Opened 7 years ago

Closed 7 years ago

#6308 closed defect (duplicate)

3rd party HTTP auth removal is triggered whenever firefox attempts to fetch a nonexistant favicon.ico

Reported by: cryptobear Owned by: mikeperry
Priority: Medium Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: favicon, torbutton, 3rd party http auth
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

  • Torbutton about says 1.4.6 but that's not available in the version dropdown

When browsing within a single website with no 3rd party content that uses HTTP authentication (in this case an simple onion site), the HTTP authentication is periodically invalidated and one is forced to re-authenticate. Setting the torbutton logging level to 3 the invalidation of the HTTP auth seems correspond to entries like the one below:

Torbutton INFO: SSC: Parent browser for http://example.onion/favicon.ico
Torbutton INFO: SSC: Segmenting http://example.onion/favicon.ico content loaded by browser
Torbutton NOTE: Removing 3rd party HTTP auth for url: http://example.onion/favicon.ico

The site in question does not have a favicon nor any header code indicating one should be fetched, and when Firefox makes a request for one automatically, it seems to invalidate the HTTP auth.

Since this is an automatic behavior of Firefox, and at no point is a request for content from a 3rd party being made Torbutton should handle this case correctly (ie. not invalidate the HTTP auth session).

Child Tickets

Change History (2)

comment:1 Changed 7 years ago by gk

Cc: g.koppen@… added
Component: TorbuttonFirefox Patch Issues
Owner: set to mikeperry
Version: Torbutton: 1.4.4

comment:2 Changed 7 years ago by mikeperry

Resolution: duplicate
Status: newclosed

This is a dup of #8335 (which should be fixed).

Note: See TracTickets for help on using tickets.