diff options
| author | Steve Block <steveblock@google.com> | 2010-03-24 16:24:25 +0000 |
|---|---|---|
| committer | Steve Block <steveblock@google.com> | 2010-03-24 18:22:32 +0000 |
| commit | ea08c513549c1ddd9ba32337cb30973d7b61ca32 (patch) | |
| tree | 9ea3a4e271fae75439ce5d29bed15875fe7d44aa | |
| parent | 4d4923460d6cc10f30a49cb6c8b0cd177b92ebaa (diff) | |
| download | frameworks_base-ea08c513549c1ddd9ba32337cb30973d7b61ca32.zip frameworks_base-ea08c513549c1ddd9ba32337cb30973d7b61ca32.tar.gz frameworks_base-ea08c513549c1ddd9ba32337cb30973d7b61ca32.tar.bz2 | |
Fixes XHR requests to use the username and password supplied from JavaScript
Currently, the browser does not use the credentials supplied from JavaScript.
If a request returns a 401 Unauthorized, the browser always prompts the user.
This violates http://www.w3.org/TR/XMLHttpRequest/#the-send-method
Bug: 2533522
Change-Id: I8e72c1a0be187d193c4ad6b2ca8a624c7ae06fa1
| -rw-r--r-- | core/java/android/webkit/BrowserFrame.java | 6 | ||||
| -rw-r--r-- | core/java/android/webkit/LoadListener.java | 84 |
2 files changed, 53 insertions, 37 deletions
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java index 6983d9f..b758d22 100644 --- a/core/java/android/webkit/BrowserFrame.java +++ b/core/java/android/webkit/BrowserFrame.java @@ -592,7 +592,9 @@ class BrowserFrame extends Handler { int cacheMode, boolean mainResource, boolean userGesture, - boolean synchronous) { + boolean synchronous, + String username, + String password) { PerfChecker checker = new PerfChecker(); if (mSettings.getCacheMode() != WebSettings.LOAD_DEFAULT) { @@ -665,7 +667,7 @@ class BrowserFrame extends Handler { // Create a LoadListener LoadListener loadListener = LoadListener.getLoadListener(mContext, this, url, loaderHandle, synchronous, isMainFramePage, - mainResource, userGesture, postDataIdentifier); + mainResource, userGesture, postDataIdentifier, username, password); mCallbackProxy.onLoadResource(url); diff --git a/core/java/android/webkit/LoadListener.java b/core/java/android/webkit/LoadListener.java index 75dc5e7..44f5d2b 100644 --- a/core/java/android/webkit/LoadListener.java +++ b/core/java/android/webkit/LoadListener.java @@ -127,6 +127,9 @@ class LoadListener extends Handler implements EventHandler { private Headers mHeaders; + private final String mUsername; + private final String mPassword; + // ========================================================================= // Public functions // ========================================================================= @@ -134,11 +137,13 @@ class LoadListener extends Handler implements EventHandler { public static LoadListener getLoadListener(Context context, BrowserFrame frame, String url, int nativeLoader, boolean synchronous, boolean isMainPageLoader, - boolean isMainResource, boolean userGesture, long postIdentifier) { + boolean isMainResource, boolean userGesture, long postIdentifier, + String username, String password) { sNativeLoaderCount += 1; return new LoadListener(context, frame, url, nativeLoader, synchronous, - isMainPageLoader, isMainResource, userGesture, postIdentifier); + isMainPageLoader, isMainResource, userGesture, postIdentifier, + username, password); } public static int getNativeLoaderCount() { @@ -147,7 +152,8 @@ class LoadListener extends Handler implements EventHandler { LoadListener(Context context, BrowserFrame frame, String url, int nativeLoader, boolean synchronous, boolean isMainPageLoader, - boolean isMainResource, boolean userGesture, long postIdentifier) { + boolean isMainResource, boolean userGesture, long postIdentifier, + String username, String password) { if (DebugFlags.LOAD_LISTENER) { Log.v(LOGTAG, "LoadListener constructor url=" + url); } @@ -163,6 +169,8 @@ class LoadListener extends Handler implements EventHandler { mIsMainResourceLoader = isMainResource; mUserGesture = userGesture; mPostIdentifier = postIdentifier; + mUsername = username; + mPassword = password; } /** @@ -402,7 +410,7 @@ class LoadListener extends Handler implements EventHandler { // if we tried to authenticate ourselves last time if (mAuthHeader != null) { - // we failed, if we must to authenticate again now and + // we failed, if we must authenticate again now and // we have a proxy-ness match mAuthFailed = (mustAuthenticate && isProxyAuthRequest == mAuthHeader.isProxy()); @@ -652,7 +660,13 @@ class LoadListener extends Handler implements EventHandler { if (mAuthHeader != null && (Network.getInstance(mContext).isValidProxySet() || !mAuthHeader.isProxy())) { - Network.getInstance(mContext).handleAuthRequest(this); + // If this is the first attempt to authenticate, try again with the username and + // password supplied in the URL, if present. + if (!mAuthFailed && mUsername != null && mPassword != null) { + makeAuthResponse(mUsername, mPassword); + } else { + Network.getInstance(mContext).handleAuthRequest(this); + } return; } break; // use default @@ -844,37 +858,8 @@ class LoadListener extends Handler implements EventHandler { + " username: " + username + " password: " + password); } - - // create and queue an authentication-response if (username != null && password != null) { - if (mAuthHeader != null && mRequestHandle != null) { - mAuthHeader.setUsername(username); - mAuthHeader.setPassword(password); - - int scheme = mAuthHeader.getScheme(); - if (scheme == HttpAuthHeader.BASIC) { - // create a basic response - boolean isProxy = mAuthHeader.isProxy(); - - mRequestHandle.setupBasicAuthResponse(isProxy, - username, password); - } else { - if (scheme == HttpAuthHeader.DIGEST) { - // create a digest response - boolean isProxy = mAuthHeader.isProxy(); - - String realm = mAuthHeader.getRealm(); - String nonce = mAuthHeader.getNonce(); - String qop = mAuthHeader.getQop(); - String algorithm = mAuthHeader.getAlgorithm(); - String opaque = mAuthHeader.getOpaque(); - - mRequestHandle.setupDigestAuthResponse - (isProxy, username, password, realm, - nonce, qop, algorithm, opaque); - } - } - } + makeAuthResponse(username, password); } else { // Commit whatever data we have and tear down the loader. commitLoad(); @@ -882,6 +867,35 @@ class LoadListener extends Handler implements EventHandler { } } + void makeAuthResponse(String username, String password) { + if (mAuthHeader == null || mRequestHandle == null) { + return; + } + + mAuthHeader.setUsername(username); + mAuthHeader.setPassword(password); + + int scheme = mAuthHeader.getScheme(); + if (scheme == HttpAuthHeader.BASIC) { + // create a basic response + boolean isProxy = mAuthHeader.isProxy(); + + mRequestHandle.setupBasicAuthResponse(isProxy, username, password); + } else if (scheme == HttpAuthHeader.DIGEST) { + // create a digest response + boolean isProxy = mAuthHeader.isProxy(); + + String realm = mAuthHeader.getRealm(); + String nonce = mAuthHeader.getNonce(); + String qop = mAuthHeader.getQop(); + String algorithm = mAuthHeader.getAlgorithm(); + String opaque = mAuthHeader.getOpaque(); + + mRequestHandle.setupDigestAuthResponse(isProxy, username, password, + realm, nonce, qop, algorithm, opaque); + } + } + /** * This is called when a request can be satisfied by the cache, however, * the cache result could be a redirect. In this case we need to issue |