Closed
Bug 210977
Opened 22 years ago
Closed 19 years ago
Mozilla periodically ignores username:password specified as a part of a URL
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
EXPIRED
People
(Reporter: shopping, Assigned: darin.moz)
References
(Blocks 1 open bug, )
Details
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030612 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030612 When a HTML page contains multiple links to pictures using username/password embedded into the URL (like http://user:pass@www.microsoft.com/mygif.gif), Mozilla requests username/password to access the resource even though it has been supplied already. Reproducible: Always Steps to Reproduce: 1. Apache Web server 1.3.x (with RH 7.3 or Windows 2000) 2. A folder on the server with pictures and .htaccess file: AuthName "Authentication required" AuthType Basic AuthUserFile E:/ApacheRoot/private/.htpasswd require valid-user .htpasswd contains user friend with password test. 3. HTML page: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> </head> <body> <img src='http://friend:test@localhost:8080/_thm/thm_img_2848.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2850.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2884.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2892.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2902.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2903.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2904.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2907.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2913.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_img_2916.jpg'> <img src='http://friend:test@localhost:8080/_thm/thm_sta_2909.jpg'> </body> </html> Actual Results: When the page is executed in Mozilla, password request window appears multiple time. Then the window appears with only 7-8 of the 13 images displayed. Apache log contains the following information: 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2848.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2850.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2892.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2902.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2884.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2904.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2903.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2913.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2907.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_sta_2909.jpg HTTP/1.1" 401 482 127.0.0.1 - - [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2916.jpg HTTP/1.1" 401 482 127.0.0.1 - friend [28/Jun/2003:03:17:47 -0400] "GET /_thm/thm_img_2848.jpg HTTP/1.1" 304 - 127.0.0.1 - friend [28/Jun/2003:03:17:54 -0400] "GET /_thm/thm_img_2892.jpg HTTP/1.1" 304 - 127.0.0.1 - friend [28/Jun/2003:03:17:56 -0400] "GET /_thm/thm_img_2903.jpg HTTP/1.1" 200 3527 127.0.0.1 - friend [28/Jun/2003:03:17:56 -0400] "GET /_thm/thm_img_2884.jpg HTTP/1.1" 200 2921 127.0.0.1 - friend [28/Jun/2003:03:17:56 -0400] "GET /_thm/thm_img_2916.jpg HTTP/1.1" 304 - 127.0.0.1 - friend [28/Jun/2003:03:17:56 -0400] "GET /_thm/thm_img_2907.jpg HTTP/1.1" 304 - I.e. the user name from the URL was ignored initially. Expected Results: Mozilla should have used the supplied username/password instead. Reproduced with Mozilla 1.2 and 1.4 RC2. Internet Explorer/Konqueror handle the above situation correctly.
Comment 1•22 years ago
|
||
Probably can be dup'ed to either bug 66177, bug 196090, or whatever the mystery bug is that someone is planning to dup 196090 against.... ->Networking http
Assignee: mstoltz → darin
Component: Security: General → Networking: HTTP
QA Contact: carosendahl → httpqa
Comment 2•22 years ago
|
||
can you attach a HTTP log ? See instructions here: http://www.mozilla.org/projects/netlib/http/http-debugging.html
Comment 5•21 years ago
|
||
If the login pass is included in the URL the Login dialog box pops up. You can hit cancel on the dialog box several times and the page still loads. If you check the save password box it ignores that as well.
Comment 6•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Comment 7•19 years ago
|
||
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
You need to log in
before you can comment on or make changes to this bug.
Description
•