From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.14-5.0smp i686; en-US; m18) Gecko/20000928 BuildID: 2000100909 If I create a password protected directory on my web server, in this example, via Apache's .htaccess file, like so: AuthName "restricted stuff" AuthType Basic AuthUserFile /etc/httpd/users require valid-user Mozilla fails to prompt the user for authentication when opening a page outside the protected directory that contains an image that lives inside the protected directory. I'm sure you would find the same problem with other types of protected content referenced from outside the protected directory. If you separately type in the URL to the protected resource, authenticate, and then return to the external page, the protected resource shows up correctly on the page. 4.x does not have this problem. Reproducible: Always Steps to Reproduce: 1.goto an URL that references a protected resource, such as an image. 2.notice when the page loads, the image is not shown. 3.goto the URL of the image and authenticate as usual. 4.return to the original page, refresh, and notice that the image is now shown. Actual Results: Fails to prompt user for authentication when a "normal" page references password protected content that has not yet been authenticated. Expected Results: Should prompt user for authentication. The URL attached to this bug report is unfortunately not static.

This problem results because nsHTTPChannel::mPrompter is NULL. Whoever is creating the channel did not provide a nsIPrompt implementation (ie. it's likely that the notificationCallbacks parameter to NS_OpenURI is NULL).

51631 (an rtm bug) is blocked on this bug. Is there any chance of a small, safe fix for this bug?

The attached stack trace indicates who is calling AsyncRead on the HTTPChannel in this case. It looks like layout is calling into imagelib to load the image, but there is no prompter being defined. Someone more familar with imagelib should take a look at this. I don't know how easy it would be to "affect" the notificationsCallback parameter in the call to NS_OpenURI made by imagelib to add a nsIPrompt implementation.

pam, do you have ideas on this?

What's up with this bug? No activity since 10/30. Should it be rtm- now?

51631 has been minused. This one should be too.

Marking RTM- and futuring. No known sites where this is currently a problem.

*** Bug 49810 has been marked as a duplicate of this bug. ***

OS -> All as I confirmed bug 49810 on Win32.

*** Bug 63392 has been marked as a duplicate of this bug. ***

Do we have an external facility for making these kinds of sample bad files available? I was looking at this bug while in major research session on some other bugs, and I do not have access to the .mcom.com server in the example. (I could access the netscape corporate network via the VPN, but then I would have to restart my browser session and lose all the windows... see bug 73346) I am concerned about this bug, so I volunteer to host this particular test case on www.packetgram.com. If any contributor wants to analyze this problem and needs a working example, email me and I'll try to deploy a broken example on my site.

mass move, v2. qa to me.

Really a duplicate of bug 62108, which is targeted already. Also has the relevant technical discussion. *** This bug has been marked as a duplicate of 62108 ***

-> ImageLib