Closed
Bug 1425156
Opened 6 years ago
Closed 6 years ago
regression: HTTP Basic Auth dialog won't appear
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
VERIFIED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox57 | --- | unaffected |
firefox58 | --- | fixed |
firefox59 | --- | fixed |
People
(Reporter: jan, Assigned: dragana)
References
Details
(Keywords: nightly-community, regression)
Attachments
(1 file, 1 obsolete file)
4.27 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
It's a bad build if you don't get asked for username + password and instantly see the error page. If I directly open https://aerobatic:aerobatic@auth-demo.aerobatic.io/protected-standard/ I could press OK. But I have a problem if I want to access https://auth-demo.aerobatic.io/protected-standard/ by awesomebar suggestion where I would normally get shown a pre-filled dialog and could just press Enter. mozregression --good 2017-12-10 --bad 2017-12-13 --pref startup.homepage_welcome_url:"https://auth-demo.aerobatic.io/protected-standard/" > 5:01.19 INFO: Last good revision: 0285ac1b3755313f0b899708fe840f59717cb999 > 5:01.19 INFO: First bad revision: 09bf615d77d23dcac7c29f9faf696b94660eb7b7 > 5:01.19 INFO: Pushlog: > https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=0285ac1b3755313f0b899708fe840f59717cb999&tochange=09bf615d77d23dcac7c29f9faf696b94660eb7b7 > c31b663b4dd2 Dragana Damjanovic — Bug 1409449 - Do not show auth-dialog for triggeringPrincipal==SystemPrincipal. r=ckerschb r=valentin r=francois (I'm unable to block bug 1409449. editbugs permissions are not enough^^) Personally I could live with this, but it's confusing. Could you please CC me in bug 1409449? (I wasn't fast enough.) Thank you!
Flags: needinfo?(dd.mozilla)
Reporter | ||
Comment 1•6 years ago
|
||
This problem also occurs when pasting https://auth-demo.aerobatic.io/protected-standard/ into the locationbar of a fresh profile and pressing Enter. (Accessing https://anonymizer.info/de/?https://auth-demo.aerobatic.io/protected-standard/ would work to get a dialog, but a very bad advice.) I like using HTTP Basic Auth to protect PowerAdmin/PHPMyAdmin and - what everyone should do - to protect WordPress installers: https://www.golem.de/news/certificate-transparency-hacking-web-applications-before-they-are-installed-1707-129172.html (In general I like the idea to restrict basic auth to manual first-party requests (network.auth.subresource-http-auth-allow;0) in form of https://user:pw@host/.) Even if a security issue would be the reason for this I couldn't imagine that you could ship such a behavior to ESR users. An exception for accessing https://auth-demo.aerobatic.io/protected-standard via bookmark or awesomebar would be useful.
Assignee | ||
Comment 2•6 years ago
|
||
I think I have a bug in my patch... I will fix it.
Assignee: nobody → dd.mozilla
Status: NEW → ASSIGNED
Flags: needinfo?(dd.mozilla)
Assignee | ||
Comment 3•6 years ago
|
||
Thanks for reporting it so quickly, the patch just landed.
Assignee | ||
Comment 4•6 years ago
|
||
Attachment #8936781 -
Flags: review?(ckerschb)
Assignee | ||
Comment 5•6 years ago
|
||
I forgot to remove my debuging fprintf-s.
Attachment #8936781 -
Attachment is obsolete: true
Attachment #8936781 -
Flags: review?(ckerschb)
Attachment #8936782 -
Flags: review?(ckerschb)
Comment 7•6 years ago
|
||
(In reply to Dragana Damjanovic [:dragana] from comment #2) > I think I have a bug in my patch... I will fix it. Can you explain what the bug in your code was semantically?
Flags: needinfo?(dd.mozilla)
Comment 8•6 years ago
|
||
Comment on attachment 8936782 [details] [diff] [review] bug_1425156.patch Review of attachment 8936782 [details] [diff] [review]: ----------------------------------------------------------------- (In reply to Christoph Kerschbaumer [:ckerschb] from comment #7) > (In reply to Dragana Damjanovic [:dragana] from comment #2) > > I think I have a bug in my patch... I will fix it. > > Can you explain what the bug in your code was semantically? Oh, I see, because top-level loads also use the SystemPrincipal as the triggeringPrincipal. I guess that makes sense.
Attachment #8936782 -
Flags: review?(ckerschb) → review+
Pushed by dd.mozilla@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/e098500c325d Fix bug in the http-auth dialog blocking. r=ckerschb
Assignee | ||
Updated•6 years ago
|
Flags: needinfo?(dd.mozilla)
Comment 11•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/e098500c325d
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Comment 12•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/e098500c325d
Reporter | ||
Comment 14•6 years ago
|
||
Verified fixed in Nightly 59 x64 20171215100105 de_DE @ Debian Testing (KDE). Thank you! Now I will be asked for HTTP Basic Auth credentials when: * pasting into the locationbar * opening a bookmark * opening a bookmark in the sidebar * loading it as home page
Status: RESOLVED → VERIFIED
Has Regression Range: --- → yes
Has STR: --- → yes
Comment 15•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/397ac8ff4faa
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•