Closed Bug 1425307 Opened 3 years ago Closed 3 years ago

not getting prompted for http authentication for some websites

Categories

(Firefox :: General, defect)

57 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1425156
Tracking Status
firefox59 + fixed

People

(Reporter: bhearsum, Unassigned)

References

Details

(Keywords: regression)

Sometime this week I stopped getting prompted for HTTP auth to a few internal services, and instead I immediately get a 401. On the same laptop, I get prompted for auth by chrome.
From the Network tab:
{
  "log": {
    "version": "1.1",
    "creator": {
      "name": "Firefox",
      "version": "59.0a1"
    },
    "browser": {
      "name": "Firefox",
      "version": "59.0a1"
    },
    "pages": [
      {
        "startedDateTime": "2017-12-14T14:06:56.257-06:00",
        "id": "page_1",
        "title": "401 Authorization Required",
        "pageTimings": {
          "onContentLoad": -1,
          "onLoad": -1
        }
      }
    ],
    "entries": [
      {
        "pageref": "page_1",
        "startedDateTime": "2017-12-14T14:06:56.257-06:00",
        "time": null,
        "request": {
          "bodySize": 0,
          "method": "GET",
          "url": "https://balrog-admin.stage.mozaws.net/",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Host",
              "value": "balrog-admin.stage.mozaws.net"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0"
            },
            {
              "name": "Accept",
              "value": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
            },
            {
              "name": "Accept-Language",
              "value": "tl,en-CA;q=0.5"
            },
            {
              "name": "Accept-Encoding",
              "value": "gzip, deflate, br"
            },
            {
              "name": "Cookie",
              "value": "REDACTED"
            },
            {
              "name": "DNT",
              "value": "1"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Upgrade-Insecure-Requests",
              "value": "1"
            },
            {
              "name": "Cache-Control",
              "value": "max-age=0"
            }
          ],
          "cookies": [],
          "queryString": [],
          "headersSize": 527
        },
        "response": {
          "status": 401,
          "statusText": "Unauthorized",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Date",
              "value": "Thu, 14 Dec 2017 20:06:56 GMT"
            },
            {
              "name": "Content-Type",
              "value": "text/html"
            },
            {
              "name": "Content-Length",
              "value": "188"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "WWW-Authenticate",
              "value": "Basic realm=\"auth required\""
            }
          ],
          "cookies": [],
          "content": {
            "mimeType": "text/html",
            "size": 188,
            "text": "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
          },
          "redirectURL": "",
          "headersSize": 183,
          "bodySize": 371
        },
        "cache": {},
        "timings": {
          "blocked": 0,
          "dns": 0,
          "connect": 0,
          "ssl": 0,
          "send": 0,
          "wait": 154,
          "receive": 0
        },
        "serverIPAddress": "52.71.237.144",
        "connection": "443"
      }
    ]
  }
}
[Tracking Requested - why for this release]:
I'm seeing this as well, first noticing it on a Nightly from today. This is a regression, not sure yet from what, but this creates a problem for anyone who shields access from some sites via TLS+HTTPAuth, which AFAIK is totally fine security-wise.
Keywords: regression
FWIW, I'm seeing this on a site that has TLS+HTTPAuth set for the whole site and I'm navigating to the plain top-level URI of the site. When I flip network.auth.non-web-content-triggered-resources-http-auth-allow to true in about:config, I get the auth prompt again that I don't get by default.
As the pref I mention in comment #3 was added in https://hg.mozilla.org/mozilla-central/rev/c31b663b4dd2 by Dragana for bug 1409449, CCing her and adding the dependency.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1425156
Fixed in the duplicate. Tracking just in case this reopens for any reason.
You need to log in before you can comment on or make changes to this bug.