![]() |
Assignee | |
Comment 61•8 years ago
|
||
Updated•8 years ago
|
Comment 62•8 years ago
|
||
bugherder uplift |
Comment 63•8 years ago
|
||
Reporter | ||
Comment 64•8 years ago
|
||
Updated•8 years ago
|
Updated•8 years ago
|
Comment 65•8 years ago
|
||
![]() |
Assignee | |
Comment 66•8 years ago
|
||
![]() |
Assignee | |
Comment 67•8 years ago
|
||
Comment 68•7 years ago
|
||
Updated•6 years ago
|
Updated•6 years ago
|
Comment 69•6 years ago
|
||
Some steps to reproduce are still required in order to correctly verify this bug. Honza, Do you think this can still be verified at this point or should we ignore it in the future?
![]() |
Assignee | |
Comment 70•6 years ago
|
||
Is your request to me to provide the STR? This is hard to test in an automated fashion, yes, so a static web page for testing would be good to have, right?
Comment 71•6 years ago
|
||
Yes, please. That would be very helpful. Thank you.
Comment 73•6 years ago
|
||
Considering the fact that this "qe-verify+" tag was set about 3 years ago, I don't think there's any hurry to it... :)
Comment 74•6 years ago
|
||
Just a reminder for Honza :)
![]() |
Assignee | |
Comment 75•6 years ago
|
||
Is the test in bug 377496 enough?
Comment 76•6 years ago
|
||
In bug 377496, there are 2 test cases:
-
A test case in the description: opening a page (http://gobase.org/studying/articles/mioch/7/index.html) and the authentification prompt would appear by default. The authentification prompt does not appear anymore.
-
Another test case in the comment section (https://bugzilla.mozilla.org/show_bug.cgi?id=377496#c36): which has a test page (http://www.httpwatch.com/httpgallery/authentication/#showExample10). Clickin the "DISPLAY IMAGE" button will trigger an authentification prompt. In this case, the prompt is displayed, and the page is still somewhat unusable (only scrolling it is possible while the prompt is not dismissed).
- Clicking the prompt's OK button two times in a row will dismiss the prompt and the page becomes usable.
- Clicking the prompt's "Cancel" or "X" buttons will instantly dismiss the authentification prompt and leave the page usable.
I don't know what this bug fixed/what are the previous expected results and the newly expected results. How exactly is this supposed to work?
![]() |
Assignee | |
Comment 77•5 years ago
|
||
As there is some work happening in bug 613785, this is no longer serious enough to spend time verifying. Bug 613785 will actually nullify this issue completely.
Description
•