User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a4pre) Gecko/20070327 Minefield/3.0a4pre Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a4pre) Gecko/20070327 Minefield/3.0a4pre When a request for authentication occurs, the authentication dialog hides most of the URL bar. The authentication dialog is a sheet that cannot be moved so a user may not know what they are logging into. Reproducible: Always Steps to Reproduce: 1.go to a URL that requires authentication 2.Try and see what is underneath the authentication dialog 3. Actual Results: The authentication dialog will block the URL bar and its contents and cannot be moved. Expected Results: The authentication dialog should appear beneath the URL bad and be movable.
This doesn't need to be kept secret, removing security-sensitive flag.
Not being able to move and/or resize the dialog is standard Mac behavior, as I understand it, and the dialog shows you the scheme/domain/port. Is not being able to view the entire URL really more than just an inconvenience in some cases?
There are situations where CSRF attacks could be identified by viewing the URL. Imagine http://192.168.2.1/this_is_my_cablemodem/change_my_password?newpw=something&confirmpw=something
The address bar shows the "old" URL while the dialog is up, anyway: 1. Load data:text/html,<a href="http://www.squarefree.com/stats/">foo</a> 2. Click the link. 3. Notice that the address bar still shows the data: URL while the auth dialog (sheet) is up. Given that, maybe it's good that the sheet hides the URL bar and you have to look at the URL in the dialog instead.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Authentication Dialog Hides URL bar → [Mac] HTTP authentication dialog (sheet) hides URL bar
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Last Resolved: 2 days ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.