[Mac] HTTP authentication dialog (sheet) hides URL bar

RESOLVED INACTIVE

Status

()

Firefox
General
--
major
RESOLVED INACTIVE
11 years ago
2 days ago

People

(Reporter: lsg-mtso, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a4pre) Gecko/20070327 Minefield/3.0a4pre
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a4pre) Gecko/20070327 Minefield/3.0a4pre

When a request for authentication occurs, the authentication dialog hides most of the URL bar. The authentication dialog is a sheet that cannot be moved so a user may not know what they are logging into.

Reproducible: Always

Steps to Reproduce:
1.go to a URL that requires authentication
2.Try and see what is underneath the authentication dialog 
3.
Actual Results:  
The authentication dialog will block the URL bar and its contents and cannot be moved.

Expected Results:  
The authentication dialog should appear beneath the URL bad and be movable.
This doesn't need to be kept secret, removing security-sensitive flag.
Group: security
Not being able to move and/or resize the dialog is standard Mac behavior, as I understand it, and the dialog shows you the scheme/domain/port. Is not being able to view the entire URL really more than just an inconvenience in some cases?
(Reporter)

Comment 3

11 years ago
There are situations where CSRF attacks could be identified by viewing the URL.  Imagine http://192.168.2.1/this_is_my_cablemodem/change_my_password?newpw=something&confirmpw=something

Comment 4

11 years ago
The address bar shows the "old" URL while the dialog is up, anyway:

1. Load data:text/html,<a href="http://www.squarefree.com/stats/">foo</a>
2. Click the link.
3. Notice that the address bar still shows the data: URL while the auth dialog (sheet) is up.

Given that, maybe it's good that the sheet hides the URL bar and you have to look at the URL in the dialog instead.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Authentication Dialog Hides URL bar → [Mac] HTTP authentication dialog (sheet) hides URL bar

Comment 5

2 days ago
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Last Resolved: 2 days ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.