New issue
Advanced search Search tips

Issue 909100 link

Starred by 1 user

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Feature



Sign in to add a comment

Extension webRequest features cannot force re-auth for proxy server after cancelled (or successful) auth

Reported by tdri...@gmail.com, Nov 28

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

Steps to reproduce the problem:
(Using code as per web extension example here https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onAuthRequired#Examples)

1. In a Web Extension, have a username and password ready in the JavaScript or storage that is *incorrect* for this proxy.
2. Add a handler for event webRequest.onAuthRequired which provides the username and password when challenged.
3. Set a proxy with chrome.proxy.settings.set
4. Make a request (and fail auth) to the proxy, the code will return {cancel:true} from the onAuthRequired listener.
5. Subsequent requests to this proxy will fail with `ERR_PROXY_CONNECTION_FAILED`, with no way to re-authenticate.

Also vice versa (though less of an issue):
A) Follow the steps above, but have the *correct* password ready in JavaScript.
B) Successfully auth on a proxy server.
C) All subsequent requests will include the `Proxy-Authorization` header with the auth'd user/pass, with no way to force re-auth.

What is the expected behavior?
There would be a way in either case to force authentication again.

What went wrong?
After cancelled auth, it is not possible to use that server again.
After successful auth, it is not possible to change the details being used for that server.

Did this work before? N/A 

Does this work in other browsers? N/A
 Using the webRequest event listeners in a Web Extension, when correct details are provided for onAuthRequired, the browser continues to use these details in the `Proxy-Authorization` header for that server indefinitely and there is no way to force re-auth from the browser. Vice versa, when `{cancel:true}` is returned from the handler provided to `onAuthRequired` ( as per example https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onAuthRequired#Examples ) the `onAuthRequired` event does not fire again for this server, and the requests fail with `ERR_CONNECTION_TIMED_OUT`.

Chrome version: 70.0.3538.102  Channel: n/a
OS Version: OS X 10.12.6
Flash Version:
 
Labels: Needs-Triage-M70
Cc: susan.boorgula@chromium.org
Components: Platform>Extensions Internals>Network>Proxy
Labels: Triaged-ET Needs-Feedback
tdriley@ Thanks for the issue.

Request you to provide a sample Extension where this issue can be reproduced, which will help in further triaging.

Thanks..
Cc: rdevlin....@chromium.org mef@chromium.org
Labels: -Type-Bug Type-Feature
Status: Untriaged (was: Unconfirmed)
Mac triage: into extensions & network triage queues, since this is a spec FR, not a bug report (I think).
Components: Internals>Network>Auth
Labels: -Needs-Feedback

Sign in to add a comment