Closed Bug 1425307 Opened 7 years ago Closed 7 years ago

not getting prompted for http authentication for some websites

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
57 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1425156
Tracking Flags:
Tracking Status
firefox59 + fixed

People

(Reporter: bhearsum, Unassigned)

References

Details

(Keywords: regression)

Sometime this week I stopped getting prompted for HTTP auth to a few internal services, and instead I immediately get a 401. On the same laptop, I get prompted for auth by chrome.
From the Network tab: { "log": { "version": "1.1", "creator": { "name": "Firefox", "version": "59.0a1" }, "browser": { "name": "Firefox", "version": "59.0a1" }, "pages": [ { "startedDateTime": "2017-12-14T14:06:56.257-06:00", "id": "page_1", "title": "401 Authorization Required", "pageTimings": { "onContentLoad": -1, "onLoad": -1 } } ], "entries": [ { "pageref": "page_1", "startedDateTime": "2017-12-14T14:06:56.257-06:00", "time": null, "request": { "bodySize": 0, "method": "GET", "url": "https://balrog-admin.stage.mozaws.net/", "httpVersion": "HTTP/1.1", "headers": [ { "name": "Host", "value": "balrog-admin.stage.mozaws.net" }, { "name": "User-Agent", "value": "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0" }, { "name": "Accept", "value": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" }, { "name": "Accept-Language", "value": "tl,en-CA;q=0.5" }, { "name": "Accept-Encoding", "value": "gzip, deflate, br" }, { "name": "Cookie", "value": "REDACTED" }, { "name": "DNT", "value": "1" }, { "name": "Connection", "value": "keep-alive" }, { "name": "Upgrade-Insecure-Requests", "value": "1" }, { "name": "Cache-Control", "value": "max-age=0" } ], "cookies": [], "queryString": [], "headersSize": 527 }, "response": { "status": 401, "statusText": "Unauthorized", "httpVersion": "HTTP/1.1", "headers": [ { "name": "Date", "value": "Thu, 14 Dec 2017 20:06:56 GMT" }, { "name": "Content-Type", "value": "text/html" }, { "name": "Content-Length", "value": "188" }, { "name": "Connection", "value": "keep-alive" }, { "name": "WWW-Authenticate", "value": "Basic realm=\"auth required\"" } ], "cookies": [], "content": { "mimeType": "text/html", "size": 188, "text": "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" }, "redirectURL": "", "headersSize": 183, "bodySize": 371 }, "cache": {}, "timings": { "blocked": 0, "dns": 0, "connect": 0, "ssl": 0, "send": 0, "wait": 154, "receive": 0 }, "serverIPAddress": "52.71.237.144", "connection": "443" } ] } }
[Tracking Requested - why for this release]: I'm seeing this as well, first noticing it on a Nightly from today. This is a regression, not sure yet from what, but this creates a problem for anyone who shields access from some sites via TLS+HTTPAuth, which AFAIK is totally fine security-wise.
tracking-firefox59: --- → ?
Keywords: regression
FWIW, I'm seeing this on a site that has TLS+HTTPAuth set for the whole site and I'm navigating to the plain top-level URI of the site. When I flip network.auth.non-web-content-triggered-resources-http-auth-allow to true in about:config, I get the auth prompt again that I don't get by default.
As the pref I mention in comment #3 was added in https://hg.mozilla.org/mozilla-central/rev/c31b663b4dd2 by Dragana for bug 1409449, CCing her and adding the dependency.
Blocks: CVE-2018-5115
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Fixed in the duplicate. Tracking just in case this reopens for any reason.
status-firefox59: --- → fixed
tracking-firefox59: ?+
You need to log in before you can comment on or make changes to this bug.