914088 - Faulty Behaviour when sending POST Requests with Kerberos Authentication

Status: UNCONFIRMED

(Core :: Networking: HTTP, defect, P3)

Description

[Thomas Rieder]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36

Steps to reproduce:

The issue only exists when using the following setup:
Firefox <= 23.0.1
Windows XP (the issue does NOT exist on Windows 7/8)
Web server (in our case IIS) with Integrated Windows Authentication and Kerberos only (no NTLM)

1. the browser sends a POST request (like for a file upload)
2. the server responds with HTTP/401 not authorized

Now the browser is _supposed to_ resend the POST request with the authentication header - but it does not.

When using NTLM it actually does resend the request - same when using a Windows 7 client. I'm also inclined to believe that Windows XP itself is not the issue as IE, Chrome and Opera work just fine (they also resend the POST request).


I have verified the request behaviour using wireshark.


Actual results:

Due to the lack of a POST request with authorization headers, the request is unsuccessful and something like file upload is not possible when connecting to a website with kerberos authentication enabled under Windows XP clients.


Expected results:

1. the browser sends a POST request (like for a file upload)
2. the server responds with HTTP/401 not authorized
3. browser resends the POST request with the authorization header
4. server replies with something like HTTP/201 created

Comment 1

[Michael Osipov]

I can confirm this behavior with Firefox 42 on Windows 7. This is the same as in in bug 729496.

Comment 2

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 3

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258