diff options
author | Steve Block <steveblock@google.com> | 2009-11-05 09:23:40 +0000 |
---|---|---|
committer | Steve Block <steveblock@google.com> | 2009-11-10 22:41:12 +0000 |
commit | cac0f67c402d107cdb10971b95719e2ff9c7c76b (patch) | |
tree | d182c7f87211c6f201a5f038e332336493ebdbe7 /WebCore/platform/network/mac/ResourceHandleMac.mm | |
parent | 4b2ef0f288e7c6c4602f621b7a0e9feed304b70e (diff) | |
download | external_webkit-cac0f67c402d107cdb10971b95719e2ff9c7c76b.zip external_webkit-cac0f67c402d107cdb10971b95719e2ff9c7c76b.tar.gz external_webkit-cac0f67c402d107cdb10971b95719e2ff9c7c76b.tar.bz2 |
Merge webkit.org at r50258 : Initial merge by git.
Change-Id: I1a9e1dc4ed654b69174ad52a4f031a07240f37b0
Diffstat (limited to 'WebCore/platform/network/mac/ResourceHandleMac.mm')
-rw-r--r-- | WebCore/platform/network/mac/ResourceHandleMac.mm | 45 |
1 files changed, 32 insertions, 13 deletions
diff --git a/WebCore/platform/network/mac/ResourceHandleMac.mm b/WebCore/platform/network/mac/ResourceHandleMac.mm index ec60079..3630b30 100644 --- a/WebCore/platform/network/mac/ResourceHandleMac.mm +++ b/WebCore/platform/network/mac/ResourceHandleMac.mm @@ -119,6 +119,7 @@ public: } }; +#ifndef BUILDING_ON_TIGER static String encodeBasicAuthorization(const String& user, const String& password) { CString unencodedString = (user + ":" + password).utf8(); @@ -128,6 +129,7 @@ static String encodeBasicAuthorization(const String& user, const String& passwor base64Encode(unencoded, encoded); return String(encoded.data(), encoded.size()); } +#endif ResourceHandleInternal::~ResourceHandleInternal() { @@ -175,23 +177,38 @@ bool ResourceHandle::start(Frame* frame) } else delegate = ResourceHandle::delegate(); - if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !d->m_request.url().protocolInHTTPFamily()) { + if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) +#ifndef BUILDING_ON_TIGER + && !d->m_request.url().protocolInHTTPFamily() // On Tiger, always pass credentials in URL, so that they get stored even if the request gets cancelled right away. +#endif + ) { // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made. KURL urlWithCredentials(d->m_request.url()); urlWithCredentials.setUser(d->m_user); urlWithCredentials.setPass(d->m_pass); d->m_request.setURL(urlWithCredentials); } - - // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, - // try and reuse the credential preemptively, as allowed by RFC 2617. - if (!client() || client()->shouldUseCredentialStorage(this) && d->m_request.url().protocolInHTTPFamily()) - d->m_initialCredential = CredentialStorage::getDefaultAuthenticationCredential(d->m_request.url()); + +#ifndef BUILDING_ON_TIGER + if ((!client() || client()->shouldUseCredentialStorage(this)) && d->m_request.url().protocolInHTTPFamily()) { + if (d->m_user.isEmpty() && d->m_pass.isEmpty()) { + // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, + // try and reuse the credential preemptively, as allowed by RFC 2617. + d->m_initialCredential = CredentialStorage::get(d->m_request.url()); + } else { + // If there is already a protection space known for the URL, update stored credentials before sending a request. + // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately + // (so that an authentication dialog doesn't pop up). + CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), d->m_request.url()); + } + } if (!d->m_initialCredential.isEmpty()) { + // FIXME: Support Digest authentication, and Proxy-Authorization. String authHeader = "Basic " + encodeBasicAuthorization(d->m_initialCredential.user(), d->m_initialCredential.password()); d->m_request.addHTTPHeaderField("Authorization", authHeader); } +#endif if (!ResourceHandle::didSendBodyDataDelegateExists()) associateStreamWithResourceHandle([d->m_request.nsURLRequest() HTTPBodyStream], this); @@ -471,7 +488,7 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall if (!d->m_user.isNull() && !d->m_pass.isNull()) { NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user password:d->m_pass - persistence:NSURLCredentialPersistenceNone]; + persistence:NSURLCredentialPersistenceForSession]; d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge(); d->m_currentWebChallenge = challenge; receivedCredential(challenge, core(credential)); @@ -482,6 +499,7 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall return; } +#ifndef BUILDING_ON_TIGER if (!challenge.previousFailureCount() && (!client() || client()->shouldUseCredentialStorage(this))) { Credential credential = CredentialStorage::get(challenge.protectionSpace()); if (!credential.isEmpty() && credential != d->m_initialCredential) { @@ -490,6 +508,7 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall return; } } +#endif d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge(); NSURLAuthenticationChallenge *webChallenge = [[NSURLAuthenticationChallenge alloc] initWithAuthenticationChallenge:d->m_currentMacChallenge @@ -521,11 +540,6 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge if (credential.persistence() == CredentialPersistenceNone) { // NSURLCredentialPersistenceNone doesn't work on Tiger, so we have to use session persistence. Credential webCredential(credential.user(), credential.password(), CredentialPersistenceForSession); - KURL urlToStore; - if (challenge.failureResponse().httpStatusCode() == 401) - urlToStore = d->m_request.url(); - CredentialStorage::set(webCredential, core([d->m_currentMacChallenge protectionSpace]), urlToStore); - [[d->m_currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:d->m_currentMacChallenge]; } else #else @@ -620,6 +634,11 @@ void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challen CallbackGuard guard; ResourceRequest request = newRequest; + + // Should not set Referer after a redirect from a secure resource to non-secure one. + if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https")) + request.clearHTTPReferrer(); + m_handle->willSendRequest(request, redirectResponse); if (!ResourceHandle::didSendBodyDataDelegateExists()) { @@ -1055,7 +1074,7 @@ void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challen // try and reuse the credential preemptively, as allowed by RFC 2617. ResourceRequest requestWithInitialCredentials = request; if (allowStoredCredentials && url.protocolInHTTPFamily()) - delegate->m_initialCredential = CredentialStorage::getDefaultAuthenticationCredential(url); + delegate->m_initialCredential = CredentialStorage::get(url); if (!delegate->m_initialCredential.isEmpty()) { String authHeader = "Basic " + encodeBasicAuthorization(delegate->m_initialCredential.user(), delegate->m_initialCredential.password()); |