“Edit and resend” in dev tools Network tab doesn’t use client-side TLS certificate
Categories
(DevTools :: Netmonitor, defect, P4)
Tracking
(Not tracked)
People
(Reporter: me, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 Build ID: 20180725220116 Steps to reproduce: 1. Use a domain that requires a client-side TLS certificate. 2. Open the Network tab of the dev tools. 3. Right click on a request, and “Edit and Resend”. 4. Send. Actual results: 400 Bad Request, because the client certificate was not sent with the request. Expected results: The request should have succeeded.
Comment 1•6 years ago
|
||
Thanks for the report!
> 1. Use a domain that requires a client-side TLS certificate.
Do you have an example (online) page we could use to test this issue?
Honza
Updated•6 years ago
|
Reporter | ||
Comment 2•6 years ago
|
||
Cloudflare operate auth.pizza for this purpose: https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth
Comment 3•6 years ago
|
||
Confirming (FF 63.0.1) Happens both with GET and POST requests. See https://stackoverflow.com/questions/38095559/https-test-server-that-checks-client-certificates for test sites and client certificates.
Still here in v67.0.4
This makes the feature useless on sites using client certificates.
Comment 5•5 years ago
|
||
(In reply to Chris Morgan from comment #2)
Cloudflare operate auth.pizza for this purpose:
https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-
Client-Auth
I am seeing 404 Page not found
when loading the page.
I still need clean and simple STR to repro this on my machine.
Honza
Reporter | ||
Comment 6•5 years ago
|
||
Alas, auth.pizza is no more. Fortunately others still work: I suggest installing the client certificate from https://badssl.com/download/ and using https://client.badssl.com/ as the test URL.
Interestingly, it looks like this bug is fixed on Nightly: I can’t reproduce the failure any more, for client.badssl.com or for the company domain that led me to file this bug a year ago.
Comment 7•5 years ago
|
||
(In reply to Chris Morgan from comment #6)
Interestingly, it looks like this bug is fixed on Nightly: I can’t reproduce the failure any more, for client.badssl.com or for the company domain that led me to file this bug a year ago.
I see, good. I am closing the report for now, but feel free to reopen if you see the problem again.
Thanks,
Honza
Comment 8•3 years ago
|
||
Still seeing this bug in 78.12.0esr (64-bit)..
This bug duplicates https://bugzilla.mozilla.org/show_bug.cgi?id=1608402.
Description
•