URL: -
Basic auth username / password: test / test
Pushed file: /style.css
Server: nginx/1.18.0 (Ubuntu)
Browser / Version: Firefox 91.0 (20210804193234)
Operating System: Mac OS X 10.15.7 (arm64)
Tested Another Browser: Yes. Chrome 92.0.4515.159 (Official Build) (arm64) and Safari 14.1.2 (16611.3.10.1.3) (arm64).
Problem type: Something else
Description: HTTP/2 server push requires new authentication on every page load/refresh, instead of reusing credentials passed on initial load. Chrome and Safari seem to remember credentials to some extent although Chrome seems to do this more consistently.
Additionally, credentials passed on page load on the document itself are not passed onto server push resources in the same domain. Chrome seems to do this, so you only have to enter credentials once, then they get shared automatically to server push resources, and if credentials don't work, you are prompted user/pass for those resources separately. Firefox's current behavior is sort of logical, as the resources are being pushed simultaneously, but can this be improved say the same way as Chrome handles this?
Steps to Reproduce:
- Visit a website with http basic auth enabled globally with the same user/pass
- Enter user/pass
- You are still being prompted user/pass for all server push resources in the same domain
- Reload the page, you are being prompted user/pass for server push resources again
Expected behavior:
- Visit a website with http basic auth enabled globally with the same user/pass
- Enter user/pass
- Page loads with all the server push resources
- Reload the page and your previous user/pass is reused for the requests
Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1726152
Browser Configuration
From webcompat.com with ❤️
URL: -
Basic auth username / password: test / test
Pushed file:
/style.cssServer: nginx/1.18.0 (Ubuntu)
Browser / Version: Firefox 91.0 (20210804193234)
Operating System: Mac OS X 10.15.7 (arm64)
Tested Another Browser: Yes. Chrome 92.0.4515.159 (Official Build) (arm64) and Safari 14.1.2 (16611.3.10.1.3) (arm64).
Problem type: Something else
Description: HTTP/2 server push requires new authentication on every page load/refresh, instead of reusing credentials passed on initial load. Chrome and Safari seem to remember credentials to some extent although Chrome seems to do this more consistently.
Additionally, credentials passed on page load on the document itself are not passed onto server push resources in the same domain. Chrome seems to do this, so you only have to enter credentials once, then they get shared automatically to server push resources, and if credentials don't work, you are prompted user/pass for those resources separately. Firefox's current behavior is sort of logical, as the resources are being pushed simultaneously, but can this be improved say the same way as Chrome handles this?
Steps to Reproduce:
Expected behavior:
Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1726152
Browser Configuration
From webcompat.com with ❤️