I'm having an issue with Firefox where it's sending the Authorization: Basic header on every request after htpasswd login with the htpasswd credentials.
Access the site, a htpasswd authentication box pops up. I put in the credentials and view the site successfully.
Send a request with a custom Authorization: Basic header. On Firefox it's still sending the htpasswd credentials.
It seems like on Firefox it's overriding the Authorization header I'm setting. I noticed that on both Firefox and Chrome, after a htpasswd login, the Authorization: Basic header is set for every request. But Chrome lets me override its value and therefore I don't have this problem. I haven't tested this but it looks like we're having the same issue with Safari.
How can I solve this?
As said by KeatsPeeks, this issue is solved in version 46, with the following patch : Don't rewrite custom Authorization header set on a channel by cached credential
From the patch :
+ if (aDontUseCachedWWWCreds) {
+ LOG(("Authorization header already present:"
+ " skipping adding auth header from cache\n"));
+ return NS_OK;
+ }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With