Do you recall whether this site uses cookies or whether you previously got a two-line popup dialog (basic authentication)?

There was a change in Firefox 40 related to basic authentication. Firefox no longer shows the login prompt for a framed page that is hosted on a different server. This is to protect you from accidentally giving your credentials for the outer page to an attacker using an embedded frame.

One workaround is to used the framed page directly (right-click the page > This Frame > Open Frame in New Tab), but if you prefer to disable this new protection, there is an option to do that. Of course, please be suspicious of this prompt appearing on other sites.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste auth and pause while the list is filtered

(3) Double-click the network.auth.allow-subresource-auth preference and edit the 1 to a 2 and click OK

• 1 shows the login dialog only for framed pages, images, etc., hosted on the same site
• 2 allows the login dialog for framed pages, images, etc., hosted on any site

That should take effect the next time you reload the outer page (your original address).

Was that it?

This may work for me but is not a global fix for all users. I'm trying to create an area of my website that requires a login by any user. Right now Firefox lets the world walk right in or posts the error. As I mentioned earlier IE, Safari, Chrome have the authentication process - How can I accomplish this with firefox?

Oh, this is your website. What method of authentication are you using?

If you are using basic auth, what I posted is only relevant to a cross-site scenario, for example, a frame of subdomain.example.com within a page on www.example.com.

AuthType basic

I'm doing this through godaddy and have not configured the .htaccess as shown in this article on the godaddy site https://www.godaddy.com/help/how-to-password-protect-a-directory-using-htaccess-12135

I have looked at the file and it is fine. What must I do to make firefox comply with theis or other solution?

• bug 647010 - Only present HTTP authentication dialogs if it is the top-level document initiating the auth
• http://mxr.mozilla.org/mozilla-release/source/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp

Hi harlemrag, I don't know why Firefox would be able to bypass basic authentication. Can you identify circumstances under which that happens? There is some period of time during which authentication is cached so the user does not need to re-enter it. But otherwise, I can't think of any reason for it not to be required.

As for the cross-site issue, you haven't indicated that there is any change in the host name, or any framing, so I don't know whether that is relevant to you.