860169 - Firefox doesn't choose the most secure authentication scheme for proxy

Status: RESOLVED WONTFIX

(Core :: Networking: HTTP, defect)

Description

[lameventanas]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130410095303

Steps to reproduce:

The proxy offers both Basic (plain text) and Negotiate (kerberos) authentication schemes:

Proxy-Authenticate: Basic realm="my proxy"
Proxy-Authenticate: Negotiate



Actual results:

Firefox tries to use Basic first, and prompts the user for a password.
Then it tries with Negotiate.


Expected results:

Firefox should try first with Negotiate (kerberos) and then with Basic (plain text).

Comment 1

[Matthias Versen [:Matti]]

could be related to bug 804605.
Did this work with previous Firefox builds ?
If that is the case could you please try a nightly build: http://nightly.mozilla.org/ ?

Comment 2

[lameventanas]

(In reply to Matthias Versen [:Matti] from comment #1)
> could be related to bug 804605.
> Did this work with previous Firefox builds ?
> If that is the case could you please try a nightly build:
> http://nightly.mozilla.org/ ?

I don't know if it worked with previous builds.
I have tested 20.0.1 and the nightly build 23.0a1 for Windows and the problem is still there.
Also happens with 20.0 in Linux.

Comment 3

[(mostly gone) XtC4UaLL [:xtc4uall]]

Does it make a Difference if you send the challenges in one Header?

Comment 4

[lameventanas]

(In reply to XtC4UaLL [:xtc4uall] from comment #3)
> Does it make a Difference if you send the challenges in one Header?

I don't have a way to test that.

Comment 5

[lameventanas]

Is there any update on this issue?
It shouldn't matter if the challenges come in a single header or different ones, the browser should always try the safest one first.

Comment 6

[Patrick McManus [:mcmanus]]

honestly, our basic support is much more reliable than windows auth.