WebKit Bugzilla
Attachment 348730 Details for
Bug 184910
: Adjust XMLHttpRequest username/password precedence rules
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-184910-20180902171303.patch (text/plain), 7.96 KB, created by
Rob Buis
on 2018-09-02 08:13:04 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Rob Buis
Created:
2018-09-02 08:13:04 PDT
Size:
7.96 KB
patch
obsolete
>Subversion Revision: 235357 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 11cb33ea1abf219350f43901ec46d1b277da7169..dcb5af6e65595ca5fc457cc5b1ac6ab8adf0dd97 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,23 @@ >+2018-09-02 Rob Buis <rbuis@igalia.com> >+ >+ Adjust XMLHttpRequest username/password precedence rules >+ https://bugs.webkit.org/show_bug.cgi?id=184910 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Step 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm >+ specify that non null user or non null password ought >+ to be set on the URL, so implement this. >+ >+ Behavior matches Firefox and Chrome. >+ >+ [1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open [1] >+ >+ Test: xhr/send-authentication-competing-names-passwords.htm >+ >+ * xml/XMLHttpRequest.cpp: >+ (WebCore::XMLHttpRequest::open): >+ > 2018-08-25 Yusuke Suzuki <yusukesuzuki@slowstart.org> > > Shrink size of HTMLCollection >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 5243277f4dc09d92b8d72a299a3dce2c9fb2a07d..347c64250efa56b1aa705d9d21a203771c967db6 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,15 @@ >+2018-09-02 Rob Buis <rbuis@igalia.com> >+ >+ Adjust XMLHttpRequest username/password precedence rules >+ https://bugs.webkit.org/show_bug.cgi?id=184910 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Set credential when either user or password is not null. >+ >+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: >+ (WebKit::NetworkDataTaskCocoa::tryPasswordBasedAuthentication): >+ > 2018-08-26 Sam Weinig <sam@webkit.org> > > Using _WKRemoteObjectInterface with a protocol that inherits from a non-NSObject protocol crashes >diff --git a/Source/WebCore/xml/XMLHttpRequest.cpp b/Source/WebCore/xml/XMLHttpRequest.cpp >index 6e72c1638ced9e540917c09dac597f544fe84a68..76982cfdbe7a450c9fed979379701bb13fc78e32 100644 >--- a/Source/WebCore/xml/XMLHttpRequest.cpp >+++ b/Source/WebCore/xml/XMLHttpRequest.cpp >@@ -389,11 +389,10 @@ ExceptionOr<void> XMLHttpRequest::open(const String& method, const URL& url, boo > ExceptionOr<void> XMLHttpRequest::open(const String& method, const String& url, bool async, const String& user, const String& password) > { > URL urlWithCredentials = scriptExecutionContext()->completeURL(url); >- if (!user.isNull()) { >+ if (!user.isNull()) > urlWithCredentials.setUser(user); >- if (!password.isNull()) >- urlWithCredentials.setPass(password); >- } >+ if (!password.isNull()) >+ urlWithCredentials.setPass(password); > > return open(method, urlWithCredentials, async); > } >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >index f2cc733593cadc05cf46307e6820f4b920469410..4f1b6f988f961e768f4d0317989525614cf6588e 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >@@ -409,7 +409,7 @@ bool NetworkDataTaskCocoa::tryPasswordBasedAuthentication(const WebCore::Authent > if (!challenge.protectionSpace().isPasswordBased()) > return false; > >- if (!m_user.isNull() && !m_password.isNull()) { >+ if (!m_user.isNull() || !m_password.isNull()) { > auto persistence = m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use ? WebCore::CredentialPersistenceForSession : WebCore::CredentialPersistenceNone; > completionHandler(AuthenticationChallengeDisposition::UseCredential, WebCore::Credential(m_user, m_password, persistence)); > m_user = String(); >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 1282d3bcbafca2264b21c52b03684c1db1ab7b41..81afdbee04c4a66103fd096cdc20249ee69b08ff 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,12 @@ >+2018-09-02 Rob Buis <rbuis@igalia.com> >+ >+ Adjust XMLHttpRequest username/password precedence rules >+ https://bugs.webkit.org/show_bug.cgi?id=184910 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * TestExpectations: >+ > 2018-08-27 Youenn Fablet <youenn@apple.com> > > Update WPT XHR tests to 87329a1 >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index f560fa41f9caecec64ad9082413276a4c016c07c..4ae744ae641d925d3e20c80c2fdf3e7364131a22 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,14 @@ >+2018-09-02 Rob Buis <rbuis@igalia.com> >+ >+ Adjust XMLHttpRequest username/password precedence rules >+ https://bugs.webkit.org/show_bug.cgi?id=184910 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Update test result. >+ >+ * web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt: >+ > 2018-08-27 Youenn Fablet <youenn@apple.com> > > Update WPT XHR tests to 87329a1 >diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations >index 48c4ab1ba8fff72252e21fc77f9e36efebb497cf..72a89e6bc447e7b190b0a28eff44b94bcbd4c5f0 100644 >--- a/LayoutTests/TestExpectations >+++ b/LayoutTests/TestExpectations >@@ -272,7 +272,6 @@ imported/w3c/web-platform-tests/xhr/event-error-order.sub.html [ DumpJSConsoleLo > > imported/w3c/web-platform-tests/xhr/event-error.sub.html [ Failure ] > imported/w3c/web-platform-tests/xhr/send-authentication-basic-setrequestheader-existing-session.htm [ Failure ] >-imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords.htm [ Failure ] > imported/w3c/web-platform-tests/xhr/preserve-ua-header-on-redirect.htm [ Failure ] > imported/w3c/web-platform-tests/xhr/setrequestheader-case-insensitive.htm [ Failure ] > imported/w3c/web-platform-tests/xhr/send-network-error-async-events.sub.htm [ Failure ] >diff --git a/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt >index c503dd5fee4df0fcdaa42b279af9e26082908c1f..6bf28ff84b5fb87fb5128b602385deada7cfdcac 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt >@@ -1,15 +1,15 @@ > >-FAIL XMLHttpRequest user/pass options: user in open() assert_equals: responseText should contain the right user and password expected "b1a2c1c7-4611-4121-8876-320c6d462f58\n" but got "FAIL (did not authorize)" >+PASS XMLHttpRequest user/pass options: user in open() > PASS XMLHttpRequest user/pass options: user/pass in open() > PASS XMLHttpRequest user/pass options: another user/pass in open(); must override cached credentials from previous test > PASS XMLHttpRequest user/pass options: pass in URL, user in open() > PASS XMLHttpRequest user/pass options: pass in URL, user/pass in open() > PASS XMLHttpRequest user/pass options: user in URL >-FAIL XMLHttpRequest user/pass options: user in URL, pass in open() assert_equals: responseText should contain the right user and password expected "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n8ae16e77-30e0-4758-8c85-ddbac8ff9923" but got "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n" >+PASS XMLHttpRequest user/pass options: user in URL, pass in open() > PASS XMLHttpRequest user/pass options: user/pass in URL > PASS XMLHttpRequest user/pass options: user in URL and open() > PASS XMLHttpRequest user/pass options: user in URL; user/pass in open() > PASS XMLHttpRequest user/pass options: user/pass in URL; user in open() >-FAIL XMLHttpRequest user/pass options: user/pass in URL; pass in open() assert_equals: responseText should contain the right user and password expected "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbce2a8d7-ce76-48be-8c8f-ff29647b78ff" but got "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbcf673a4-b893-48cd-95ec-3bd4c0d72a84" >+PASS XMLHttpRequest user/pass options: user/pass in URL; pass in open() > PASS XMLHttpRequest user/pass options: user/pass in URL and open() >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348730">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 184910
:
348730
|
348731
|
348732
|
348735
|
348736
|
348737
|
348739
|
348742
|
348744
|
348747
|
348748
|
348842