SSL handshake failure in Firefox when making cross-domain requests with client certificates over xhr

The scenario is as follows:

  • Using Firefox (versions 3.x and 4b) with functioning certificates, including a client certificate.
  • Accessing a web page with an AJAX call using the XMLHttpRequest() method to a different subdomain.
  • A custom web server located in that subdomain accepting requests, responding with an open Access-Control-Allow-Origin header, and requesting client verification.

The issue arises when Firefox abruptly terminates the request (as indicated in Firebug). When testing the setup with openssl s_server, it appears that Firefox fails to send the client certificate:

140727260153512:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
did not return a certificate:s3_srvr.c:2965:ACCEPT

Interestingly, the same configuration functions correctly in Chrome, pointing to a potential flaw in Firefox. However, making the AJAX call using a <script> element injected into the DOM delivers the expected results...

Has anyone else encountered this issue? Is it a known bug? Are there any workarounds available? Could there be something obvious that we're overlooking?

javascriptajaxfirefoxhttpsclient-certificates

Answer №1

Jumping in years later may not directly assist the original poster, but could be beneficial for anyone else facing a similar issue down the road...

I recently encountered an issue where Firefox was failing to send the client certificate with a cross-origin XHR request by default. Fortunately, setting withCredentials=true on the XHR instance resolved the problem for me. Interestingly, this issue did not occur when using Chrome.

To learn more about this topic, I recommend checking out this blog post from Mozilla Dev Network. Specifically, the post mentions:

By default, browsers do not transmit credentials during cross-site XMLHttpRequest requests. You must explicitly enable this feature by setting a certain flag on the XMLHttpRequest object when making the call.

Answer №2

The reason why injecting the script is effective rather than using a simple XHR request is due to the concept of the Same Origin Policy. Chrome allows XHR requests from subdomains as part of the same origin, whereas Firefox does not. Injecting scripts from different domains, such as what Google Analytics does, is permitted and one of the methods used to address this issue. Our team handles this by utilizing a server-side proxy for requests. If possible, I suggest using a server-side proxy, but if not, script injection can work well as long as it is from a trusted source. I also came across an article that may help shed light on your situation: this article.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Creating dynamic components from JSON elements does not trigger a rerender of components within an array

Imagine having a simplified input structure like this: [ { type: "text", text: "how are you {name}" }, { type: "input", input: "name" }, { type: "text", text: "good to ...

javascriptarraysreactjstypescriptdynamic

How can we implement :focus-within styling on Material-UI Select when the input is clicked?

I am currently implementing a Select component inside a div element: <div className="custom-filter custom-filter-data"> <DateRangeIcon className="search-icon"/> <FormControl variant='standard& ...

javascriptreactjsmaterial-ui

Executing a JavaScript script from a C# script: A step-by-step guide

Greetings all! I am currently engrossed in a school project that requires me to populate a paragraph element with data from a table in my database. Initially, I attempted to achieve this task using JavaScript, but due to the connection script being in C#, ...

javascriptc#htmlsqlasp.net

Intersection Observer is functioning properly as elements vanish once they finish appearing

New to this forum and looking forward to receiving assistance and making some fantastic connections! Currently working on my personal portfolio with the goal of getting it online for job hunting purposes, but encountering some challenges along the way. T ...

javascripthtmlcssbootstrap-4

Is there a way to automatically start a YouTube video using JavaScript?

Is it possible to automatically play a YouTube embedded video after a visitor has been on the site for a certain amount of time, without affecting view count? I am looking for a JavaScript solution that can accomplish this without having to modify the em ...

javascriptyoutubeviewembed

Building a date conversion process using JavaScript

Is there a way to change this date format: Sun Jan 08 2012 00:00:00 GMT+0530 (Sri Lanka Standard Time) to look like this: 2012-01-08 using JavaScript? Thank you! Edit: I was working with ExtJS and discovered that there's an easier way to achiev ...

javascript

I'm having trouble getting a http.request to run within an imported module. It just doesn't seem to work when I try to access

