Extension webRequest features cannot force re-auth for proxy server after cancelled (or successful) auth
Reported by
tdri...@gmail.com,
Nov 28
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Steps to reproduce the problem: (Using code as per web extension example here https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onAuthRequired#Examples) 1. In a Web Extension, have a username and password ready in the JavaScript or storage that is *incorrect* for this proxy. 2. Add a handler for event webRequest.onAuthRequired which provides the username and password when challenged. 3. Set a proxy with chrome.proxy.settings.set 4. Make a request (and fail auth) to the proxy, the code will return {cancel:true} from the onAuthRequired listener. 5. Subsequent requests to this proxy will fail with `ERR_PROXY_CONNECTION_FAILED`, with no way to re-authenticate. Also vice versa (though less of an issue): A) Follow the steps above, but have the *correct* password ready in JavaScript. B) Successfully auth on a proxy server. C) All subsequent requests will include the `Proxy-Authorization` header with the auth'd user/pass, with no way to force re-auth. What is the expected behavior? There would be a way in either case to force authentication again. What went wrong? After cancelled auth, it is not possible to use that server again. After successful auth, it is not possible to change the details being used for that server. Did this work before? N/A Does this work in other browsers? N/A Using the webRequest event listeners in a Web Extension, when correct details are provided for onAuthRequired, the browser continues to use these details in the `Proxy-Authorization` header for that server indefinitely and there is no way to force re-auth from the browser. Vice versa, when `{cancel:true}` is returned from the handler provided to `onAuthRequired` ( as per example https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onAuthRequired#Examples ) the `onAuthRequired` event does not fire again for this server, and the requests fail with `ERR_CONNECTION_TIMED_OUT`. Chrome version: 70.0.3538.102 Channel: n/a OS Version: OS X 10.12.6 Flash Version:
,
Nov 28
tdriley@ Thanks for the issue. Request you to provide a sample Extension where this issue can be reproduced, which will help in further triaging. Thanks..
,
Jan 2
Mac triage: into extensions & network triage queues, since this is a spec FR, not a bug report (I think).
,
Jan 2
,
Jan 12
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by vamshi.kommuri@chromium.org
, Nov 28