Closed
Bug 1425307
Opened 6 years ago
Closed 6 years ago
not getting prompted for http authentication for some websites
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1425156
People
(Reporter: bhearsum, Unassigned)
References
Details
(Keywords: regression)
Sometime this week I stopped getting prompted for HTTP auth to a few internal services, and instead I immediately get a 401. On the same laptop, I get prompted for auth by chrome.
|
Reporter | |
Comment 1•6 years ago
|
||
From the Network tab:
{
"log": {
"version": "1.1",
"creator": {
"name": "Firefox",
"version": "59.0a1"
},
"browser": {
"name": "Firefox",
"version": "59.0a1"
},
"pages": [
{
"startedDateTime": "2017-12-14T14:06:56.257-06:00",
"id": "page_1",
"title": "401 Authorization Required",
"pageTimings": {
"onContentLoad": -1,
"onLoad": -1
}
}
],
"entries": [
{
"pageref": "page_1",
"startedDateTime": "2017-12-14T14:06:56.257-06:00",
"time": null,
"request": {
"bodySize": 0,
"method": "GET",
"url": "https://balrog-admin.stage.mozaws.net/",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Host",
"value": "balrog-admin.stage.mozaws.net"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0"
},
{
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
},
{
"name": "Accept-Language",
"value": "tl,en-CA;q=0.5"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br"
},
{
"name": "Cookie",
"value": "REDACTED"
},
{
"name": "DNT",
"value": "1"
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Upgrade-Insecure-Requests",
"value": "1"
},
{
"name": "Cache-Control",
"value": "max-age=0"
}
],
"cookies": [],
"queryString": [],
"headersSize": 527
},
"response": {
"status": 401,
"statusText": "Unauthorized",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Date",
"value": "Thu, 14 Dec 2017 20:06:56 GMT"
},
{
"name": "Content-Type",
"value": "text/html"
},
{
"name": "Content-Length",
"value": "188"
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "WWW-Authenticate",
"value": "Basic realm=\"auth required\""
}
],
"cookies": [],
"content": {
"mimeType": "text/html",
"size": 188,
"text": "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
},
"redirectURL": "",
"headersSize": 183,
"bodySize": 371
},
"cache": {},
"timings": {
"blocked": 0,
"dns": 0,
"connect": 0,
"ssl": 0,
"send": 0,
"wait": 154,
"receive": 0
},
"serverIPAddress": "52.71.237.144",
"connection": "443"
}
]
}
}
|
||
Comment 2•6 years ago
|
||
[Tracking Requested - why for this release]: I'm seeing this as well, first noticing it on a Nightly from today. This is a regression, not sure yet from what, but this creates a problem for anyone who shields access from some sites via TLS+HTTPAuth, which AFAIK is totally fine security-wise.
tracking-firefox59:
--- → ?
Keywords: regression
|
|
||
Comment 3•6 years ago
|
||
FWIW, I'm seeing this on a site that has TLS+HTTPAuth set for the whole site and I'm navigating to the plain top-level URI of the site. When I flip network.auth.non-web-content-triggered-resources-http-auth-allow to true in about:config, I get the auth prompt again that I don't get by default.
|
|
||
Comment 4•6 years ago
|
||
As the pref I mention in comment #3 was added in https://hg.mozilla.org/mozilla-central/rev/c31b663b4dd2 by Dragana for bug 1409449, CCing her and adding the dependency.
Blocks: CVE-2018-5115
|
||
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
|
||
Comment 6•6 years ago
|
||
Fixed in the duplicate. Tracking just in case this reopens for any reason.
status-firefox59:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•