This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

firefox bypasses authorization required to get to page on site or This server could not verify that you are authorized to access the document requested.

more options

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

All Replies (6)

more options

Do you recall whether this site uses cookies or whether you previously got a two-line popup dialog (basic authentication)?

There was a change in Firefox 40 related to basic authentication. Firefox no longer shows the login prompt for a framed page that is hosted on a different server. This is to protect you from accidentally giving your credentials for the outer page to an attacker using an embedded frame.

One workaround is to used the framed page directly (right-click the page > This Frame > Open Frame in New Tab), but if you prefer to disable this new protection, there is an option to do that. Of course, please be suspicious of this prompt appearing on other sites.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste auth and pause while the list is filtered

(3) Double-click the network.auth.allow-subresource-auth preference and edit the 1 to a 2 and click OK

  • 1 shows the login dialog only for framed pages, images, etc., hosted on the same site
  • 2 allows the login dialog for framed pages, images, etc., hosted on any site

That should take effect the next time you reload the outer page (your original address).

Was that it?

more options

This may work for me but is not a global fix for all users. I'm trying to create an area of my website that requires a login by any user. Right now Firefox lets the world walk right in or posts the error. As I mentioned earlier IE, Safari, Chrome have the authentication process - How can I accomplish this with firefox?

more options

Oh, this is your website. What method of authentication are you using?

If you are using basic auth, what I posted is only relevant to a cross-site scenario, for example, a frame of subdomain.example.com within a page on www.example.com.

more options

AuthType basic

I'm doing this through godaddy and have not configured the .htaccess as shown in this article on the godaddy site https://www.godaddy.com/help/how-to-password-protect-a-directory-using-htaccess-12135

I have looked at the file and it is fine. What must I do to make firefox comply with theis or other solution?

more options
more options

Hi harlemrag, I don't know why Firefox would be able to bypass basic authentication. Can you identify circumstances under which that happens? There is some period of time during which authentication is cached so the user does not need to re-enter it. But otherwise, I can't think of any reason for it not to be required.

As for the cross-site issue, you haven't indicated that there is any change in the host name, or any framing, so I don't know whether that is relevant to you.