Attachment 348842 Details for Bug 184910 – Patch

[patch] Patch

bug-184910-20180904220043.patch (text/plain), 6.73 KB, created by Rob Buis on 2018-09-04 13:00:44 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Rob Buis

Created: 2018-09-04 13:00:44 PDT

Size: 6.73 KB

patch

obsolete

>Subversion Revision: 235357
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 11cb33ea1abf219350f43901ec46d1b277da7169..9abb44bd451ae1cd6341554d234607117f565be4 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,23 @@
>+2018-09-02  Rob Buis  <rbuis@igalia.com>
>+
>+        Adjust XMLHttpRequest username/password precedence rules
>+        https://bugs.webkit.org/show_bug.cgi?id=184910
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
>+        specify that non null user or non null password ought
>+        to be set on the URL, so implement this.
>+
>+        Behavior matches Firefox and Chrome.
>+
>+        [1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open
>+
>+        Test: xhr/send-authentication-competing-names-passwords.htm
>+
>+        * xml/XMLHttpRequest.cpp:
>+        (WebCore::XMLHttpRequest::open):
>+
> 2018-08-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
> 
>         Shrink size of HTMLCollection
>diff --git a/Source/WebCore/xml/XMLHttpRequest.cpp b/Source/WebCore/xml/XMLHttpRequest.cpp
>index 6e72c1638ced9e540917c09dac597f544fe84a68..76982cfdbe7a450c9fed979379701bb13fc78e32 100644
>--- a/Source/WebCore/xml/XMLHttpRequest.cpp
>+++ b/Source/WebCore/xml/XMLHttpRequest.cpp
>@@ -389,11 +389,10 @@ ExceptionOr<void> XMLHttpRequest::open(const String& method, const URL& url, boo
> ExceptionOr<void> XMLHttpRequest::open(const String& method, const String& url, bool async, const String& user, const String& password)
> {
>     URL urlWithCredentials = scriptExecutionContext()->completeURL(url);
>-    if (!user.isNull()) {
>+    if (!user.isNull())
>         urlWithCredentials.setUser(user);
>-        if (!password.isNull())
>-            urlWithCredentials.setPass(password);
>-    }
>+    if (!password.isNull())
>+        urlWithCredentials.setPass(password);
> 
>     return open(method, urlWithCredentials, async);
> }
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index 1282d3bcbafca2264b21c52b03684c1db1ab7b41..82fc58e6f6d4a35030da00481f10cb4d67cd808a 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,15 @@
>+2018-09-02  Rob Buis  <rbuis@igalia.com>
>+
>+        Adjust XMLHttpRequest username/password precedence rules
>+        https://bugs.webkit.org/show_bug.cgi?id=184910
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Adjust test because now we do set password on the url in
>+        open(), even if the username is null.
>+
>+        * http/tests/xmlhttprequest/basic-auth.html:
>+
> 2018-08-27  Youenn Fablet  <youenn@apple.com>
> 
>         Update WPT XHR tests to 87329a1
>diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog
>index f560fa41f9caecec64ad9082413276a4c016c07c..4ae744ae641d925d3e20c80c2fdf3e7364131a22 100644
>--- a/LayoutTests/imported/w3c/ChangeLog
>+++ b/LayoutTests/imported/w3c/ChangeLog
>@@ -1,3 +1,14 @@
>+2018-09-02  Rob Buis  <rbuis@igalia.com>
>+
>+        Adjust XMLHttpRequest username/password precedence rules
>+        https://bugs.webkit.org/show_bug.cgi?id=184910
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Update test result.
>+
>+        * web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:
>+
> 2018-08-27  Youenn Fablet  <youenn@apple.com>
> 
>         Update WPT XHR tests to 87329a1
>diff --git a/LayoutTests/http/tests/xmlhttprequest/basic-auth.html b/LayoutTests/http/tests/xmlhttprequest/basic-auth.html
>index 62037ca66e6253adc35028a952e07c4c35c33e65..d9799f6c3933afe777f5b9d7afc7d4d5cf6a3a16 100644
>--- a/LayoutTests/http/tests/xmlhttprequest/basic-auth.html
>+++ b/LayoutTests/http/tests/xmlhttprequest/basic-auth.html
>@@ -49,7 +49,7 @@
>     req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync6").replace("http://", "http://sync6:123@"), false, undefined);
>     sendAndLogResponse("sync6", req);
> 
>-    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:123@"), false, undefined, "incorrect");
>+    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:incorrect@"), false, undefined, "123");
>     sendAndLogResponse("sync7", req);
> 
>     // async
>@@ -97,7 +97,7 @@
>             asyncStep = 7;
>             log('async6: ' + req.responseText);
>             req.onreadystatechange = processStateChange;
>-            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:123@"), true, undefined, "incorrect");
>+            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:incorrect@"), true, undefined, "123");
>             req.send("");
>           } else if (asyncStep == 7) {
>             log('async7: ' + req.responseText);
>diff --git a/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt
>index c503dd5fee4df0fcdaa42b279af9e26082908c1f..07463e2756011acc4fc96ceebdb1c6b412bfdba7 100644
>--- a/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt
>+++ b/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt
>@@ -5,11 +5,11 @@ PASS XMLHttpRequest user/pass options: another user/pass in open(); must overrid
> PASS XMLHttpRequest user/pass options: pass in URL, user in open() 
> PASS XMLHttpRequest user/pass options: pass in URL, user/pass in open() 
> PASS XMLHttpRequest user/pass options: user in URL 
>-FAIL XMLHttpRequest user/pass options: user in URL, pass in open() assert_equals: responseText should contain the right user and password expected "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n8ae16e77-30e0-4758-8c85-ddbac8ff9923" but got "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n"
>+PASS XMLHttpRequest user/pass options: user in URL, pass in open() 
> PASS XMLHttpRequest user/pass options: user/pass in URL 
> PASS XMLHttpRequest user/pass options: user in URL and open() 
> PASS XMLHttpRequest user/pass options: user in URL; user/pass in open() 
> PASS XMLHttpRequest user/pass options: user/pass in URL; user in open() 
>-FAIL XMLHttpRequest user/pass options: user/pass in URL; pass in open() assert_equals: responseText should contain the right user and password expected "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbce2a8d7-ce76-48be-8c8f-ff29647b78ff" but got "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbcf673a4-b893-48cd-95ec-3bd4c0d72a84"
>+PASS XMLHttpRequest user/pass options: user/pass in URL; pass in open() 
> PASS XMLHttpRequest user/pass options: user/pass in URL and open() 
>

Actions: View | Formatted Diff | Diff

Attachments on bug 184910: 348730 | 348731 | 348732 | 348735 | 348736 | 348737 | 348739 | 348742 | 348744 | 348747 | 348748 | 348842