Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Dalše informacije

Firefox 76 doesn't always resend the POST request body after Kerberos authentication

  • 1 wotmołwa
  • 1 ma tutón problem
  • 1 napohlad
  • Poslednja wotmołwa wot Roland Tanglao

more options

I develop for an intranet application at work. It is based on ASP.NET Webforms. The production servers have IIS 7 with persistent authentication disabled (Persist-Auth: false), which means that the browser should re-authenticate on every request. For a POST request (full PostBack) with a large enough body, Firefox does not resend the request body anymore as of Firefox 76 (worked with previous versions). I have verified this in Fiddler. Other browsers do not have this issue. This breaks the website because the ViewState is not being sent.

Expected compliant behavior (Chrome does it like this):

  1. Browser sends the request (without authorization header)
  2. Server responds with 401
  3. Browser resends the same complete request, with authorization header
  4. Server responds with 200 + content

Incorrect behaviour in Firefox 76:

  1. Browser sends the request (without authorization header)
  2. Server responds with 401
  3. Browser resends the request with an empty body, with authorization header
  4. Server waits for the body but does not receive it, and the request gets cancelled after 2 minutes. Eventually, the browser displays a 401 Not Authorized error, but with Fiddler running I can see a 408 error with the text: "The request body did not contain the specified number of bytes. Got 0, expected xxx."

Just for fun, this is the non-compliant behavior in IE11 that actually works, unlike Firefox:

  1. Browser sends the request with the authorization header from the previous GET request
  2. Server responds with 200 + content
I develop for an intranet application at work. It is based on ASP.NET Webforms. The production servers have IIS 7 with persistent authentication disabled (Persist-Auth: false), which means that the browser should re-authenticate on every request. For a POST request (full PostBack) with a large enough body, Firefox does not resend the request body anymore as of Firefox 76 (worked with previous versions). I have verified this in Fiddler. Other browsers do not have this issue. This breaks the website because the ViewState is not being sent. Expected compliant behavior (Chrome does it like this): # Browser sends the request (without authorization header) # Server responds with 401 # Browser resends the same complete request, with authorization header # Server responds with 200 + content Incorrect behaviour in Firefox 76: # Browser sends the request (without authorization header) # Server responds with 401 # Browser resends the request with an empty body, with authorization header # Server waits for the body but does not receive it, and the request gets cancelled after 2 minutes. Eventually, the browser displays a 401 Not Authorized error, but with Fiddler running I can see a 408 error with the text: "The request body did not contain the specified number of bytes. Got 0, expected xxx." Just for fun, this is the non-compliant behavior in IE11 that actually works, unlike Firefox: # Browser sends the request with the authorization header from the previous GET request # Server responds with 200 + content

Wot OronDF343 změnjeny

Wšě wotmołwy (1)

more options

Hi OronDF343

This is not a web developer forum; this forum is focused on user questions.

I would file a bug in bugzilla: https://bugzilla.mozilla.org/home or ask a question in stack overflow and tag it firefox https://stackoverflow.com/questions/tagged/firefox


Cheers! ..Roland