Closed Bug 1478630 Opened 6 years ago Closed 5 years ago

“Edit and resend” in dev tools Network tab doesn’t use client-side TLS certificate

Categories

(DevTools :: Netmonitor, defect, P4)

Product:
DevTools
Component:
Netmonitor
Version:
63 Branch
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: me, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Build ID: 20180725220116

Steps to reproduce:

1. Use a domain that requires a client-side TLS certificate.
2. Open the Network tab of the dev tools.
3. Right click on a request, and “Edit and Resend”.
4. Send.


Actual results:

400 Bad Request, because the client certificate was not sent with the request.


Expected results:

The request should have succeeded.
Component: Untriaged → Netmonitor
Product: Firefox → DevTools
Thanks for the report!

> 1. Use a domain that requires a client-side TLS certificate.
Do you have an example (online) page we could use to test this issue?

Honza
Flags: needinfo?(me)
Priority: -- → P4
Cloudflare operate auth.pizza for this purpose: https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth
Flags: needinfo?(me)
Confirming (FF 63.0.1)

Happens both with GET and POST requests.

See https://stackoverflow.com/questions/38095559/https-test-server-that-checks-client-certificates  for test sites and client certificates.

Still here in v67.0.4

This makes the feature useless on sites using client certificates.

(In reply to Chris Morgan from comment #2)

Cloudflare operate auth.pizza for this purpose:
https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-
Client-Auth

I am seeing 404 Page not found when loading the page.

I still need clean and simple STR to repro this on my machine.

Honza

Flags: needinfo?(me)

Alas, auth.pizza is no more. Fortunately others still work: I suggest installing the client certificate from https://badssl.com/download/ and using https://client.badssl.com/ as the test URL.

Interestingly, it looks like this bug is fixed on Nightly: I can’t reproduce the failure any more, for client.badssl.com or for the company domain that led me to file this bug a year ago.

Flags: needinfo?(me)

(In reply to Chris Morgan from comment #6)

Interestingly, it looks like this bug is fixed on Nightly: I can’t reproduce the failure any more, for client.badssl.com or for the company domain that led me to file this bug a year ago.

I see, good. I am closing the report for now, but feel free to reopen if you see the problem again.

Thanks,
Honza

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

Still seeing this bug in 78.12.0esr (64-bit)..

This bug duplicates https://bugzilla.mozilla.org/show_bug.cgi?id=1608402.

You need to log in before you can comment on or make changes to this bug.