Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-103

Accept header authentication factor unreliable with Mozilla based browsers

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 0.4
    • 0.1, 0.2, 0.3, 0.3.1, 0.3.2, 0.3.3
    • None
    • None

    • Firefox 1.5, Firefox 2.0, Camino

    Description

      The use of the HTTP accept header as an authentication factor is unreliable when Mozilla based browsers are used.

      By default Mozilla based browsers will send an accept header similar to the following:

      Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

      However this changes when requesting an image embedded via the HTML IMG element

      Accept: image/png,*/*;q=0.5

      It's also worth noting that Firefox will request javascript sourced via a SCRIPT element with

      Accept: */*

      I think in light of this, the use of the accept header as an authentication factor isn't very reliable as the semantics of this header means it may vary at will.

      Attachments

        Activity

          People

            Unassigned Unassigned
            christopher.owen@atlassian.com Christopher Owen [Atlassian]
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: