WebKit Bugzilla
Attachment 347238 Details for
Bug 186870
: NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186870-20180815205629.patch (text/plain), 43.07 KB, created by
Alex Christensen
on 2018-08-15 20:56:31 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Alex Christensen
Created:
2018-08-15 20:56:31 PDT
Size:
43.07 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 234900) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,21 @@ >+2018-08-15 Ansh Shukla <ansh_shukla@apple.com> >+ >+ NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault >+ https://bugs.webkit.org/show_bug.cgi?id=186870 >+ <rdar://problem/41314410> >+ >+ Reviewed by Alex Christensen. >+ >+ Add the ProtectionSpaceAuthenticationSchemeOAuth type. >+ >+ * platform/network/ProtectionSpaceBase.cpp: >+ (WebCore::ProtectionSpaceBase::isPasswordBased const): Return yes because the oauth challenge >+ expects a token in return. >+ * platform/network/ProtectionSpaceBase.h: >+ * platform/network/cocoa/ProtectionSpaceCocoa.mm: >+ (WebCore::scheme): >+ (WebCore::ProtectionSpace::nsSpace const): >+ > 2018-08-15 Aditya Keerthi <akeerthi@apple.com> > > [Datalist] Add button to TextFieldInputs with a datalist >Index: Source/WebCore/PAL/ChangeLog >=================================================================== >--- Source/WebCore/PAL/ChangeLog (revision 234900) >+++ Source/WebCore/PAL/ChangeLog (working copy) >@@ -1,3 +1,14 @@ >+2018-08-15 Ansh Shukla <ansh_shukla@apple.com> >+ >+ NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault >+ https://bugs.webkit.org/show_bug.cgi?id=186870 >+ <rdar://problem/41314410> >+ >+ Reviewed by Alex Christensen. >+ >+ * pal/spi/cf/CFNetworkSPI.h: Declare OAuth string when not building against the >+ internal SDK. >+ > 2018-08-15 Aditya Keerthi <akeerthi@apple.com> > > [Datalist] Add button to TextFieldInputs with a datalist >Index: Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h >=================================================================== >--- Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (revision 234900) >+++ Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (working copy) >@@ -178,6 +178,8 @@ typedef void (^CFCachedURLResponseCallBa > #endif > @end > >+extern NSString * const NSURLAuthenticationMethodOAuth; >+ > #endif // defined(__OBJC__) > > #endif // !PLATFORM(WIN) && !USE(APPLE_INTERNAL_SDK) >Index: Source/WebCore/platform/network/ProtectionSpaceBase.cpp >=================================================================== >--- Source/WebCore/platform/network/ProtectionSpaceBase.cpp (revision 234900) >+++ Source/WebCore/platform/network/ProtectionSpaceBase.cpp (working copy) >@@ -108,6 +108,7 @@ bool ProtectionSpaceBase::isPasswordBase > case ProtectionSpaceAuthenticationSchemeHTMLForm: > case ProtectionSpaceAuthenticationSchemeNTLM: > case ProtectionSpaceAuthenticationSchemeNegotiate: >+ case ProtectionSpaceAuthenticationSchemeOAuth: > return true; > case ProtectionSpaceAuthenticationSchemeClientCertificateRequested: > case ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested: >Index: Source/WebCore/platform/network/ProtectionSpaceBase.h >=================================================================== >--- Source/WebCore/platform/network/ProtectionSpaceBase.h (revision 234900) >+++ Source/WebCore/platform/network/ProtectionSpaceBase.h (working copy) >@@ -52,6 +52,7 @@ enum ProtectionSpaceAuthenticationScheme > ProtectionSpaceAuthenticationSchemeNegotiate = 6, > ProtectionSpaceAuthenticationSchemeClientCertificateRequested = 7, > ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested = 8, >+ ProtectionSpaceAuthenticationSchemeOAuth = 9, > ProtectionSpaceAuthenticationSchemeUnknown = 100 > }; > >Index: Source/WebCore/platform/network/cocoa/ProtectionSpaceCocoa.mm >=================================================================== >--- Source/WebCore/platform/network/cocoa/ProtectionSpaceCocoa.mm (revision 234900) >+++ Source/WebCore/platform/network/cocoa/ProtectionSpaceCocoa.mm (working copy) >@@ -26,6 +26,8 @@ > #import "config.h" > #import "ProtectionSpaceCocoa.h" > >+#import <pal/spi/cf/CFNetworkSPI.h> >+ > namespace WebCore { > > static ProtectionSpaceServerType type(NSURLProtectionSpace *space) >@@ -80,6 +82,8 @@ static ProtectionSpaceAuthenticationSche > if ([method isEqualToString:NSURLAuthenticationMethodServerTrust]) > return ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested; > #endif >+ if ([method isEqualToString:NSURLAuthenticationMethodOAuth]) >+ return ProtectionSpaceAuthenticationSchemeOAuth; > > ASSERT_NOT_REACHED(); > return ProtectionSpaceAuthenticationSchemeUnknown; >@@ -155,6 +159,9 @@ NSURLProtectionSpace *ProtectionSpace::n > method = NSURLAuthenticationMethodClientCertificate; > break; > #endif >+ case ProtectionSpaceAuthenticationSchemeOAuth: >+ method = NSURLAuthenticationMethodOAuth; >+ break; > default: > ASSERT_NOT_REACHED(); > } >Index: Source/WebKit/ChangeLog >=================================================================== >--- Source/WebKit/ChangeLog (revision 234903) >+++ Source/WebKit/ChangeLog (working copy) >@@ -1,3 +1,17 @@ >+2018-08-15 Ansh Shukla <ansh_shukla@apple.com> >+ >+ NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault >+ https://bugs.webkit.org/show_bug.cgi?id=186870 >+ <rdar://problem/41314410> >+ >+ Reviewed by Alex Christensen. >+ >+ Correctly expose the OAuth protection space type in API. >+ >+ * UIProcess/API/C/WKAPICast.h: >+ (WebKit::toAPI): >+ * UIProcess/API/C/WKProtectionSpaceTypes.h: >+ > 2018-08-15 Alex Christensen <achristensen@webkit.org> > > Remove WKNavigationDelegatePrivate's canAuthenticateAgainstProtectionSpace >Index: Source/WebKit/UIProcess/API/C/WKAPICast.h >=================================================================== >--- Source/WebKit/UIProcess/API/C/WKAPICast.h (revision 234900) >+++ Source/WebKit/UIProcess/API/C/WKAPICast.h (working copy) >@@ -364,6 +364,8 @@ inline WKProtectionSpaceAuthenticationSc > return kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested; > case WebCore::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested: > return kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested; >+ case WebCore::ProtectionSpaceAuthenticationSchemeOAuth: >+ return kWKProtectionSpaceAuthenticationSchemeOAuth; > default: > return kWKProtectionSpaceAuthenticationSchemeUnknown; > } >Index: Source/WebKit/UIProcess/API/C/WKProtectionSpaceTypes.h >=================================================================== >--- Source/WebKit/UIProcess/API/C/WKProtectionSpaceTypes.h (revision 234900) >+++ Source/WebKit/UIProcess/API/C/WKProtectionSpaceTypes.h (working copy) >@@ -53,6 +53,7 @@ enum { > kWKProtectionSpaceAuthenticationSchemeNegotiate, > kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested, > kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested, >+ kWKProtectionSpaceAuthenticationSchemeOAuth, > kWKProtectionSpaceAuthenticationSchemeUnknown = 100, > }; > typedef uint32_t WKProtectionSpaceAuthenticationScheme; >Index: Tools/ChangeLog >=================================================================== >--- Tools/ChangeLog (revision 234900) >+++ Tools/ChangeLog (working copy) >@@ -1,3 +1,16 @@ >+2018-08-15 Ansh Shukla <ansh_shukla@apple.com> >+ >+ NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault >+ https://bugs.webkit.org/show_bug.cgi?id=186870 >+ <rdar://problem/41314410> >+ >+ Reviewed by Alex Christensen. >+ >+ * WebKitTestRunner/TestController.cpp: >+ (WTR::toString): >+ (WTR::TestController::canAuthenticateAgainstProtectionSpace): Expose type of authentication challenge so we can test OAuth. >+ (WTR::TestController::didReceiveAuthenticationChallenge): >+ > 2018-08-15 Ryan Haddad <ryanhaddad@apple.com> > > Unreviewed, rolling out r234870. >Index: Tools/WebKitTestRunner/TestController.cpp >=================================================================== >--- Tools/WebKitTestRunner/TestController.cpp (revision 234900) >+++ Tools/WebKitTestRunner/TestController.cpp (working copy) >@@ -1809,6 +1809,32 @@ void TestController::didReceiveServerRed > return; > } > >+static const char* toString(WKProtectionSpaceAuthenticationScheme scheme) >+{ >+ switch (scheme) { >+ case kWKProtectionSpaceAuthenticationSchemeDefault: >+ return "ProtectionSpaceAuthenticationSchemeDefault"; >+ case kWKProtectionSpaceAuthenticationSchemeHTTPBasic: >+ return "ProtectionSpaceAuthenticationSchemeHTTPBasic"; >+ case kWKProtectionSpaceAuthenticationSchemeHTMLForm: >+ return "ProtectionSpaceAuthenticationSchemeHTMLForm"; >+ case kWKProtectionSpaceAuthenticationSchemeNTLM: >+ return "ProtectionSpaceAuthenticationSchemeNTLM"; >+ case kWKProtectionSpaceAuthenticationSchemeNegotiate: >+ return "ProtectionSpaceAuthenticationSchemeNegotiate"; >+ case kWKProtectionSpaceAuthenticationSchemeClientCertificateRequested: >+ return "ProtectionSpaceAuthenticationSchemeClientCertificateRequested"; >+ case kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested: >+ return "ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested"; >+ case kWKProtectionSpaceAuthenticationSchemeOAuth: >+ return "ProtectionSpaceAuthenticationSchemeOAuth"; >+ case kWKProtectionSpaceAuthenticationSchemeUnknown: >+ return "ProtectionSpaceAuthenticationSchemeUnknown"; >+ } >+ ASSERT_NOT_REACHED(); >+ return "ProtectionSpaceAuthenticationSchemeUnknown"; >+} >+ > bool TestController::canAuthenticateAgainstProtectionSpace(WKPageRef page, WKProtectionSpaceRef protectionSpace) > { > if (m_shouldLogCanAuthenticateAgainstProtectionSpace) >@@ -1820,7 +1846,7 @@ bool TestController::canAuthenticateAgai > return host == "localhost" || host == "127.0.0.1" || (m_allowAnyHTTPSCertificateForAllowedHosts && m_allowedHosts.find(host) != m_allowedHosts.end()); > } > >- return authenticationScheme <= kWKProtectionSpaceAuthenticationSchemeHTTPDigest; >+ return authenticationScheme <= kWKProtectionSpaceAuthenticationSchemeHTTPDigest || authenticationScheme == kWKProtectionSpaceAuthenticationSchemeOAuth; > } > > void TestController::didFinishNavigation(WKPageRef page, WKNavigationRef navigation) >@@ -1840,8 +1866,9 @@ void TestController::didReceiveAuthentic > { > WKProtectionSpaceRef protectionSpace = WKAuthenticationChallengeGetProtectionSpace(authenticationChallenge); > WKAuthenticationDecisionListenerRef decisionListener = WKAuthenticationChallengeGetDecisionListener(authenticationChallenge); >+ WKProtectionSpaceAuthenticationScheme authenticationScheme = WKProtectionSpaceGetAuthenticationScheme(protectionSpace); > >- if (WKProtectionSpaceGetAuthenticationScheme(protectionSpace) == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) { >+ if (authenticationScheme == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) { > // Any non-empty credential signals to accept the server trust. Since the cross-platform API > // doesn't expose a way to create a credential from server trust, we use a password credential. > >@@ -1858,7 +1885,7 @@ void TestController::didReceiveAuthentic > > std::string host = toSTD(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get()); > int port = WKProtectionSpaceGetPort(protectionSpace); >- String message = String::format("%s:%d - didReceiveAuthenticationChallenge - ", host.c_str(), port); >+ String message = String::format("%s:%d - didReceiveAuthenticationChallenge - %s - ", host.c_str(), port, toString(authenticationScheme)); > if (!m_handlesAuthenticationChallenges) > message.append("Simulating cancelled authentication sheet\n"); > else >Index: LayoutTests/ChangeLog >=================================================================== >--- LayoutTests/ChangeLog (revision 234900) >+++ LayoutTests/ChangeLog (working copy) >@@ -1,3 +1,16 @@ >+2018-08-15 Ansh Shukla <ansh_shukla@apple.com> >+ >+ NSURLAuthenticationMethodOAuth challenges are surfaced to clients in -didReceiveAuthenticationChallenge as NSURLAuthenticationMethodDefault >+ https://bugs.webkit.org/show_bug.cgi?id=186870 >+ >+ Reviewed by Alex Christensen. >+ >+ Ensure the exposed authentication type to clients is OAuth. >+ >+ * http/tests/loading/oauth-expected.txt: Added. >+ * http/tests/loading/oauth.html: Added. >+ * http/tests/loading/resources/oauth-subresource.php: Added. >+ > 2018-08-15 Ali Juma <ajuma@chromium.org> > > Disable IntersectionObserver tests on Windows for now >Index: LayoutTests/http/tests/cache/disk-cache/speculative-validation/http-auth-expected.txt >=================================================================== >--- LayoutTests/http/tests/cache/disk-cache/speculative-validation/http-auth-expected.txt (revision 234900) >+++ LayoutTests/http/tests/cache/disk-cache/speculative-validation/http-auth-expected.txt (working copy) >@@ -1,5 +1,5 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUsername:testPassword >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUsername:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > Tests speculative revalidation of authenticated resources. > > On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >Index: LayoutTests/http/tests/loading/oauth-expected.txt >=================================================================== >--- LayoutTests/http/tests/loading/oauth-expected.txt (nonexistent) >+++ LayoutTests/http/tests/loading/oauth-expected.txt (working copy) >@@ -0,0 +1,6 @@ >+main frame - didStartProvisionalLoadForFrame >+main frame - didCommitLoadForFrame >+main frame - didFinishDocumentLoadForFrame >+main frame - didHandleOnloadEventsForFrame >+main frame - didFinishLoadForFrame >+ >Index: LayoutTests/http/tests/loading/oauth.html >=================================================================== >--- LayoutTests/http/tests/loading/oauth.html (nonexistent) >+++ LayoutTests/http/tests/loading/oauth.html (working copy) >@@ -0,0 +1,22 @@ >+<script src="/js-test-resources/js-test-pre.js"></script> >+<script> >+if (window.testRunner) { >+ testRunner.dumpAsText(); >+ testRunner.waitUntilDone(); >+ testRunner.setHandlesAuthenticationChallenges(false); >+ if (testRunner.setShouldLogCanAuthenticateAgainstProtectionSpace) { >+ testRunner.setShouldLogCanAuthenticateAgainstProtectionSpace(true); >+ testRunner.waitUntilDone(); >+ } >+} >+ >+function runtest() { >+ setTimeout(()=>{ >+ fetch("resources/oauth-subresource.php").then(()=>{ >+ if (window.testRunner) >+ testRunner.notifyDone(); >+ }); >+ }, 0); >+} >+</script> >+<body onload="runtest()"></body> >Index: LayoutTests/http/tests/loading/resources/oauth-subresource.php >=================================================================== >--- LayoutTests/http/tests/loading/resources/oauth-subresource.php (nonexistent) >+++ LayoutTests/http/tests/loading/resources/oauth-subresource.php (working copy) >@@ -0,0 +1,9 @@ >+<?php >+$realm = $_SERVER['REQUEST_URI']; >+ >+header("Cache-Control: no-store"); >+header("WWW-Authenticate: OAuth realm=\"" . $realm . "\""); >+header('HTTP/1.1 401 Unauthorized'); >+echo "Sent OAuth Challenge."; >+exit; >+?