Attachment 349053 Details for Bug 189057 – PATCH

[patch] PATCH

189057.diff (text/plain), 6.56 KB, created by Basuke Suzuki on 2018-09-06 12:30:40 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Basuke Suzuki

Created: 2018-09-06 12:30:40 PDT

Size: 6.56 KB

patch

obsolete

>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index 9972e44066a..b8d97e93448 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,14 @@
>+2018-09-06  Basuke Suzuki  <Basuke.Suzuki@sony.com>
>+
>+        [Curl] Stop sending request with credential if no authorization requested.
>+        https://bugs.webkit.org/show_bug.cgi?id=189057
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        * http/tests/xmlhttprequest/resources/no-authenticate-header-401.php: Added.
>+        * http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt: Added.
>+        * http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html: Added.
>+
> 2018-08-31  Chris Dumez  <cdumez@apple.com>
> 
>         [ WK2 ] http/tests/workers/service/client-*-page-cache.html LayoutTests are flaky
>diff --git a/LayoutTests/http/tests/xmlhttprequest/resources/no-authenticate-header-401.php b/LayoutTests/http/tests/xmlhttprequest/resources/no-authenticate-header-401.php
>new file mode 100644
>index 00000000000..8bcf1a776bc
>--- /dev/null
>+++ b/LayoutTests/http/tests/xmlhttprequest/resources/no-authenticate-header-401.php
>@@ -0,0 +1,3 @@
>+<?php
>+
>+header('HTTP/1.1 401 UNAUTHORIZED');
>diff --git a/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt
>new file mode 100644
>index 00000000000..832ae7dcfe9
>--- /dev/null
>+++ b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header-expected.txt
>@@ -0,0 +1,10 @@
>+This tests that the request doesn't sends another request for 401 response without www-authenticate header. If it does, the request never stops by repeated request sending. Test passes if the request returns without crash or timeout.
>+
>+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
>+
>+
>+PASS xhr.status is 401
>+PASS successfullyParsed is true
>+
>+TEST COMPLETE
>+
>diff --git a/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html
>new file mode 100644
>index 00000000000..2729a4a87af
>--- /dev/null
>+++ b/LayoutTests/http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html
>@@ -0,0 +1,26 @@
>+<!DOCTYPE html>
>+<html>
>+<head>
>+    <script src="/js-test-resources/js-test-pre.js"></script>
>+    <script>
>+        description("This tests that the request doesn't sends another request for 401 response without www-authenticate header. If it does, the request never stops by repeated request sending. Test passes if the request returns without crash or timeout.");
>+        window.jsTestIsAsync = true;
>+
>+        const xhr = new XMLHttpRequest();
>+        xhr.onload = xhr.onerror = function() {
>+            shouldBe("xhr.status", "401");
>+            finishJSTest();
>+        }
>+
>+        xhr.open('GET', 'resources/no-authenticate-header-401.php');
>+        xhr.send(null);
>+    </script>
>+    <script src="/js-test-resources/js-test-post.js"></script>
>+</head>
>+
>+<body>
>+    <div id="description"></div>
>+    <div id="console"></div>
>+</body>
>+
>+</html>
>\ No newline at end of file
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 74c70b57cbc..810b51fff8d 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,17 @@
>+2018-09-06  Basuke Suzuki  <Basuke.Suzuki@sony.com>
>+
>+        [Curl] Stop sending request with credential if no authorization requested.
>+        https://bugs.webkit.org/show_bug.cgi?id=189057
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        When 401 response returns without 'www-authenticate' header, suppress another request with credential.
>+
>+        Test: http/tests/xmlhttprequest/unauthorized-without-authenticate-header.html
>+
>+        * platform/network/curl/CurlResourceHandleDelegate.cpp:
>+        (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse):
>+
> 2018-08-31  Chris Dumez  <cdumez@apple.com>
> 
>         [ WK2 ] http/tests/workers/service/client-*-page-cache.html LayoutTests are flaky
>diff --git a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp
>index 6a06f19d287..cf8e99facfd 100644
>--- a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp
>@@ -119,7 +119,7 @@ void CurlResourceHandleDelegate::curlDidReceiveResponse(CurlRequest& request, co
>         return;
>     }
> 
>-    if (m_response.isUnauthorized()) {
>+    if (m_response.isUnauthorized() && receivedResponse.availableHttpAuth) {
>         AuthenticationChallenge challenge(receivedResponse, d()->m_authFailureCount, m_response, &m_handle);
>         m_handle.didReceiveAuthenticationChallenge(challenge);
>         d()->m_authFailureCount++;
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index fc03a5651c2..a0f026b0a2e 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,16 @@
>+2018-09-06  Basuke Suzuki  <Basuke.Suzuki@sony.com>
>+
>+        [Curl] Stop sending request with credential if no authorization requested.
>+        https://bugs.webkit.org/show_bug.cgi?id=189057
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        When 401 response returns without 'www-authenticate' header, suppress another request with credential.
>+        Same fix for proxy authentication.
>+
>+        * NetworkProcess/curl/NetworkDataTaskCurl.cpp:
>+        (WebKit::NetworkDataTaskCurl::curlDidReceiveResponse):
>+
> 2018-08-31  John Wilander  <wilander@apple.com>
> 
>         Storage Access API: Maintain access through same-site navigations
>diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
>index a9035695bb8..f7d49c282b1 100644
>--- a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
>+++ b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
>@@ -161,13 +161,13 @@ void NetworkDataTaskCurl::curlDidReceiveResponse(CurlRequest& request, const Cur
>         return;
>     }
> 
>-    if (m_response.isUnauthorized()) {
>+    if (m_response.isUnauthorized() && receivedResponse.availableHttpAuth) {
>         tryHttpAuthentication(AuthenticationChallenge(receivedResponse, m_authFailureCount, m_response));
>         m_authFailureCount++;
>         return;
>     }
> 
>-    if (m_response.isProxyAuthenticationRequired()) {
>+    if (m_response.isProxyAuthenticationRequired() && receivedResponse.availableProxyAuth) {
>         tryProxyAuthentication(AuthenticationChallenge(receivedResponse, 0, m_response));
>         return;
>     }

Actions: View | Formatted Diff | Diff

Attachments on bug 189057: 348350 | 349053 | 349204