Auth popup in FF ONLY with correctly configured kerberos/ntlm/basic_ldap on live.github.com

[ra-at-diladele-com]

Scenario:

1. Browser goes to github.com
2. github page is loaded
3. github initiates CONNECT tunnel to live.github.com
4. Squid asks for creds
5. browser provides creds
6. ICAP responds with 204 no content as there is nothing in request that would tell us it is websocket (for us it is just a tunnel)
7. Squid bumps the TUNNEL
8. Browser sends the following:

   
   REQMOD icap://127.0.0.1:1344/reqmod ICAP/1.0
   Host: 127.0.0.1:1344
   Date: Thu, 26 Jan 2017 12:44:28 GMT
   Encapsulated: req-hdr=0, null-body=772
   Preview: 0
   Allow: 204
   X-Client-IP: 192.168.1.10
   X-Client-Username: XXX-BLA-BLA-XXX

GET https://live.github.com/_sockets/VjI6MTQ1OTg3NjE4OjM2Y2FlOGViMjdiNTBhMjk0NjgxMjFiZTk3NGE4NjI0NjJhYmM5MzcyYjQzYmVmMGIzZThiOTQyZGFmY2RlYTA=--3fb7af696fd43d5d23d18547d79bd2d7ce272300 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: https://github.com Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: 3GKhE+Bwx6io3zJviW9r2w== Pragma: no-cache Cache-Control: no-cache Host: live.github.com

After that we respond with ICAP/1.0 204 No Content and after that something happens that triggers the PROXY POPUP later.

It might be binary 'web socket' data that Squid cannot parse...

[ra-at-diladele-com]

See test at http://websocketstest.com/

And why it does not work - http://meta.stackexchange.com/questions/135062/firefox-cant-establish-a-connection-to-the-server-at-ws-sockets-ny-stackexcha

[ra-at-diladele-com]

It is indeed web socket. But ONLY in FF it gives the auth popup - IE, Edge, Chrome it just silently closed.