> >Index: LayoutTests/platform/mac-wk2/http/tests/inspector/network/resource-request-headers-expected.txt >=================================================================== >--- LayoutTests/platform/mac-wk2/http/tests/inspector/network/resource-request-headers-expected.txt (revision 234900) >+++ LayoutTests/platform/mac-wk2/http/tests/inspector/network/resource-request-headers-expected.txt (working copy) >@@ -1,5 +1,5 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > Test for Resource request headers which may not have been immediately available but eventually are (Cookie, Authorization). > > >Index: LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (working copy) >@@ -2,7 +2,7 @@ main frame - didStartProvisionalLoadForF > main frame - didCommitLoadForFrame > main frame - didFinishDocumentLoadForFrame > frame "<!--frame1-->" - didStartProvisionalLoadForFrame >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with webkit:rocks >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with webkit:rocks > frame "<!--frame1-->" - didCommitLoadForFrame > frame "<!--frame1-->" - didFinishDocumentLoadForFrame > frame "<!--frame1-->" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html >Index: LayoutTests/platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt (working copy) >@@ -4,13 +4,13 @@ main frame - didFinishDocumentLoadForFra > main frame - didHandleOnloadEventsForFrame > main frame - didFinishLoadForFrame > frame "<!--frame1-->" - didStartProvisionalLoadForFrame >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with wrongusername:wrongpassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with wrongusername:wrongpassword > frame "<!--frame1-->" - didCommitLoadForFrame > frame "<!--frame1-->" - didFinishDocumentLoadForFrame > frame "<!--frame1-->" - didHandleOnloadEventsForFrame > frame "<!--frame1-->" - didFinishLoadForFrame > frame "<!--frame2-->" - didStartProvisionalLoadForFrame >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with correctusername:correctpassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with correctusername:correctpassword > frame "<!--frame2-->" - didCommitLoadForFrame > frame "<!--frame2-->" - didFinishDocumentLoadForFrame > frame "<!--frame2-->" - didHandleOnloadEventsForFrame >Index: LayoutTests/platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt (working copy) >@@ -4,13 +4,13 @@ main frame - didFinishDocumentLoadForFra > main frame - didHandleOnloadEventsForFrame > main frame - didFinishLoadForFrame > frame "<!--frame1-->" - didStartProvisionalLoadForFrame >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with first:first-pw >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with first:first-pw > frame "<!--frame1-->" - didCommitLoadForFrame > frame "<!--frame1-->" - didFinishDocumentLoadForFrame > frame "<!--frame1-->" - didHandleOnloadEventsForFrame > frame "<!--frame1-->" - didFinishLoadForFrame > frame "<!--frame2-->" - didStartProvisionalLoadForFrame >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with second:second-pw >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with second:second-pw > frame "<!--frame2-->" - didCommitLoadForFrame > frame "<!--frame2-->" - didFinishDocumentLoadForFrame > frame "<!--frame2-->" - didHandleOnloadEventsForFrame >Index: LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt (nonexistent) >+++ LayoutTests/platform/wk2/http/tests/loading/oauth-expected.txt (working copy) >@@ -0,0 +1,8 @@ >+main frame - didStartProvisionalLoadForFrame >+main frame - didCommitLoadForFrame >+main frame - didFinishDocumentLoadForFrame >+main frame - didHandleOnloadEventsForFrame >+main frame - didFinishLoadForFrame >+canAuthenticateAgainstProtectionSpace >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeOAuth - Simulating cancelled authentication sheet >+ >Index: LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt (working copy) >@@ -3,7 +3,7 @@ main frame - didCommitLoadForFrame > main frame - didFinishDocumentLoadForFrame > frame "<!--frame1-->" - didStartProvisionalLoadForFrame > frame "<!--frame1-->" - didReceiveServerRedirectForProvisionalLoadForFrame >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with httpUsername:httpPassword > frame "<!--frame1-->" - didCommitLoadForFrame > frame "<!--frame1-->" - didFinishDocumentLoadForFrame > frame "<!