Firefox removes the authentication header from request
am seeing an issue in firefox on unix with accessing a web page which uses basic http authentication mechanism. It pops up for user id and password for basic authentication. When I enter the credentials and click submit the response received is 401 Unauthorized. Same webpage and authentication works in chrome browser on same system (so assuming no firewall issues). The Firefox and chrome is configured in a console where we test it. And both are requesting for the same host. I believe there is some configurations issue in Mozilla firefox that might be affecting it. Attaching the request and response for both.
Firefox version that has a problem : Mozila Firefox 78.4.0esr
Request and response in Chrome
GET /content/ HTTP/1.1
Host: 220.127.116.11 Connection: keep-alive Cache-Control: max-age=0 Authorization: Digest username="admin", realm="Power Xpert", nonce="16981e9013fd33c215fb54cfe5c8246b", uri="/content/", response="527760ce114bf839a9df342ba27ca352", qop=auth, nc=00000002, cnonce="572ab111183b3236" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
HTTP/1.1 200 OK Content-Type: text/html ETag: "1471035255" Last-Modified: Mon, 23 Jun 2014 19:17:18 GMT Content-Length: 7452 Date: Wed, 09 Jun 2021 21:52:49 GMT Server: lighttpd/1.4.28-devel-59460
Request and response in Firefox
Request : GET /content/ HTTP/1.1 Host: 18.104.22.168 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en_us,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1
HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm="Power Xpert", nonce="3743c840c84a56d1e56be155dc3284c1", qop="auth" Content-Type: text/html Content-Length: 351 Date: Wed, 09 Jun 2021 21:57:57 GMT Server: lighttpd/1.4.28-devel-59460
The difference is :
Below Authentication header is missing in firefox.
Authorization: Digest username="admin", realm="Power Xpert", nonce="16981e9013fd33c215fb54cfe5c8246b", uri="/content/", response="527760ce114bf839a9df342ba27ca352", qop=auth, nc=00000002, cnonce="572ab111183b3236"
Some setting in firefox is making this. I am not sure which one. Please help on this. Thanks in advance.
All Replies (5)
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
HI @FredMcD. I did check on all those security and firewall stuff. Still having the same issue. Is there anyway I can debug it . Like firefox logs or something
Are you sure you're comparing apples to apples? The request/response look like the first request/response for Firefox -- plain request and WWW-Authenticate response -- and the second request/response -- Authorization header with the nonce from the previous WWW-Authenticate response -- for Chrome.
There is an article on logging, but the logs are so verbose that I personally have trouble finding things in them!
Thank you jscher2000 Both are the same request, accessing the same url. The Authorization header is missing in firefox even we fill the basic authentication form. I will try to check the logging if that helps.