Firefox asks for proxy password when typing into the address bar
Categories
(Core :: Networking, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox66 | --- | wontfix |
| firefox67 | --- | fixed |
| firefox68 | --- | verified |
People
(Reporter: SanskritFritz+github, Assigned: mayhemer)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [necko-triaged][ntlm])
Attachments
(3 files)
|
89.59 KB,
application/x-7z-compressed
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
|
2.97 KB,
patch
|
pascalc
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
Steps to reproduce:
We're using Microsoft EMG proxy with NTLM authentication at our workplace.
The proxy settings in Firefox:
Manual proxy configuration / HTTP proxy: proxyurl.biz Port: 8080
☑ Use this proxy server for all protocols
No proxy for: localhost, 127.0.0.1
☑ Do not prompt for authentication if password is saved
When I start Firefox it asks for the proxy username/password once and I can use the browser without problems.
However when I start to type into the address bar, Firefox pops up the same user/password dialog after every typed character.
This bug appeared first in Firefox version 65, downgrading to version 64 solved the problem. Now we're at version 66, the problem is still present. Downgrading is not possible anymore due to library dependecies, so I switched to cntlm, this way Firefox doesn't have to ask for a password.
Tested on Arch Linux, Fedora, Debian Jessie.
|
Reporter | |
Comment 1•6 months ago
|
||
I was asked to write a new bug report here: https://bugzilla.mozilla.org/show_bug.cgi?id=1520125
|
||
Updated•6 months ago
|
|
Assignee | |
Comment 2•6 months ago
|
||
Thanks for filing this. I will ask you to provide a log then as described at [1]. URLs, proxy settings and cookies will be visible, so feel free to send it to my bugzilla email directly.
|
|
Reporter | |
Comment 3•6 months ago
|
||
frank@FrankVM ~> firefox --profilemanager -MOZ_LOG=timestamp,rotate:200,nsHttp:5,cache2:5,nsSocketTransport:5,nsHostResolver:5 -MOZ_LOG_FILE=/home/frank/temp/mozilla_log_20190326.txt
|
|
Reporter | |
Comment 4•6 months ago
|
||
I attached the log files.
I started a new profile, saved the proxy password at start and typed "hello" into the address bar, while the password dialog appeared after every keypress (except the first "h", probably because Firefox doesn't start a search on only one letter).
|
|
Assignee | |
Comment 5•6 months ago
|
||
Thanks. I believe I know what's going on here. The patch in bug 1520125 is rather incomplete. It ignores the OA isolation suffix only for one of possible code paths to obtain cached credentials. There are more places we need to ignore the suffix for proxy as well. Specifically for all call sites of [1] and for this particular case at [2].
P1 to definitely fix this in this cycle as 68 is the next esr.
[1] https://searchfox.org/mozilla-central/rev/2c912888e3b7ae4baf161d98d7a01434f31830aa/netwerk/protocol/http/nsHttpAuthCache.h#167,176
[2] https://searchfox.org/mozilla-central/rev/2c912888e3b7ae4baf161d98d7a01434f31830aa/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp#695
|
|
Reporter | |
Comment 6•6 months ago
|
||
I'm glad I could help and thanks for doing this.
|
|
Assignee | |
Comment 7•6 months ago
|
||
|
|
Assignee | |
Comment 8•6 months ago
|
||
|
|
Assignee | |
Comment 9•6 months ago
|
||
I decided not to write a test for this, because the proxy involved here is ntlm (for which we don't store proxy-authorization request headers, the bit that bug 1520125 has fixed).
creating that test falls into the ntlm-automated-tests bucket, a road I don't want to go now.
|
|
Assignee | |
Updated•6 months ago
|
|
|
Reporter | |
Comment 10•6 months ago
|
||
If I can help with testing somehow, just call me.
|
||
Comment 11•6 months ago
|
||
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/77fe863f36eb
Don't isolate proxy auth credential cache by origin attributes on all places, r=valentin
|
||
Comment 12•6 months ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 13•6 months ago
|
||
SanskritFritz, if you can, please install the latest Nightly [1] and test with it. It will create a separate profile, so you will have to set the proxy in Firefox Nightly preferences again.
Thanks!
|
|
Reporter | |
Comment 14•6 months ago
|
||
:mayhemer
I have downloaded the Linux 64 nightly build and ran it.
I can confirm that the bug has been fixed there.
|
|
Assignee | |
Comment 15•6 months ago
|
||
Just to confirm - you mean Linux x64 (64-bit) build, right?
Thanks! Marking as verified.
|
|
Reporter | |
Comment 16•6 months ago
|
||
Yes, exactly :D
|
||
Comment 17•6 months ago
|
||
Honza, do you think that your patch would be safe to uplift to 67 beta? Thanks
|
|
Assignee | |
Comment 18•6 months ago
|
||
(In reply to Pascal Chevrel:pascalc from comment #17)
Honza, do you think that your patch would be safe to uplift to 67 beta? Thanks
possibly.
|
||
Updated•6 months ago
|
|
|
||
Comment 19•6 months ago
|
||
(In reply to Honza Bambas (:mayhemer) from comment #18)
(In reply to Pascal Chevrel:pascalc from comment #17)
Honza, do you think that your patch would be safe to uplift to 67 beta? Thanks
possibly.
Could you make an uplift request then? Thanks
|
|
Assignee | |
Comment 20•6 months ago
|
||
Beta/Release Uplift Approval Request
- Feature/Bug causing the regression: https://bugzilla.mozilla.org/show_bug.cgi?id=1520125#c16
- User impact if declined: default credentials for ntlm proxies are not used when typing to an address bar, this is unexpected and highly annoying.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: I think comment 0 may be a good STR source, but this is somewhat hard to setup
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): this only removes isolation of session-cached proxy credentials by OA, I don't expect anything to break with this change, it's relatively isolated
- String changes made/needed: -
|
|
Assignee | |
Updated•6 months ago
|
|
|
Assignee | |
Updated•6 months ago
|
|
||
Comment 21•6 months ago
|
||
(In reply to SanskritFritz+github from comment #14)
:mayhemer
I have downloaded the Linux 64 nightly build and ran it.
I can confirm that the bug has been fixed there.
Could you please verify this when the fix will land in Firefox 67? I will provide you the URL's build when it's ready.
|
|
||
Comment 22•6 months ago
|
||
Comment on attachment 9056648 [details] [diff] [review] Beta patch Low risk patch for a recent regression, approved for 67 beta 10, thanks.
|
|
Reporter | |
Comment 23•6 months ago
|
||
(In reply to Camelia Badau [:cbadau], Release Desktop QA from comment #21)
(In reply to SanskritFritz+github from comment #14)
:mayhemer
I have downloaded the Linux 64 nightly build and ran it.
I can confirm that the bug has been fixed there.Could you please verify this when the fix will land in Firefox 67? I will provide you the URL's build when it's ready.
Yes, sure, I will test it then.
|
|
||
Updated•6 months ago
|
|
||
Comment 24•6 months ago
|
||
| bugherderuplift | ||
|
|
Assignee | |
Comment 25•6 months ago
|
||
Pascal, the correct regressing bug is bug 1510281.
|
||
Comment 26•5 months ago
|
||
Hi. Please see bug 1548804 as this may have regressed something.
|
||
Updated•5 months ago
|
Description
•