--frame1-->" - didHandleOnloadEventsForFrame >Index: LayoutTests/platform/wk2/http/tests/media/video-auth-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/media/video-auth-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/media/video-auth-expected.txt (working copy) >@@ -1,4 +1,4 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password > > Tests that the media player sends authorization credentials when requesting a media file. > Testing same domain (127.0.0.1) >Index: LayoutTests/platform/wk2/http/tests/media/video-auth-with-allowCrossOriginSubresourcesToAskForCredentials-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/media/video-auth-with-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/media/video-auth-with-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (working copy) >@@ -1,5 +1,5 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password >-localhost:8000 - didReceiveAuthenticationChallenge - Responding with username:password >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password >+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password > > Tests that the media player sends authorization credentials when requesting a media file. > Testing same domain (127.0.0.1) >Index: LayoutTests/platform/wk2/http/tests/misc/401-alternative-content-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/misc/401-alternative-content-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/misc/401-alternative-content-expected.txt (working copy) >@@ -1,2 +1,2 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > PASS >Index: LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin-expected.txt (working copy) >@@ -1,4 +1,4 @@ >-localhost:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > https://bugs.webkit.org/show_bug.cgi?id=40138 > You should load this page at 127.0.0.1:8000 so localhost:8000 is considered a different security origin. > This test loads a php script which demands http authentication, then uses it to redirect to another script in a different origin that shows what authentication headers were sent with the final request. >Index: LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin-expected.txt (working copy) >@@ -1,4 +1,4 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > https://bugs.webkit.org/show_bug.cgi?id=66354 > You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin. > This test loads a php script which demands http authentication, then uses it to redirect to another script in the same origin that shows what authentication headers were sent with the final request. >Index: LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials-expected.txt (working copy) >@@ -1,4 +1,4 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > https://bugs.webkit.org/show_bug.cgi?id=66354 > You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin. > This test loads a php script which demands http authentication, then uses it to redirect to another script in the same origin that shows what authentication headers were sent with the final request. >Index: LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url-expected.txt (working copy) >@@ -1,4 +1,4 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > https://bugs.webkit.org/show_bug.cgi?id=105190 > You should load this page at 127.0.0.1:8000 because the test relies on redirects within the 127.0.0.1:8000 security origin. > This test loads a php script which demands http authentication, then uses it to redirect via 301 to another script in the same origin that shows what authentication headers were sent with the final request. It verifies that the credentials are not placed in the final URL. >Index: LayoutTests/platform/wk2/http/tests/security/basic-auth-subresource-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/basic-auth-subresource-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/basic-auth-subresource-expected.txt (working copy) >@@ -1,8 +1,8 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource1/protected-image.php from asking for credentials because it is a cross-origin request. > CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource1/protected-image.php from asking for credentials because it is a cross-origin request. > CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request. >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request. > CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request. > CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.php from asking for credentials because it is a cross-origin request. >Index: LayoutTests/platform/wk2/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/credentials-iframes-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (working copy) >@@ -1,4 +1,4 @@ > ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password. >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled > >Index: LayoutTests/platform/wk2/http/tests/security/401-logout/401-logout-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/401-logout/401-logout-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/401-logout/401-logout-expected.txt (working copy) >@@ -1,3 +1,3 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with