Closed
Bug 728329
Opened 13 years ago
Closed 13 years ago
Implement a clean way for proxies and captive portals to point the browser to an https auth page
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 728658
People
(Reporter: Nicolas.Mailhot, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Build ID: 20120209081558
Steps to reproduce:
Enterprise proxies and hotspot captive portals need to point browsers to an authentication page, when the user is unknown or his auth has expired mid-session
http 407 error is completely useless for this as :
1. there is no way to point the browser to a full page with user-friendly explanations (captive portal requirement)
2. there is no way to perform secure authentication (most of the new tablet web clients only do BASIC auth, and BASIC auth over http is a massive fail on a large not-completely-secured internal network)
Therefore proxy and captive portal vendors have developed over time an array of browser redirection techniques, that range from redirects to lying to the browser or performing MiM and DPI attacks
(wikipedia has some sad history here https://en.wikipedia.org/wiki/Captive_portal)
The less invasive method used to be redirects but that is no longer operating as browsers now refuse redirecting https, and there is no way to prevent users to access an https page just as the wrong time
So the current methods all fail one way or the other resulting in huge user frustration and anger trying to provide auth to the filtering equipment
But this equipment is not interested in the https session content browsers refuse to redirect now, it just wants the browser to display a page where user can enter their auth to continue browsing
Firefox should define a way for captive portals and proxies to tell it cleanly: "your auth is not valid anymore, and here is the https page where you can auth again", show this page to the user when notified this way, and return to the page and session the user was browsing in once the auth is done
This probably involves extending error 407 or defining a new one
Internet Explorer does not need this as badly as Firefox since Microsoft is happy to tie everything to Active Directory in corporations and does not seem to bother about hotspots much.
Reporter | ||
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•