Closed Bug 221793 Opened 21 years ago Closed 19 years ago

proxy auth not sent when accessing an URL like http://userid:password@domainname.tld

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
Other Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED EXPIRED

People

(Reporter: bugtraq, Assigned: darin.moz)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: regression) 

User-Agent:       Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1
Build Identifier: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1

I'm behind a proxy server that uses basic authentication. After login, it's no
problem to access any web page.

But when I click on a page that has a URL in the form of
http://userid:password@domainname.tld Firebird does not send my (or sends a
wrong, maybe userid/password from URL?) authentication to the proxy server.

This works using Mozilla 1.4, Firebird 0.61 (OS/2-build!) but fails in Firebird
0.61 and 0.71 on Windows/NT.

Reproducible: Always

Steps to Reproduce:
1. Use Proxy with basic authentication (not NTLM).
2. Logon to your proxy.
3. Select a bookmark or type in a URL in the form of 
http://userid:password@domainname.tld 
Actual Results:  
proxy denies access 
(proxy log says: unknown user = no access)

Expected Results:  
Access to the web page or at least user prompt for http password.

sounds similar to an firebird-bug for os/2 (# 219067), that is fixed in the os/2
build

unfortunately this bug prevents our company from using firebird productively :-(
Reporter, does the same issue occur in current Mozilla builds? (Such as the 1.5
release candidates available at www.mozilla.org)

it could be a generic networking problem that changed since 1.4, or something
specific to the password manager changes in Firebird, so we need to try to
isolate this further.
QA Contact: mpconnor
Hello Mike,

I've downloaded Mozilla 1.5rc2 [Mozilla/5.0 (Windows; U; WinNT4.0; en-US;
rv:1.5)Gecko/20030925] and the item occurs there a bit differently, so I made
some tests with Firebird 0.61/0.71 and Moz. 1.5rc2 (Moz. 1.5rc2 behaves like
Firebird 0.71):

Test 1: 
- started Firebird 0.61
- URL: http://user:pass@domain.tld/
- Prompt: Enter proxy-user/password (in dialog box)
- Proxy: "Access denied."
- Relaod Page
- Proxy: "Access denied."
- URL: http://domain.tlc/
- Prompt: Enter http-user/password (in dialog box)
- Proxy: "Access denied."
- Reload
- Proxy: "Access denied."
- URL: http://user:pass@domain.tld/  [!]
- Proxy: (delivers the page).

Test 2:
- started Firebird 0.71
- URL: http://user:pass@domain.tld/
- Prompt: Enter proxy-user/password (in dialog box)
- Proxy: "Access denied."
- Relaod
- Proxy: "Access denied."
- URL: http://domain.tlc/
- Prompt: Enter http-user/password (in dialog box)
- Proxy: "Access denied."
- Reload
- Proxy: (delivers the page).

Test 3:
- started Moz. 1.5rc2
- Results: see Test 2

Test 4: 
- started Firebird 0.71
- URL: http://user:pass@domain.tld/
- Prompt: Enter proxy-user/password (in dialog box)
- Proxy: "Access denied."
- URL: http://www.mozilla.org
- Proxy: (delivers www.mozilla.org),
  so Firebird has not forgotten the proxy-authorization...

Greets

Heiko.
> (Moz. 1.5rc2 behaves like Firebird 0.71):

over to Browser then.
adding keyword regression.
Keywords: regression
This time, when I say over to Browser, I mean it!
Assignee: blake → darin
Component: General → Networking
Product: Firebird → Browser
QA Contact: mpconnor → benc
Version: unspecified → Other Branch
Found the same Problem on Mozilla 1.5RC2  (Mozilla/5.0 (Windows; U; Windows NT
5.0; en-US; rv:1.5) Gecko/20030916):

Loging in a password protected area with url
http://username:password@mydomain.com/some/place/
Because username and password are not entries in the password file, the pasword
box pops up. So the user enters its username and password.

I also have a logout page that changes the credential of the user that works
fine (the user is switched to logout). to do that the user clicks on 
http://logout:logout@mydomain.com/logout/index.html

when logging back in using the url
http://username:password@mydomain.com/some/place/
the user is still considered to be the logout user !!!! so the username/password
in the url seems to not be able to overrule the one in the session

The same happens with Mozilla 1.4   Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-US; rv:1.4) Gecko/20030624


Hope that helps !
Raphael AMSELLI
raphael: can you please test a recent mozilla nightly build?  some changes have
gone in post 1.5 that could affect this bug.  thank you!

also, if the problem does persist, then can you please provide a HTTP log per
the instructions on this site:

  http://www.mozilla.org/projects/netlib/http/http-debugging.html

thanks!!
Blocks: 232560
I experienced this bug in Mozilla, but have since switched to Firefox 0.8, where
things are much better, but not perfect.

If I've already authenticated this Firefox "session" with my proxy (I have the
remember option selected), this type of URL seems to work fine. However, if I
haven't done so yet, it asks me to authenticate with my proxy (as expected), but
the dialog is presented with blank fields. Normally, they would be filled in
with the values from my previous session. Providing the values didn't seem to
help, as the same empty dialog came back. I suppose it's possible that I could
have mistyped, but there's definitely a problem. The fields should have been
filled in, and an "OK" from me should have sufficed.

Would an HTTP log still be useful? Does the windows mozilla nightly build
logging procedure apply (with obvious changes in pathname & executable) to the
Firefox 0.8 release?

logging should still work the same, there's no forking of the backend afaik.
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
You need to log in before you can comment on or make changes to this bug.