username:password >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with username:password >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > PASS >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (working copy) >@@ -1,6 +1,6 @@ > CONSOLE MESSAGE: line 33: The page at https://127.0.0.1:8443/security/mixedContent/insecure-basic-auth-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://localhost:8000/security/mixedContent/resources/subresource2/protected-image.php. > >-localhost:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+localhost:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > Tests that we do not ask for credentials when loading an insecure image that requires basic authentication. > > On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials-expected.txt (working copy) >@@ -1,6 +1,6 @@ > CONSOLE MESSAGE: line 18: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-redirects-to-basic-auth-secure-image.html?allowCrossOriginSubresourcesToAskForCredentials=1 was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.php. > >-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > This test opens a new window to a secure page that loads an insecure image that redirects to a secure image guarded by basic authentication. The image should load. > > PASS did load image. >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https-expected.txt (working copy) >@@ -1,2 +1,2 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > Authenticated with username testUser. >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https-expected.txt (working copy) >@@ -1,2 +1,2 @@ >-127.0.0.1:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+127.0.0.1:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > Authenticated with username testUser. >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (working copy) >@@ -1,6 +1,6 @@ > CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.php. > >-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > This test loads a secure image that redirects to an insecure image that redirects to a secure image guarded by basic authentication. The image should load. > > On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (working copy) >@@ -1,6 +1,6 @@ > CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-allowCrossOriginSubresourcesToAskForCredentials.https.html was allowed to display insecure content from http://localhost:8080/security/mixedContent/resources/subresource/protected-image.php. > >-localhost:8080 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+localhost:8080 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > This test loads a secure image that redirects to an secure image that redirects to an insecure image guarded by basic authentication. The image should load. > > On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >Index: LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image-allowCrossOriginSubresourcesToAskForCredentials.https-expected.txt (working copy) >@@ -1,4 +1,4 @@ >-localhost:8443 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword >+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword > This test loads a secure image that redirects to a secure image that redirects to a secure image guarded by basic authentication. The secure image should load. > > On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >Index: LayoutTests/platform/wk2/http/tests/xmlhttprequest/failed-auth-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/xmlhttprequest/failed-auth-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/xmlhttprequest/failed-auth-expected.txt (working copy) >@@ -1,5 +1,5 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > Test for bug 13075: XMLHttpRequest with failed authentication should set status to 401. > > Sync, no credentials: OK >Index: LayoutTests/platform/wk2/http/tests/xmlhttprequest/remember-bad-password-expected.txt >=================================================================== >--- LayoutTests/platform/wk2/http/tests/xmlhttprequest/remember-bad-password-expected.txt (revision 234900) >+++ LayoutTests/platform/wk2/http/tests/xmlhttprequest/remember-bad-password-expected.txt (working copy) >@@ -1,5 +1,5 @@ >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >-127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet >+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet > rdar://problem/7062824 A wrong password entered for site or proxy auth remains in WebCore credential storage, and is sent with subsequent requests. > > This test counts the number of failed requests server side.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=347238">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186870
:
343201
|
346858
|
347110
|
347114
|
347120
|
347128
|
347209
|
347213
|
347217
|
347221
|
347222
|
347230
|
347231
|
347235
|
347237
| 347238