为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Recent firefox upgrade gieves me an authorization error on my framed site.

  • 10 个回答
  • 5 人有此问题
  • 34 次查看
  • 最后回复者为 rweil

more options

Recent Firefox upgrade (40.0.2) gives me an authorization error on my framed site.

I have a site http://calendar.shaw-weil.com/ which is nothing but a frame. See below

When I click a date number I now get Authorization Required You need a userid and password for accessing this calendar

I use to, and if I go to http://128.2.204.57:5555/default and click a date i get a web authorization pop-up saying A username and password are being requested by http://128.2.204.57:5555. The site says: "iCal Login"

What changed? and is there an option to disable it?

Thanks in advance for your time Roy


<title>Mary and Roys Calendar</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <frameset rows="100%"> <frame src="http://128.2.204.57:5555/default" title="Mary and Roys Calendar" frameborder="0" noresize="noresize"/> <noframes>

Mary and Roys Calendar

http://calendar.shaw-weil.com/

</noframes> </frameset>

Recent Firefox upgrade (40.0.2) gives me an authorization error on my framed site. I have a site http://calendar.shaw-weil.com/ which is nothing but a frame. See below When I click a date number I now get Authorization Required You need a userid and password for accessing this calendar I use to, and if I go to http://128.2.204.57:5555/default and click a date i get a web authorization pop-up saying A username and password are being requested by http://128.2.204.57:5555. The site says: "iCal Login" What changed? and is there an option to disable it? Thanks in advance for your time Roy <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html> <head> <title>Mary and Roys Calendar</title> <meta name="keywords" content="" /> <meta name="description" content="" /> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> </head> <frameset rows="100%"> <frame src="http://128.2.204.57:5555/default" title="Mary and Roys Calendar" frameborder="0" noresize="noresize"/> <noframes> <body> <h1>Mary and Roys Calendar</h1> <p><a href="http://128.2.204.57:5555/default">http://calendar.shaw-weil.com/</a></p> </body> </noframes> </frameset> </html>

被采纳的解决方案

There is a way to undo this change in your Firefox if you like. As long as you are suspicious of this prompt appearing on other sites than your own.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste auth and pause while the list is filtered

(3) Double-click the network.auth.allow-subresource-auth preference and edit the 1 to a 2 and click OK

  • 1 shows the login dialog only for framed pages, images, etc., hosted on the same site
  • 2 allows the login dialog for framed pages, images, etc., hosted on any site

When I test the change, it worked. I still think it's bad that it's not a secure connection.

定位到答案原位置 👍 2

所有回复 (10)

more options

I'm not seeing the problem on Windows 7. Here's what I suggest:

(1) In case this is a problem with cached files, clear Firefox's cache. See: How to clear the Firefox cache. If you have a large hard drive, this might take a couple minutes to complete.

Then reload the site (Ctrl+r). Any improvement?

(2) In case this is a problem with a corrupted cookie, clear cookies for both the "outer" site and the "inner site". The easiest way is to load each in turn and use the Page Info dialog to get to the cookie list. Either:

  • right-click and choose View Page Info > Security > "View Cookies"
  • (menu bar) Tools > Page Info > Security > "View Cookies"
  • click the padlock or globe icon in the address bar > More Information > "View Cookies"

In the dialog that opens, you can remove the site's cookies individually.

Then repeat with the second site, and reload. Success?

If that doesn't help, we can check issues such as:

  • are cookies blocked?
  • is the referring site information blocked?
  • is this a sign from the universe that you should take a little time off?
more options

Cleared cache, cleared cookies both sites. cleared saved passwords.

No Joy

The same started happening on a Windows 7 machines as well. i.e it just started happening, and the only known upgrade was to Firefox

Further note. If I go to the 128... site and log in, then I can go to the Calendar site and get in with no further authorization.

so the answers to sub questions 1 and 2 is nothing is blocked. the answer to sub question 3 is dont I wish

Roy

more options

Hi Roy, does it make any difference if you use a private window? Assuming you are in a regular session now, the private window should look like a different user to the site. To load that, you can right-click the link in your original question and use Open Link in New Private Window, or use Ctrl+Shift+p to launch the window and then go to the calendar as you usually do.

more options

I'm sorry, I did not test correctly before, I clicked an appointment link, not a date link. When I click a date link, I get the same message.

more options

When I click a date link, it calls an edit command, so naturally that is subject to authentication. So we return to the question is why it worked in earlier versions of Firefox and not in Firefox 40?

I can understand why Firefox does not pop up the two line login dialog for a framed page, to avoid deception by embedded frames designed to capture your credentials for a different site. Was that a change in Firefox 40, or is the change that iCal isn't remembering that you are logged in?

By the way, I would not enter your password in the dialog from http://128.2.204.57:5555/default because it is not a secure connection. Someone with access to your request anywhere along the network between you and iCal could learn your password that way.

Hopefully there's another way to make this work.

more options

Ical appears to be remembering that I log in, because

If I go to the 128... site and log in, then I can go back to the Calendar... site and do the edits with no further authorization.

New Private Window is also No Joy.

Is there a change log someplace for Firefox?

Also unfortunately ical is an executable acting as a web server which is why the :5555. So no help there looking at the internals.

Roy

more options

rweil said

Is there a change log someplace for Firefox?

Sort of. On the Release Notes page you'll see a link to a complete list of changes in the release. This queries the bug tracking system for the hundreds of different issues addressed: https://www.mozilla.org/firefox/40.0.2/releasenotes/

more options

Looks like it is a change to stop showing the login dialog for framed pages:

"Users can be fooled into typing their credentials into HTTP authentication dialogs from other (potentially attacker-controlled) web sites if an attacker can inject content protected by HTTP auth into a legitimate site. Sub-document resources like images, scripts, iframes, etc. should not be able to cause this dialog, possibly in any case, but certainly in cases where the resource is in a different origin."

Source: Bug #647010 – Only present HTTP authentication dialogs if it is the top-level document initiating the auth.

A lot of angry/frustrated comments at the end, but really the solution would be to file a new bug proposing a better user interface for the authentication request.

more options

选择的解决方案

There is a way to undo this change in your Firefox if you like. As long as you are suspicious of this prompt appearing on other sites than your own.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste auth and pause while the list is filtered

(3) Double-click the network.auth.allow-subresource-auth preference and edit the 1 to a 2 and click OK

  • 1 shows the login dialog only for framed pages, images, etc., hosted on the same site
  • 2 allows the login dialog for framed pages, images, etc., hosted on any site

When I test the change, it worked. I still think it's bad that it's not a secure connection.

more options

Thanks for the prompt replies. doing the about:config ... workaround worked for me.

I have submitted a request to ICal for a fix. both to this problem and to https: