Fails to prompt user for authentication when indirectly accessing protected resources.




18 years ago
16 years ago


(Reporter: Darin Fisher, Assigned: Gagan)




Firefox Tracking Flags

(Not tracked)


(Whiteboard: [rtm-], URL)


(2 attachments)



18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.14-5.0smp i686; en-US; m18)
BuildID:    2000100909

If I create a password protected directory on my web server, in this
example, via Apache's .htaccess file, like so:

AuthName "restricted stuff"
AuthType Basic
AuthUserFile /etc/httpd/users

require valid-user

Mozilla fails to prompt the user for authentication when opening a page outside
the protected directory that contains an image that lives inside the protected
directory.  I'm sure you would find the same problem with other types of
protected content referenced from outside the protected directory.

If you separately type in the URL to the protected resource, authenticate, and
then return to the external page, the protected resource shows up correctly on
the page.

4.x does not have this problem.

Reproducible: Always
Steps to Reproduce:
1.goto an URL that references a protected resource, such as an image.
2.notice when the page loads, the image is not shown.
3.goto the URL of the image and authenticate as usual.
4.return to the original page, refresh, and notice that the image is now shown.

Actual Results:  Fails to prompt user for authentication when a "normal" page
references password protected content that has not yet been authenticated.

Expected Results:  Should prompt user for authentication.

The URL attached to this bug report is unfortunately not static.

Comment 1

18 years ago
Created attachment 16721 [details]
Sample HTML page containing a image requiring authentication.

Comment 2

18 years ago
This problem results because nsHTTPChannel::mPrompter is NULL.
Whoever is creating the channel did not provide a nsIPrompt
implementation (ie. it's likely that the notificationCallbacks
parameter to NS_OpenURI is NULL).


18 years ago
Blocks: 51631

Comment 3

18 years ago
51631 (an rtm bug) is blocked on this bug.  Is there any chance of a small, safe
fix for this bug?
Keywords: rtm

Comment 4

18 years ago
Created attachment 18290 [details]
Stack trace leading to nsHTTPChannel::AsyncRead() call.

Comment 5

18 years ago
The attached stack trace indicates who is calling AsyncRead on the HTTPChannel
in this case.  It looks like layout is calling into imagelib to load the image,
but there is no prompter being defined.  Someone more familar with imagelib
should take a look at this.  I don't know how easy it would be to "affect" the
notificationsCallback parameter in the call to NS_OpenURI made by imagelib to
add a nsIPrompt implementation.

Comment 6

18 years ago
pam, do you have ideas on this?

Comment 7

18 years ago
What's up with this bug?  No activity since 10/30.  Should it be rtm- now?
Whiteboard: [rtm need info]

Comment 8

18 years ago
 has been minused.  This one should be too.

Comment 9

18 years ago
Marking RTM- and futuring.  No known sites where this is currently a problem.
Whiteboard: [rtm need info] → [rtm-]
Target Milestone: --- → Future


18 years ago
Blocks: 49810

Comment 10

18 years ago
*** Bug 49810 has been marked as a duplicate of this bug. ***

Comment 11

18 years ago
OS -> All as I confirmed bug 49810 on Win32.
OS: Linux → All


18 years ago
No longer blocks: 49810

Comment 12

18 years ago
*** Bug 63392 has been marked as a duplicate of this bug. ***

Comment 13

18 years ago
Do we have an external facility for making these kinds of sample bad files

I was looking at this bug while in major research session on some other bugs,
and I do not have access to the server in the example.

(I could access the netscape corporate network via the VPN, but then I would
have to restart my browser session and lose all the windows...  see bug 73346)

I am concerned about this bug, so I volunteer to host this particular test case
on If any contributor wants to analyze this problem and
needs a working example, email me and I'll try to deploy a broken example on my


18 years ago
Keywords: rtm → nsbeta1, nsCatFood

Comment 14

17 years ago
mass move, v2.
qa to me.
QA Contact: tever → benc

Comment 15

17 years ago
Really a duplicate of bug 62108, which is targeted already.

Also has the relevant technical discussion.

*** This bug has been marked as a duplicate of 62108 ***
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE


17 years ago
Keywords: verifyme

Comment 16

16 years ago
-> ImageLib
Component: Networking → ImageLib
QA Contact: benc → tpreston
You need to log in before you can comment on or make changes to this bug.