Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Firefox removes the authentication header from request

more options

am seeing an issue in firefox on unix with accessing a web page which uses basic http authentication mechanism. It pops up for user id and password for basic authentication. When I enter the credentials and click submit the response received is 401 Unauthorized. Same webpage and authentication works in chrome browser on same system (so assuming no firewall issues). The Firefox and chrome is configured in a console where we test it. And both are requesting for the same host. I believe there is some configurations issue in Mozilla firefox that might be affecting it. Attaching the request and response for both.

Firefox version that has a problem : Mozila Firefox 78.4.0esr


Request and response in Chrome

Request

   GET /content/ HTTP/1.1

Host: 3.87.81.51 Connection: keep-alive Cache-Control: max-age=0 Authorization: Digest username="admin", realm="Power Xpert", nonce="16981e9013fd33c215fb54cfe5c8246b", uri="/content/", response="527760ce114bf839a9df342ba27ca352", qop=auth, nc=00000002, cnonce="572ab111183b3236" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Response -

HTTP/1.1 200 OK Content-Type: text/html ETag: "1471035255" Last-Modified: Mon, 23 Jun 2014 19:17:18 GMT Content-Length: 7452 Date: Wed, 09 Jun 2021 21:52:49 GMT Server: lighttpd/1.4.28-devel-59460


Request and response in Firefox

Request : GET /content/ HTTP/1.1 Host: 3.87.81.51 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en_us,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response:

HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm="Power Xpert", nonce="3743c840c84a56d1e56be155dc3284c1", qop="auth" Content-Type: text/html Content-Length: 351 Date: Wed, 09 Jun 2021 21:57:57 GMT Server: lighttpd/1.4.28-devel-59460

The difference is :

Below Authentication header is missing in firefox.

Authorization: Digest username="admin", realm="Power Xpert", nonce="16981e9013fd33c215fb54cfe5c8246b", uri="/content/", response="527760ce114bf839a9df342ba27ca352", qop=auth, nc=00000002, cnonce="572ab111183b3236"

Some setting in firefox is making this. I am not sure which one. Please help on this. Thanks in advance.

am seeing an issue in firefox on unix with accessing a web page which uses basic http authentication mechanism. It pops up for user id and password for basic authentication. When I enter the credentials and click submit the response received is 401 Unauthorized. Same webpage and authentication works in chrome browser on same system (so assuming no firewall issues). The Firefox and chrome is configured in a console where we test it. And both are requesting for the same host. I believe there is some configurations issue in Mozilla firefox that might be affecting it. Attaching the request and response for both. Firefox version that has a problem : Mozila Firefox 78.4.0esr '''Request and response in Chrome''' ''Request GET /content/ HTTP/1.1 Host: 3.87.81.51 Connection: keep-alive Cache-Control: max-age=0 Authorization: Digest username="admin", realm="Power Xpert", nonce="16981e9013fd33c215fb54cfe5c8246b", uri="/content/", response="527760ce114bf839a9df342ba27ca352", qop=auth, nc=00000002, cnonce="572ab111183b3236" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Response - HTTP/1.1 200 OK Content-Type: text/html ETag: "1471035255" Last-Modified: Mon, 23 Jun 2014 19:17:18 GMT Content-Length: 7452 Date: Wed, 09 Jun 2021 21:52:49 GMT Server: lighttpd/1.4.28-devel-59460'' '''Request and response in Firefox''' ''Request : GET /content/ HTTP/1.1 Host: 3.87.81.51 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en_us,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Response: HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm="Power Xpert", nonce="3743c840c84a56d1e56be155dc3284c1", qop="auth" Content-Type: text/html Content-Length: 351 Date: Wed, 09 Jun 2021 21:57:57 GMT Server: lighttpd/1.4.28-devel-59460'' The difference is : Below Authentication header is missing in firefox. ''Authorization: Digest username="admin", realm="Power Xpert", nonce="16981e9013fd33c215fb54cfe5c8246b", uri="/content/", response="527760ce114bf839a9df342ba27ca352", qop=auth, nc=00000002, cnonce="572ab111183b3236"'' Some setting in firefox is making this. I am not sure which one. Please help on this. Thanks in advance.

All Replies (5)

more options

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Websites don't load - troubleshoot and fix error messages

http://kb.mozillazine.org/Error_loading_websites

What do the security warning codes mean

more options

HI @FredMcD. I did check on all those security and firewall stuff. Still having the same issue. Is there anyway I can debug it . Like firefox logs or something

more options

Are you sure you're comparing apples to apples? The request/response look like the first request/response for Firefox -- plain request and WWW-Authenticate response -- and the second request/response -- Authorization header with the nonce from the previous WWW-Authenticate response -- for Chrome.

more options

There is an article on logging, but the logs are so verbose that I personally have trouble finding things in them!

https://firefox-source-docs.mozilla.org/networking/http/logging.html

more options

Thank you jscher2000 Both are the same request, accessing the same url. The Authorization header is missing in firefox even we fill the basic authentication form. I will try to check the logging if that helps.