Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Firefox 76 doesn't always resend the POST request body after Kerberos authentication

  • 1 antwoord
  • 1 heeft dit probleem
  • 8 weergaven
  • Laatste antwoord van Roland Tanglao

more options

I develop for an intranet application at work. It is based on ASP.NET Webforms. The production servers have IIS 7 with persistent authentication disabled (Persist-Auth: false), which means that the browser should re-authenticate on every request. For a POST request (full PostBack) with a large enough body, Firefox does not resend the request body anymore as of Firefox 76 (worked with previous versions). I have verified this in Fiddler. Other browsers do not have this issue. This breaks the website because the ViewState is not being sent.

Expected compliant behavior (Chrome does it like this):

  1. Browser sends the request (without authorization header)
  2. Server responds with 401
  3. Browser resends the same complete request, with authorization header
  4. Server responds with 200 + content

Incorrect behaviour in Firefox 76:

  1. Browser sends the request (without authorization header)
  2. Server responds with 401
  3. Browser resends the request with an empty body, with authorization header
  4. Server waits for the body but does not receive it, and the request gets cancelled after 2 minutes. Eventually, the browser displays a 401 Not Authorized error, but with Fiddler running I can see a 408 error with the text: "The request body did not contain the specified number of bytes. Got 0, expected xxx."

Just for fun, this is the non-compliant behavior in IE11 that actually works, unlike Firefox:

  1. Browser sends the request with the authorization header from the previous GET request
  2. Server responds with 200 + content
I develop for an intranet application at work. It is based on ASP.NET Webforms. The production servers have IIS 7 with persistent authentication disabled (Persist-Auth: false), which means that the browser should re-authenticate on every request. For a POST request (full PostBack) with a large enough body, Firefox does not resend the request body anymore as of Firefox 76 (worked with previous versions). I have verified this in Fiddler. Other browsers do not have this issue. This breaks the website because the ViewState is not being sent. Expected compliant behavior (Chrome does it like this): # Browser sends the request (without authorization header) # Server responds with 401 # Browser resends the same complete request, with authorization header # Server responds with 200 + content Incorrect behaviour in Firefox 76: # Browser sends the request (without authorization header) # Server responds with 401 # Browser resends the request with an empty body, with authorization header # Server waits for the body but does not receive it, and the request gets cancelled after 2 minutes. Eventually, the browser displays a 401 Not Authorized error, but with Fiddler running I can see a 408 error with the text: "The request body did not contain the specified number of bytes. Got 0, expected xxx." Just for fun, this is the non-compliant behavior in IE11 that actually works, unlike Firefox: # Browser sends the request with the authorization header from the previous GET request # Server responds with 200 + content

Bewerkt door OronDF343 op

Alle antwoorden (1)

more options

Hi OronDF343

This is not a web developer forum; this forum is focused on user questions.

I would file a bug in bugzilla: https://bugzilla.mozilla.org/home or ask a question in stack overflow and tag it firefox https://stackoverflow.com/questions/tagged/firefox


Cheers! ..Roland