Closed Bug 146494 Opened 22 years ago Closed 22 years ago

Clicking "cancel" on a htaccess prompt continues the request

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 123652

People

(Reporter: ahde, Assigned: mpt)

Details

Clicking "cancel" on a htaccess prompt continues the request

On a .htaccess protected page with a username and password prompt, if you click 
the cancel button, the request is still sent and you get the "401 Authorization 
required" message.  

For example try:  http://www.kfalls.net/~ahde/secret

This is fairly standard behavior across browsers.  IE 5.5, Netscape 4.7, & 
Mozilla.  

I would like to propose a UI change so that when you click "cancel", it returns 
to the previous page rather than giving the 401.  This is counter-intuitive.  
Since the request has already been sent, (how else would the browser know 
autorization is required), the proposed solution might have to trigger the back 
button and reload the previous page.  But since the page hasn't been redrawn, it 
might not be necessary.  If there was a way to abort a page load, this could 
save resources, but might be trickier to implement.  

Another advantage would be that since only the challenge was sent from the 
server, you could save the terrible bandwidth burden imposed by all those 
graphic intensive (probably with flash and background midi) custom error pages.

I'm not sure if any other dialogs besides the .htaccess prompt have similar 
behavior.
That dialog is a Basic Auth, and there's already a request to stop the
authentification process and go back.

*** This bug has been marked as a duplicate of 123652 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Component: User Interface Design → Browser-General
VERIFIED/dupe.

I'm verifying this as dupe, because I think your intent was to ask for that, but
I  want to clarify one aspect.

When you first request the page, you send no auth, and the server sends back a
rejection. The browser automatically figures out it should have asked your for
auth, so it asks you.

The 401 response triggers the http-auth dialog, and also includes the error page
in the response. The display is supressed, unless you hit cancel, you never see
the pre-loaded error page.

There is no way to supress receiving the error page. Web admins that create
over-sized error pages probably are guilty of creating bloated content as well.
Status: RESOLVED → VERIFIED
Component: Browser-General → Networking: HTTP
QA Contact: zach → httpqa
You need to log in before you can comment on or make changes to this bug.