Merge "Fixes XHR requests to use the username and password supplied from JavaScript"

2 files changed, 15 insertions, 3 deletions

diff --git a/WebCore/platform/network/android/ResourceHandleAndroid.cpp b/WebCore/platform/network/android/ResourceHandleAndroid.cpp
index 6759852..aadf43b 100644
--- a/WebCore/platform/network/android/ResourceHandleAndroid.cpp
+++ b/WebCore/platform/network/android/ResourceHandleAndroid.cpp
@@ -158,7 +158,11 @@ void ResourceHandle::loadResourceSynchronously(const ResourceRequest& request,
     SyncLoader s(error, response, data);
     ResourceHandle h(request, &s, false, false, false);
     // This blocks until the load is finished.
-    ResourceLoaderAndroid::start(&h, request, frame->loader()->client(), false, true);
+    // Use the request owned by the ResourceHandle. This has had the username
+    // and password (if present) stripped from the URL in
+    // ResourceHandleInternal::ResourceHandleInternal(). This matches the
+    // behaviour in the asynchronous case.
+    ResourceLoaderAndroid::start(&h, h.getInternal()->m_request, frame->loader()->client(), false, true);
 }
 
 } // namespace WebCore
diff --git a/WebKit/android/jni/WebCoreFrameBridge.cpp b/WebKit/android/jni/WebCoreFrameBridge.cpp
index ff7e868..250ffc9 100644
--- a/WebKit/android/jni/WebCoreFrameBridge.cpp
+++ b/WebKit/android/jni/WebCoreFrameBridge.cpp
@@ -68,6 +68,7 @@
 #include "RenderTreeAsText.h"
 #include "RenderView.h"
 #include "ResourceHandle.h"
+#include "ResourceHandleInternal.h"
 #include "ScriptController.h"
 #include "ScriptValue.h"
 #include "SecurityOrigin.h"
@@ -209,7 +210,7 @@ WebFrame::WebFrame(JNIEnv* env, jobject obj, jobject historyList, WebCore::Page*
     mJavaFrame->mObj = env->NewWeakGlobalRef(obj);
     mJavaFrame->mHistoryList = env->NewWeakGlobalRef(historyList);
     mJavaFrame->mStartLoadingResource = env->GetMethodID(clazz, "startLoadingResource",
-            "(ILjava/lang/String;Ljava/lang/String;Ljava/util/HashMap;[BJIZZZ)Landroid/webkit/LoadListener;");
+            "(ILjava/lang/String;Ljava/lang/String;Ljava/util/HashMap;[BJIZZZLjava/lang/String;Ljava/lang/String;)Landroid/webkit/LoadListener;");
     mJavaFrame->mLoadStarted = env->GetMethodID(clazz, "loadStarted",
             "(Ljava/lang/String;Landroid/graphics/Bitmap;IZ)V");
     mJavaFrame->mTransitionToCommitted = env->GetMethodID(clazz, "transitionToCommitted",
@@ -475,18 +476,25 @@ WebFrame::startLoadingResource(WebCore::ResourceHandle* loader,
 
     LOGV("::WebCore:: startLoadingResource %s with cacheMode %d", urlStr.ascii().data(), cacheMode);
 
+    ResourceHandleInternal* loaderInternal = loader->getInternal();
+    jstring jUsernameString = loaderInternal->m_user.isEmpty() ?
+            NULL : env->NewString(loaderInternal->m_user.characters(), loaderInternal->m_user.length());
+    jstring jPasswordString = loaderInternal->m_pass.isEmpty() ?
+            NULL : env->NewString(loaderInternal->m_pass.characters(), loaderInternal->m_pass.length());
 
     jobject jLoadListener =
         env->CallObjectMethod(obj.get(), mJavaFrame->mStartLoadingResource,
                 (int)loader, jUrlStr, jMethodStr, jHeaderMap,
                 jPostDataStr, formdata ? formdata->identifier(): 0,
                 cacheMode, mainResource, request.getUserGesture(),
-                synchronous);
+                synchronous, jUsernameString, jPasswordString);
 
     env->DeleteLocalRef(jUrlStr);
     env->DeleteLocalRef(jMethodStr);
     env->DeleteLocalRef(jPostDataStr);
     env->DeleteLocalRef(jHeaderMap);
+    env->DeleteLocalRef(jUsernameString);
+    env->DeleteLocalRef(jPasswordString);
     if (checkException(env))
         return NULL;