Open Bug 1735850 Opened 4 years ago Updated 5 months ago

Firefox doesn't support userhash in Digest Auth from rfc7616

Categories

(Core :: Networking: HTTP, enhancement, P3)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement

Tracking

()

People

(Reporter: dveditz, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

The RFC 7616 update to Digest Auth specifies Username Hashing and a userhash parameter in http auth request/response headers which Firefox does not support. Because our responses to a userhash=true request don't respond in kind servers can tell that we don't support it and presumably handle it fine, although the specification gives them the option to reject the request.

This is almost certainly low priority without a compelling usecase, but it was noted by Junior in bug 41489 comment 195 as unfinished work so I'm moving it here in order to close that otherwise long-fixed bug.

See Also: → 41489
Assignee: nobody → valentin.gosu
Severity: -- → S3
Priority: -- → P3
Whiteboard: [necko-triaged]
Assignee: valentin.gosu → nobody
Blocks: necko-auth

Quick note that userhash will be useful for HTTPS proxying, where the username does not travel over the network as clear text.

Obscuring the username when using HTTPS proxies is the key use case for userhash.

You need to log in before you can comment on or make changes to this bug.