User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051224 Debian/1.5.dfsg-2bpo1 Firefox/1.5 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051224 Debian/1.5.dfsg-2bpo1 Firefox/1.5 When requesting authentication on receiving a 401 from a server, the popup window does not mention the protocol in use. This is confusing, since in some cases a redirection can have made the protocol change without the user noticing. As an example, the provided URL http://mail.inl.fr/ is plain HTTP. The server answers first with a redirection to HTTPS, which in turn requests a 401 auth. The client then gets prompted for a login/password for "mail.inl.fr", with no mention of the protocol. Even the address bar still (wrongly?) mentions HTTP at that point. I suggest the protocol be mentionned at that place, and therefore the auth would be prompted for "https://mail.inl.fr", which sounds more complete, and leaves no ambiguity. Or, at least the address bar protocol display should be updated before prompting the user for auth. This certainly has some security related consequences. If I recall correctly, firefox 1.0.X had the desired behaviour. Reproducible: Always Steps to Reproduce: 1. Go to http://mail.inl.fr/ 2. Look at the auth prompt. It does not mention a protocol. 3. Look at the URL bar. It says "http://mail.inl.fr" which is wrong. You were redirected to HTTPS before the auth prompt.
*** This bug has been marked as a duplicate of 38019 ***