WebKit Bugzilla
Attachment 348350 Details for
Bug 189057
: [Curl] Stop sending request with credential if no authorization requested.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
PATCH
189057.diff (text/plain), 5.30 KB, created by
Basuke Suzuki
on 2018-08-28 15:14:44 PDT
(
hide
)
Description:
PATCH
Filename:
MIME Type:
Creator:
Basuke Suzuki
Created:
2018-08-28 15:14:44 PDT
Size:
5.30 KB
patch
obsolete
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 177983f494d..2bfee94c860 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,13 @@ >+2018-08-28 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Stop sending request with credential if no authorization requested. >+ https://bugs.webkit.org/show_bug.cgi?id=189057 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt: Added. >+ * http/tests/xmlhttprequest/unauthorized-without-authenticate-header.php: Added. >+ > 2018-08-24 Youenn Fablet <youenn@apple.com> > > libwebrtc PeerConnection::AddTrack sometimes fail >diff --git a/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt >new file mode 100644 >index 00000000000..cca2210fffd >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt >@@ -0,0 +1 @@ >+result: PASS >diff --git a/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.php b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.php >new file mode 100644 >index 00000000000..fef148c0a4b >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.php >@@ -0,0 +1,25 @@ >+<?php >+ >+/* >+ * Test passes if the request returns without crash or timeout. >+ */ >+ >+if (isset($_GET['auth'])) { >+ header('HTTP/1.1 401 UNAUTHORIZED'); >+ exit(0); >+} >+ >+?> >+<body> >+ <div id=result>result: </div> >+ >+ <script> >+ if (window.testRunner) >+ testRunner.dumpAsText(); >+ >+ req = new XMLHttpRequest; >+ req.open("GET", "<?php echo basename(__FILE__) . '?auth=1'; ?>", false); >+ req.send(null); >+ document.getElementById("result").firstChild.data += "PASS"; >+ </script> >+</body> >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index d10643d9539..b84175b02fe 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,17 @@ >+2018-08-28 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Stop sending request with credential if no authorization requested. >+ https://bugs.webkit.org/show_bug.cgi?id=189057 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ When 401 response returns without 'www-authenticate' header, suppress another request with credential. >+ >+ Test: http/tests/xmlhttprequest/unauthorized-without-authenticate-header.php >+ >+ * platform/network/curl/CurlResourceHandleDelegate.cpp: >+ (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): >+ > 2018-08-24 Youenn Fablet <youenn@apple.com> > > libwebrtc PeerConnection::AddTrack sometimes fail >diff --git a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >index 6a06f19d287..cf8e99facfd 100644 >--- a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >+++ b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >@@ -119,7 +119,7 @@ void CurlResourceHandleDelegate::curlDidReceiveResponse(CurlRequest& request, co > return; > } > >- if (m_response.isUnauthorized()) { >+ if (m_response.isUnauthorized() && receivedResponse.availableHttpAuth) { > AuthenticationChallenge challenge(receivedResponse, d()->m_authFailureCount, m_response, &m_handle); > m_handle.didReceiveAuthenticationChallenge(challenge); > d()->m_authFailureCount++; >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index f6b8722228a..7fe6e047314 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,16 @@ >+2018-08-28 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Stop sending request with credential if no authorization requested. >+ https://bugs.webkit.org/show_bug.cgi?id=189057 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ When 401 response returns without 'www-authenticate' header, suppress another request with credential. >+ Same fix for proxy authentication. >+ >+ * NetworkProcess/curl/NetworkDataTaskCurl.cpp: >+ (WebKit::NetworkDataTaskCurl::curlDidReceiveResponse): >+ > 2018-08-24 Basuke Suzuki <Basuke.Suzuki@sony.com> > > [Curl] Match the interface used in NetworkDataTask and ResourceHandle. >diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >index 29b528e1c79..d98fc00f151 100644 >--- a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >+++ b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >@@ -163,13 +163,13 @@ void NetworkDataTaskCurl::curlDidReceiveResponse(CurlRequest& request, const Cur > return; > } > >- if (m_response.isUnauthorized()) { >+ if (m_response.isUnauthorized() && receivedResponse.availableHttpAuth) { > tryHttpAuthentication(AuthenticationChallenge(receivedResponse, m_authFailureCount, m_response)); > m_authFailureCount++; > return; > } > >- if (m_response.isProxyAuthenticationRequired()) { >+ if (m_response.isProxyAuthenticationRequired() && receivedResponse.availableProxyAuth) { > tryProxyAuthentication(AuthenticationChallenge(receivedResponse, 0, m_response)); > return; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348350">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
achristensen
:
review-
achristensen
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189057
:
348350
|
349053
|
349204