Closed Bug 1538737 Opened 6 months ago Closed 6 months ago

Firefox asks for proxy password when typing into the address bar

Categories

(Core :: Networking, defect)

65 Branch
defect
Not set

Tracking

()

VERIFIED FIXED
mozilla68
Tracking Status
firefox-esr60 --- unaffected
firefox66 --- wontfix
firefox67 --- fixed
firefox68 --- verified

People

(Reporter: SanskritFritz+github, Assigned: mayhemer)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [necko-triaged][ntlm])

Attachments

(3 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

We're using Microsoft EMG proxy with NTLM authentication at our workplace.
The proxy settings in Firefox:

Manual proxy configuration / HTTP proxy: proxyurl.biz Port: 8080
☑ Use this proxy server for all protocols
No proxy for: localhost, 127.0.0.1
☑ Do not prompt for authentication if password is saved

When I start Firefox it asks for the proxy username/password once and I can use the browser without problems.
However when I start to type into the address bar, Firefox pops up the same user/password dialog after every typed character.

This bug appeared first in Firefox version 65, downgrading to version 64 solved the problem. Now we're at version 66, the problem is still present. Downgrading is not possible anymore due to library dependecies, so I switched to cntlm, this way Firefox doesn't have to ask for a password.

Tested on Arch Linux, Fedora, Debian Jessie.

I was asked to write a new bug report here: https://bugzilla.mozilla.org/show_bug.cgi?id=1520125

Component: Untriaged → Networking
Keywords: regression
Product: Firefox → Core
Version: 66 Branch → 65 Branch

Thanks for filing this. I will ask you to provide a log then as described at [1]. URLs, proxy settings and cookies will be visible, so feel free to send it to my bugzilla email directly.

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging#Start_logging_using_command_line_arguments

Flags: needinfo?(SanskritFritz+github)
frank@FrankVM ~> firefox --profilemanager -MOZ_LOG=timestamp,rotate:200,nsHttp:5,cache2:5,nsSocketTransport:5,nsHostResolver:5 -MOZ_LOG_FILE=/home/frank/temp/mozilla_log_20190326.txt
Flags: needinfo?(SanskritFritz+github)

I attached the log files.
I started a new profile, saved the proxy password at start and typed "hello" into the address bar, while the password dialog appeared after every keypress (except the first "h", probably because Firefox doesn't start a search on only one letter).

Thanks. I believe I know what's going on here. The patch in bug 1520125 is rather incomplete. It ignores the OA isolation suffix only for one of possible code paths to obtain cached credentials. There are more places we need to ignore the suffix for proxy as well. Specifically for all call sites of [1] and for this particular case at [2].

P1 to definitely fix this in this cycle as 68 is the next esr.

[1] https://searchfox.org/mozilla-central/rev/2c912888e3b7ae4baf161d98d7a01434f31830aa/netwerk/protocol/http/nsHttpAuthCache.h#167,176
[2] https://searchfox.org/mozilla-central/rev/2c912888e3b7ae4baf161d98d7a01434f31830aa/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp#695

Assignee: nobody → honzab.moz
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [necko-triaged]

I'm glad I could help and thanks for doing this.

Blocks: 1534190
No longer blocks: 1534190

I decided not to write a test for this, because the proxy involved here is ntlm (for which we don't store proxy-authorization request headers, the bit that bug 1520125 has fixed).

creating that test falls into the ntlm-automated-tests bucket, a road I don't want to go now.

Whiteboard: [necko-triaged] → [necko-triaged][ntlm]
Keywords: checkin-needed

If I can help with testing somehow, just call me.

Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/77fe863f36eb
Don't isolate proxy auth credential cache by origin attributes on all places, r=valentin

Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

SanskritFritz, if you can, please install the latest Nightly [1] and test with it. It will create a separate profile, so you will have to set the proxy in Firefox Nightly preferences again.

Thanks!

[1] https://www.mozilla.org/en-US/firefox/nightly/all/

Flags: needinfo?(SanskritFritz+github)

:mayhemer
I have downloaded the Linux 64 nightly build and ran it.
I can confirm that the bug has been fixed there.

Flags: needinfo?(SanskritFritz+github)

Just to confirm - you mean Linux x64 (64-bit) build, right?

Thanks! Marking as verified.

Status: RESOLVED → VERIFIED

Yes, exactly :D

Honza, do you think that your patch would be safe to uplift to 67 beta? Thanks

Flags: needinfo?(honzab.moz)

(In reply to Pascal Chevrel:pascalc from comment #17)

Honza, do you think that your patch would be safe to uplift to 67 beta? Thanks

possibly.

Flags: needinfo?(honzab.moz)

(In reply to Honza Bambas (:mayhemer) from comment #18)

(In reply to Pascal Chevrel:pascalc from comment #17)

Honza, do you think that your patch would be safe to uplift to 67 beta? Thanks

possibly.

Could you make an uplift request then? Thanks

Flags: needinfo?(honzab.moz)
Attached patch Beta patchSplinter Review

Beta/Release Uplift Approval Request

  • Feature/Bug causing the regression: https://bugzilla.mozilla.org/show_bug.cgi?id=1520125#c16
  • User impact if declined: default credentials for ntlm proxies are not used when typing to an address bar, this is unexpected and highly annoying.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: I think comment 0 may be a good STR source, but this is somewhat hard to setup
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): this only removes isolation of session-cached proxy credentials by OA, I don't expect anything to break with this change, it's relatively isolated
  • String changes made/needed: -
Flags: needinfo?(honzab.moz)
Attachment #9056648 - Flags: approval-mozilla-beta?
Attachment #9054528 - Flags: approval-mozilla-beta?
Flags: qe-verify?

(In reply to SanskritFritz+github from comment #14)

:mayhemer
I have downloaded the Linux 64 nightly build and ran it.
I can confirm that the bug has been fixed there.

Could you please verify this when the fix will land in Firefox 67? I will provide you the URL's build when it's ready.

Flags: qe-verify? → needinfo?(SanskritFritz+github)
Has Regression Range: --- → yes
Regressed by: 1520125
Comment on attachment 9056648 [details] [diff] [review]
Beta patch

Low risk patch for a recent regression, approved for 67 beta 10, thanks.
Attachment #9056648 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

(In reply to Camelia Badau [:cbadau], Release Desktop QA from comment #21)

(In reply to SanskritFritz+github from comment #14)

:mayhemer
I have downloaded the Linux 64 nightly build and ran it.
I can confirm that the bug has been fixed there.

Could you please verify this when the fix will land in Firefox 67? I will provide you the URL's build when it's ready.

Yes, sure, I will test it then.

Flags: needinfo?(SanskritFritz+github)
Attachment #9054528 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Pascal, the correct regressing bug is bug 1510281.

Regressed by: 1510281
No longer regressed by: 1520125

Hi. Please see bug 1548804 as this may have regressed something.

Regressed by: 1548804
No longer regressed by: 1548804
Regressions: 1548804
See Also: → 1520125
You need to log in before you can comment on or make changes to this bug.