Here is the code from my main.js file: var spaceJson = require('./space.js'); var options = { "method": "GET", "hostname": "10.10.111.226", "port": null, "path": "/API/Org", "headers": { "authorization": "Bearer eyJ0eXAiOiJKV1QiLCJ ...

javascriptnode.js

Error message encountered: "Uncaught (in promise) SyntaxError: Unexpected token < in JSON at position 0, specifically occurring on the get request

Upon completing the construction of my project, I have encountered an error following the building of my application. The error message reads: Uncaught (in promise) SyntaxError: Unexpected token < in JSON at position 0 This error only appears on pages ...

javascriptnode.jsreactjs

How to delete an element from a session array using Jquery and Ajax techniques

In my table, each element in an array corresponds to a row. I'm attempting to delete an element when the delete image (with the id deleteRowButton) is clicked. Currently, nothing happens upon clicking the image. However, if I remove the line var index ...

javascriptphpjqueryajax

Setting up React Native on a Mac M1 device

I am currently setting up React Native on my MacBook M1 Despite having installed npm, JDK, Node, Rosetta, CocoaPod, VSCode, Android Studio, Xcode and more, when I try to run the command (npm start), the directories for iOS and Android are not present. The ...

javascriptiosnode.jsreact-nativenpm

Creating a dynamic template in AngularJS directive

I am curious about how to create a dynamic template directive. Here's the challenge - when I am on the main page or main categories such as page1 or page2, my template should include all the divs. However, when I am on a submenu like subpage1 or subp ...

javascriptangularjstemplatesdynamicdirective

Issues with passing information from a child component to a parent component in a

Currently, I am developing a guessing game that involves questions and selection logic embedded in a component known as Questions. However, I am facing issues with App not being able to read the Questions code correctly. My objective is to have the state i ...

javascriptreactjsecmascript-6components

Troubleshooting Problem with CSS and Javascript Dropdown Menu

Greetings, fellow web designers! I am relatively new to the world of web design and currently, I am immersed in the process of creating a website. My current project involves implementing a dropdown menu using CSS and Javascript. While I have made signific ...

javascripthtmlcssnavbardropdown

Submission successful, unfortunately unable to upload files in the combined form

When attempting to combine submit and upload in one form, I encountered an issue with the upload process, but submitting the form is working fine. Using JQuery and Ajax : $("#oqcsubmit").click(function() { if($("#oqc").valid()) { var para ...

phpjqueryajaxfile-upload

Obtain the numerical value of the vertical position of the mouse (

Currently, I am coding a JavaScript game and my objective is to designate a variable specifically for the Y axis of the mouse. I kindly request that the code be kept as simple and straightforward as possible, avoiding unnecessary complexity. That conclud ...

javascripthtmlvariablesyaxis

What are the steps to utilize DOMParser in next.js?

When it comes to manipulating an HTML string, in VanillaJS you would typically do something like this: let stringHTML = '<p>hello</p> <style> p{ ...

javascriptreactjsdomnext.jsdomparser

Exploring AJAX GET requests and JavaScript capabilities

Just starting out with javascript and I'm a bit confused about how to solve a particular issue. Hopefully, the example below can help explain my situation: let tasks = { '04-23-2018' : '<a href="http://tympanus.net/codrops/201 ...

javascriptajaxget

Struggling with transferring information from JavaScript to PHP through the use of Ajax

Currently, I am working on creating a string using a JavaScript function and then passing it to PHP. This is the block of code in my JavaScript file: <script> function passVal(){ var strUrl = buildStringUrl(lat1, lng1, lat2, ...

javascriptphpajax

What is the best way to choose CSS class attributes using Mootools and the getStyle()

Seeking to duplicate an object, I am trying to figure out how to retrieve class CSS attributes from Mootools. css: .card { width: 109px; height: 145px; } html: <div id="cards"> <div class="card" id="c0"> <div class="face fron ...

javascriptcssmootools

Aligning validation schema with file type for synchronization

Below is the code snippet in question: type FormValues = { files: File[]; notify: string[]; }; const validationSchema = yup.object({ files: yup .array<File[]>() .of( yup .mixed<File>() .required() .t ...

javascriptreactjstypescriptreact-hook-formyup