Folks, The main reason for me to get the chrome source was to look at the long time problem that Safari had with HTTP BASIC/DIGEST authentication which obviously Chrome has inherited.
With our developers and operators, who were getting increasingly frustrated with this problem as th "Apple Clones" era was moving into the Windows environments, the general agreement was that the problem was with WebKit since they both using the same rendering engine. Attempting to seek input from Apple and now the Chrome team was not getting anywhere so getting the source and seeing whats going on had to be done. Well, not I am not too such it is a WebKit issue because last night I downloaded yet another webkit based browser - Arora and it worked fine. So there has to be something with the way Safari (and Chrome inherits) has implemented their authentication cache. I would like to get a serious discussion on this long time problem. I would like for someone to point me to the code snippets I should look for regarding how the engine resolves authenticated vs non- authenticated requests. Overall the issue is, a user request http://domain --> redirection to http://domain/public/default.htm where a login button are available. [ LOGIN ] ---> http://domain/login?mode=html When clicked, this does a www-authenticate 401 response forcing the browser to popup its internal authentication box for BASIC or DIGEST authentication. When the users fills it in, and clicks ok, the server then logs in the user and redirects him to: http://domain which NORMAL browsers will perform the redirected request with the Authorization: header included and the server will finally output he private http://domain/default.htm home page. What happens is Safari/Chrome, is that it does not send the authorization header and the server redirects him back to /public/ default.htm. No other browsers other than Safari/Chrome exhibit this behavior. We explored having the server redirecting to /default.htm and this works to display the right page, but looking at the socket logs, shows there are TWO request done for every page browsed from that point one - one without the Authorization header which the server response with 401 and then again with the Authorization. So this is something I would like to resolved. The other things I want to resolve are: At the operation level: - Better handling of MIME based file association and launching. At the security level: - Add Allow | Allow Session | Block dialog/manager for cookies. - Option to turn off some of the "spying" stuff. The main things for me is the HTTP AUTH and the File Association issue, these are show stoppers for Chrome usage for our customers. -- HLS --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
