Closed Bug 221793 Opened 21 years ago Closed 19 years ago

proxy auth not sent when accessing an URL like http://userid:password@domainname.tld

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
Other Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED EXPIRED

People

(Reporter: bugtraq, Assigned: darin.moz)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: regression)

User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 Build Identifier: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 I'm behind a proxy server that uses basic authentication. After login, it's no problem to access any web page. But when I click on a page that has a URL in the form of http://userid:password@domainname.tld Firebird does not send my (or sends a wrong, maybe userid/password from URL?) authentication to the proxy server. This works using Mozilla 1.4, Firebird 0.61 (OS/2-build!) but fails in Firebird 0.61 and 0.71 on Windows/NT. Reproducible: Always Steps to Reproduce: 1. Use Proxy with basic authentication (not NTLM). 2. Logon to your proxy. 3. Select a bookmark or type in a URL in the form of http://userid:password@domainname.tld Actual Results: proxy denies access (proxy log says: unknown user = no access) Expected Results: Access to the web page or at least user prompt for http password. sounds similar to an firebird-bug for os/2 (# 219067), that is fixed in the os/2 build unfortunately this bug prevents our company from using firebird productively :-(
Reporter, does the same issue occur in current Mozilla builds? (Such as the 1.5 release candidates available at www.mozilla.org) it could be a generic networking problem that changed since 1.4, or something specific to the password manager changes in Firebird, so we need to try to isolate this further.
QA Contact: mpconnor
Hello Mike, I've downloaded Mozilla 1.5rc2 [Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5)Gecko/20030925] and the item occurs there a bit differently, so I made some tests with Firebird 0.61/0.71 and Moz. 1.5rc2 (Moz. 1.5rc2 behaves like Firebird 0.71): Test 1: - started Firebird 0.61 - URL: http://user:pass@domain.tld/ - Prompt: Enter proxy-user/password (in dialog box) - Proxy: "Access denied." - Relaod Page - Proxy: "Access denied." - URL: http://domain.tlc/ - Prompt: Enter http-user/password (in dialog box) - Proxy: "Access denied." - Reload - Proxy: "Access denied." - URL: http://user:pass@domain.tld/ [!] - Proxy: (delivers the page). Test 2: - started Firebird 0.71 - URL: http://user:pass@domain.tld/ - Prompt: Enter proxy-user/password (in dialog box) - Proxy: "Access denied." - Relaod - Proxy: "Access denied." - URL: http://domain.tlc/ - Prompt: Enter http-user/password (in dialog box) - Proxy: "Access denied." - Reload - Proxy: (delivers the page). Test 3: - started Moz. 1.5rc2 - Results: see Test 2 Test 4: - started Firebird 0.71 - URL: http://user:pass@domain.tld/ - Prompt: Enter proxy-user/password (in dialog box) - Proxy: "Access denied." - URL: http://www.mozilla.org - Proxy: (delivers www.mozilla.org), so Firebird has not forgotten the proxy-authorization... Greets Heiko.
> (Moz. 1.5rc2 behaves like Firebird 0.71): over to Browser then. adding keyword regression.
Keywords: regression
This time, when I say over to Browser, I mean it!
Assignee: blake → darin
Component: General → Networking
Product: Firebird → Browser
QA Contact: mpconnor → benc
Version: unspecified → Other Branch
Found the same Problem on Mozilla 1.5RC2 (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20030916): Loging in a password protected area with url http://username:password@mydomain.com/some/place/ Because username and password are not entries in the password file, the pasword box pops up. So the user enters its username and password. I also have a logout page that changes the credential of the user that works fine (the user is switched to logout). to do that the user clicks on http://logout:logout@mydomain.com/logout/index.html when logging back in using the url http://username:password@mydomain.com/some/place/ the user is still considered to be the logout user !!!! so the username/password in the url seems to not be able to overrule the one in the session The same happens with Mozilla 1.4 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Hope that helps ! Raphael AMSELLI
raphael: can you please test a recent mozilla nightly build? some changes have gone in post 1.5 that could affect this bug. thank you! also, if the problem does persist, then can you please provide a HTTP log per the instructions on this site: http://www.mozilla.org/projects/netlib/http/http-debugging.html thanks!!
Blocks: 232560
I experienced this bug in Mozilla, but have since switched to Firefox 0.8, where things are much better, but not perfect. If I've already authenticated this Firefox "session" with my proxy (I have the remember option selected), this type of URL seems to work fine. However, if I haven't done so yet, it asks me to authenticate with my proxy (as expected), but the dialog is presented with blank fields. Normally, they would be filled in with the values from my previous session. Providing the values didn't seem to help, as the same empty dialog came back. I suppose it's possible that I could have mistyped, but there's definitely a problem. The fields should have been filled in, and an "OK" from me should have sufficed. Would an HTTP log still be useful? Does the windows mozilla nightly build logging procedure apply (with obvious changes in pathname & executable) to the Firefox 0.8 release?
logging should still work the same, there's no forking of the backend afaik.
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
You need to log in before you can comment on or make changes to this bug.