Closed Bug 1812003 Opened 3 years ago Closed 3 years ago

Basic auth should send Authorization header with fetch request

Categories

(Core :: DOM: Networking, enhancement)

Product:
Core
Component:
DOM: Networking
Version:
Firefox 109
Type:
enhancement

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: midgleyc, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0

Steps to reproduce:

This is for parity with Chrome.

  1. Go to a site which requires Basic authentication (https://example.com/a/)
  2. Log in.
  3. Have that site make a fetch (or XHR) request to https://example.com/b/, which also requires basic authentication with the same credentials

Actual results:

Firefox does not include the Authorization header, so the request fails.

Expected results:

Chrome includes the Authorization header, and the request succeeds.

I'm not sure what the "right" behaviour is per spec, but Chrome's is more helpful from a user perspective.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Networking
Product: Firefox → Core

Could you check your use case with Nightly?
We recently landed something that might have be affecting this.

At the same time, fetch and XHR don't include credentials by default:
https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sending_a_request_with_credentials_included
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

Let me know if this fixes your issues

Flags: needinfo?(midgleyc)

I've checked Nightly and there is no difference unfortunately.

It's hard to tell exactly what's going on because the application I'm trying to access uses Angular, so I don't know exactly how it's sending the request.

In specific, I am running ksokol/mailsink:0.5.0, with "/" proxied to "/mail", with a htpasswd file providing basic auth. When I click "Plain text with attachment" and move to the Attachments tab, on Firefox I get "Warning! Could not fetch attachments", but on Chrome I get the attachments. It tries to access a URL under "/mails", and Chrome sends the basic auth credentials but Firefox does not.

Flags: needinfo?(midgleyc)

Could you provide a public site to test this?
Otherwise, is this a recent issue? Could you test with older versions of Firefox and maybe use mozregression to find when the issues started happening?
Otherwise, could you provide some output from the Devtools console, or a profile with logs to figure what's wrong? Thanks!

Flags: needinfo?(midgleyc)
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.