Prototype contains a work-around for an old Mozilla bug that sets a "Connection: close" header on XMLHttpRequest POSTs. The Mozilla bug this work-around is for was fixed in Firefox 1.5.
The "Connection: close" header causes NTLM (Windows) authentication to fail, because the challenge-response sequence requires keep-alive. Below is a patch that removes the work-around from Prototype. I assume this will cause whatever problem the work-around was originally designed to fix to reappear in Firefox versions < 1.5. I'll leave it up to the core team to decide whether to introduce some User-Agent detection to preserve the work-around code for legacy Firefox clients.
See also:
Mozilla #246651 - the bug the work-around was designed for (fixed)
Mozilla #331210 - the bug caused by the work-around (see the last few comments)
Index: src/ajax.js
===================================================================
--- src/ajax.js (revision 4745)
+++ src/ajax.js (working copy)
@@ -120,13 +120,6 @@
if (this.options.method == 'post') {
requestHeaders.push('Content-type', this.options.contentType);
-
- /* Force "Connection: close" for Mozilla browsers to work around
- * a bug where XMLHttpReqeuest sends an incorrect Content-length
- * header. See Mozilla Bugzilla #246651.
- */
- if (this.transport.overrideMimeType)
- requestHeaders.push('Connection', 'close');
}
if (this.options.requestHeaders)
