WebKit Bugzilla
Attachment 349053 Details for
Bug 189057
: [Curl] Stop sending request with credential if no authorization requested.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
PATCH
189057.diff (text/plain), 6.56 KB, created by
Basuke Suzuki
on 2018-09-06 12:30:40 PDT
(
hide
)
Description:
PATCH
Filename:
MIME Type:
Creator:
Basuke Suzuki
Created:
2018-09-06 12:30:40 PDT
Size:
6.56 KB
patch
obsolete
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 9972e44066a..b8d97e93448 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,14 @@ >+2018-09-06 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Stop sending request with credential if no authorization requested. >+ https://bugs.webkit.org/show_bug.cgi?id=189057 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/xmlhttprequest/resources/no-authenticate-header-401.php: Added. >+ * http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt: Added. >+ * http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html: Added. >+ > 2018-08-31 Chris Dumez <cdumez@apple.com> > > [ WK2 ] http/tests/workers/service/client-*-page-cache.html LayoutTests are flaky >diff --git a/LayoutTests/http/tests/xmlhttprequest/resources/no-authenticate-header-401.php b/LayoutTests/http/tests/xmlhttprequest/resources/no-authenticate-header-401.php >new file mode 100644 >index 00000000000..8bcf1a776bc >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/resources/no-authenticate-header-401.php >@@ -0,0 +1,3 @@ >+<?php >+ >+header('HTTP/1.1 401 UNAUTHORIZED'); >diff --git a/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt >new file mode 100644 >index 00000000000..832ae7dcfe9 >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt >@@ -0,0 +1,10 @@ >+This tests that the request doesn't sends another request for 401 response without www-authenticate header. If it does, the request never stops by repeated request sending. Test passes if the request returns without crash or timeout. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS xhr.status is 401 >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html >new file mode 100644 >index 00000000000..2729a4a87af >--- /dev/null >+++ b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html >@@ -0,0 +1,26 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/js-test-resources/js-test-pre.js"></script> >+ <script> >+ description("This tests that the request doesn't sends another request for 401 response without www-authenticate header. If it does, the request never stops by repeated request sending. Test passes if the request returns without crash or timeout."); >+ window.jsTestIsAsync = true; >+ >+ const xhr = new XMLHttpRequest(); >+ xhr.onload = xhr.onerror = function() { >+ shouldBe("xhr.status", "401"); >+ finishJSTest(); >+ } >+ >+ xhr.open('GET', 'resources/no-authenticate-header-401.php'); >+ xhr.send(null); >+ </script> >+ <script src="/js-test-resources/js-test-post.js"></script> >+</head> >+ >+<body> >+ <div id="description"></div> >+ <div id="console"></div> >+</body> >+ >+</html> >\ No newline at end of file >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 74c70b57cbc..810b51fff8d 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,17 @@ >+2018-09-06 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Stop sending request with credential if no authorization requested. >+ https://bugs.webkit.org/show_bug.cgi?id=189057 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ When 401 response returns without 'www-authenticate' header, suppress another request with credential. >+ >+ Test: http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html >+ >+ * platform/network/curl/CurlResourceHandleDelegate.cpp: >+ (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): >+ > 2018-08-31 Chris Dumez <cdumez@apple.com> > > [ WK2 ] http/tests/workers/service/client-*-page-cache.html LayoutTests are flaky >diff --git a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >index 6a06f19d287..cf8e99facfd 100644 >--- a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >+++ b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >@@ -119,7 +119,7 @@ void CurlResourceHandleDelegate::curlDidReceiveResponse(CurlRequest& request, co > return; > } > >- if (m_response.isUnauthorized()) { >+ if (m_response.isUnauthorized() && receivedResponse.availableHttpAuth) { > AuthenticationChallenge challenge(receivedResponse, d()->m_authFailureCount, m_response, &m_handle); > m_handle.didReceiveAuthenticationChallenge(challenge); > d()->m_authFailureCount++; >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index fc03a5651c2..a0f026b0a2e 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,16 @@ >+2018-09-06 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Stop sending request with credential if no authorization requested. >+ https://bugs.webkit.org/show_bug.cgi?id=189057 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ When 401 response returns without 'www-authenticate' header, suppress another request with credential. >+ Same fix for proxy authentication. >+ >+ * NetworkProcess/curl/NetworkDataTaskCurl.cpp: >+ (WebKit::NetworkDataTaskCurl::curlDidReceiveResponse): >+ > 2018-08-31 John Wilander <wilander@apple.com> > > Storage Access API: Maintain access through same-site navigations >diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >index a9035695bb8..f7d49c282b1 100644 >--- a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >+++ b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >@@ -161,13 +161,13 @@ void NetworkDataTaskCurl::curlDidReceiveResponse(CurlRequest& request, const Cur > return; > } > >- if (m_response.isUnauthorized()) { >+ if (m_response.isUnauthorized() && receivedResponse.availableHttpAuth) { > tryHttpAuthentication(AuthenticationChallenge(receivedResponse, m_authFailureCount, m_response)); > m_authFailureCount++; > return; > } > >- if (m_response.isProxyAuthenticationRequired()) { >+ if (m_response.isProxyAuthenticationRequired() && receivedResponse.availableProxyAuth) { > tryProxyAuthentication(AuthenticationChallenge(receivedResponse, 0, m_response)); > return; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189057
:
348350
|
349053
|
349204