Title: [159435] trunk/Source/WebCore
- Revision
- 159435
- Author
- [email protected]
- Date
- 2013-11-18 10:45:15 -0800 (Mon, 18 Nov 2013)
Log Message
[Curl] Basic authentication is not reused.
https://bugs.webkit.org/show_bug.cgi?id=124452
Patch by [email protected] <[email protected]> on 2013-11-18
Reviewed by Brent Fulgham.
After a successful basic authentication, the credentials are not reused for later requests.
In the CFNetwork port, this is solved by trying basic authentication first, if credentials exists.
Also, when a 401 response is received, the first thing the CFNetwork port does, is to use
m_user/m_pass as credentials in the following request if they are set.
This can be done the same way for the Curl version.
* platform/network/curl/ResourceHandleCurl.cpp:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge): Try using m_user/m_pass as credentials first, if they are set.
* platform/network/curl/ResourceHandleManager.cpp:
(WebCore::ResourceHandleManager::applyAuthenticationToRequest): Try basic authentication first, if credentials exists.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (159434 => 159435)
--- trunk/Source/WebCore/ChangeLog 2013-11-18 18:42:34 UTC (rev 159434)
+++ trunk/Source/WebCore/ChangeLog 2013-11-18 18:45:15 UTC (rev 159435)
@@ -1,3 +1,21 @@
+2013-11-18 [email protected] <[email protected]>
+
+ [Curl] Basic authentication is not reused.
+ https://bugs.webkit.org/show_bug.cgi?id=124452
+
+ Reviewed by Brent Fulgham.
+
+ After a successful basic authentication, the credentials are not reused for later requests.
+ In the CFNetwork port, this is solved by trying basic authentication first, if credentials exists.
+ Also, when a 401 response is received, the first thing the CFNetwork port does, is to use
+ m_user/m_pass as credentials in the following request if they are set.
+ This can be done the same way for the Curl version.
+
+ * platform/network/curl/ResourceHandleCurl.cpp:
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): Try using m_user/m_pass as credentials first, if they are set.
+ * platform/network/curl/ResourceHandleManager.cpp:
+ (WebCore::ResourceHandleManager::applyAuthenticationToRequest): Try basic authentication first, if credentials exists.
+
2013-11-18 Mátyás Mustoha <[email protected]>
[curl] Add file cache
Modified: trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp (159434 => 159435)
--- trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp 2013-11-18 18:42:34 UTC (rev 159434)
+++ trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp 2013-11-18 18:45:15 UTC (rev 159435)
@@ -189,6 +189,23 @@
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
{
+ if (!d->m_user.isNull() && !d->m_pass.isNull()) {
+ Credential credential(d->m_user, d->m_pass, CredentialPersistenceNone);
+
+ URL urlToStore;
+ if (challenge.failureResponse().httpStatusCode() == 401)
+ urlToStore = challenge.failureResponse().url();
+ CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore);
+
+ String userpass = credential.user() + ":" + credential.password();
+ curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
+
+ d->m_user = String();
+ d->m_pass = String();
+ // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
+ return;
+ }
+
if (shouldUseCredentialStorage()) {
if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
// The stored credential wasn't accepted, stop using it.
Modified: trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp (159434 => 159435)
--- trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp 2013-11-18 18:42:34 UTC (rev 159434)
+++ trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp 2013-11-18 18:45:15 UTC (rev 159435)
@@ -897,6 +897,7 @@
if (!d->m_initialCredential.isEmpty()) {
user = d->m_initialCredential.user();
password = d->m_initialCredential.password();
+ curl_easy_setopt(d->m_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
}
// It seems we need to set CURLOPT_USERPWD even if username and password is empty.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
