Closed Bug 816021 Opened 12 years ago Closed 12 years ago

search suggestions behave badly when suggestion URL requires http authentication

Categories

(Firefox :: Search, defect)

Product:
Firefox
Component:
Search
Version:
16 Branch
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 23

People

(Reporter: persona, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Build ID: 20121024073032 Steps to reproduce: For our Intranet we have an internal search engine that we added to Fx using an opensearchdescription+xml tag. The search engine has autocomplete enabled using an application/x-suggestions+json inside the search description. The search engine + the suggestion URL are both behind a single HTTP Basic Auth challenge. Example URL's: Basic Auth Realm: https://office.domain.name/quickscan/ Search description: https://office.domain.name/quickscan/qs-search.xml Search Engine: https://office.domain.name/quickscan/?domain=<searchTerms> Auto complete URL: https://office.domain.name/quickscan/qs-complete.cgi?domain={searchTerms} Actual results: Whenever a user tries to use the search box for the first time in a new Fx session, after typing a partial word they get an HTTP Basic Auth popup. When they submit this (Either with fresh information, or saved credentials), and continue typing, they get another popup for the same HTTP Basic Auth realm, and this continues untill the user finishes typing. Once they submit the search query and a window opens to display the search result, a final HTTP Basic Auth popup appears, and only once that one is submitted will Fx save the credentials to the session. From this point on all partial searches use the password that's saved Expected results: If a user gets a popup for a partial complete, Fx should save the submitted credentials and use that for any future (partial) searches.
Component: Untriaged → Search
OS: Windows 7 → All
Good catch, thanks for reporting this. It's not a very common setup to have search suggest behind HTTP auth, which explains why this hasn't come up much before. I'm not sure why the prompts aren't saving the info to the session. It may be that many requests are queued up before the first prompt is submitted, so they get displayed even though you've already submitted one. I think we should just be suppressing the prompts for these requests. That should be done by having SearchSuggestLoadListener in nsSearchSuggestions.js implement nsIAuthPrompt and friends as no-ops.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Search bar autocomplete doesn't save http authentication to session → search suggestions behave badly when suggestion URL requires http authentication
This was fixed for Firefox 23 by bug 369180.
Status: NEW → RESOLVED
Closed: 12 years ago
Depends on: 369180
Resolution: --- → FIXED
Target Milestone: --- → Firefox 23
You need to log in before you can comment on or make changes to this bug.