Open
Bug 1409818
Opened 7 years ago
Updated 2 years ago
HTTP auth requests from tracking subresources should be blocked
Categories
(Core :: Networking: HTTP, enhancement, P3)
Core
Networking: HTTP
Tracking
()
NEW
People
(Reporter: francois, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
An image load can currently redirect to a page that requests HTTP basic auth and cause a login box to show up as if it came from the top-level page.
As a first step towards deprecating/removing these prompts entirely, we could block these prompts if they come from a subresource that has been annotated as a tracker.
|
||
Comment 1•7 years ago
|
||
@mayhemer do you think P3 is the correct priority for this bug?
Flags: needinfo?(honzab.moz)
Priority: -- → P3
Whiteboard: [necko-triaged]
|
||
Comment 2•7 years ago
|
||
Probably yes. We have more than this bug around subresources and authentication, we may need some meta bug here.
Flags: needinfo?(honzab.moz)
See Also: → 1281434
Summary: Basic auth requests from tracking subresources should be blocked → HTTP auth requests from tracking subresources should be blocked
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•