Diff
Modified: trunk/LayoutTests/ChangeLog (186475 => 186476)
--- trunk/LayoutTests/ChangeLog 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/LayoutTests/ChangeLog 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1,3 +1,16 @@
+2015-07-07 Brady Eidson <beid...@apple.com>
+
+ HTTP Auth cached after disabling private browsing/reset.
+ <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654
+
+ Reviewed by Tim Horton.
+
+ * http/tests/security/private-browsing-http-auth-expected.txt: Added.
+ * http/tests/security/private-browsing-http-auth.html: Added.
+ * http/tests/security/resources/auth-echo.php: Added.
+ * http/tests/security/resources/basic-auth.php: Added.
+ * platform/wk2/TestExpectations:
+
2015-07-07 Zalan Bujtas <za...@apple.com>
REGRESSION(169105): CSS Regions: renderer returns wrong selection root when it is inside a column flow.
Added: trunk/LayoutTests/http/tests/security/private-browsing-http-auth-expected.txt (0 => 186476)
--- trunk/LayoutTests/http/tests/security/private-browsing-http-auth-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/private-browsing-http-auth-expected.txt 2015-07-07 21:13:31 UTC (rev 186476)
@@ -0,0 +1,12 @@
+http://127.0.0.1:8000/security/resources/basic-auth.php?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+This test makes sure that auth credentials cached during a private browsing session do not leak out after private browsing is disabled.
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Authenticated as user: webkit password: rocks
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+Resource loaded with HTTP authentication username '' and password ''
Added: trunk/LayoutTests/http/tests/security/private-browsing-http-auth.html (0 => 186476)
--- trunk/LayoutTests/http/tests/security/private-browsing-http-auth.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/private-browsing-http-auth.html 2015-07-07 21:13:31 UTC (rev 186476)
@@ -0,0 +1,39 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.setHandlesAuthenticationChallenges(true);
+ testRunner.setAuthenticationUsername("webkit");
+ testRunner.setAuthenticationPassword("rocks");
+ testRunner.setPrivateBrowsingEnabled(true);
+ testRunner.waitUntilDone();
+}
+
+function firstFrameLoaded() {
+ if (window.testRunner) {
+ testRunner.setHandlesAuthenticationChallenges(false);
+ testRunner.setPrivateBrowsingEnabled(false);
+ }
+
+ // If the username and password were in the WebCore CredentialStorage, WebKit would automatically send them out for this resource.
+ // The credentials would be wrong, but it would send them out.
+ // Since the credentails that were cached from the first iframe load should have been forgotten after private browsing was disabled,
+ // no credentials should be sent out automatically this time.
+
+ var frame = document.createElement("iframe");
+ frame.setAttribute("src", "resources/auth-echo.php");
+ frame.setAttribute("onload", "secondFrameLoaded()");
+ document.body.appendChild(frame);
+}
+
+function secondFrameLoaded() {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+</script>
+<body>
+This test makes sure that auth credentials cached during a private browsing session do not leak out after private browsing is disabled.
+<iframe src="" _onload_="firstFrameLoaded();"></iframe>
+</body>
Added: trunk/LayoutTests/http/tests/security/resources/auth-echo.php (0 => 186476)
--- trunk/LayoutTests/http/tests/security/resources/auth-echo.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/auth-echo.php 2015-07-07 21:13:31 UTC (rev 186476)
@@ -0,0 +1,3 @@
+<?php
+echo "Resource loaded with HTTP authentication username '", $_SERVER["PHP_AUTH_USER"], "' and password '", $_SERVER["PHP_AUTH_PW"], "'\n";
+?>
Added: trunk/LayoutTests/http/tests/security/resources/basic-auth.php (0 => 186476)
--- trunk/LayoutTests/http/tests/security/resources/basic-auth.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/basic-auth.php 2015-07-07 21:13:31 UTC (rev 186476)
@@ -0,0 +1,16 @@
+<?php
+$expectedUsername = isset($_GET['username']) ? $_GET['username'] : 'username';
+$expectedPassword = isset($_GET['password']) ? $_GET['password'] : 'password';
+$realm = isset($_GET['realm']) ? $_GET['realm'] : $_SERVER['REQUEST_URI'];
+
+header("Cache-Control: no-store");
+header("Connection: close");
+if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != $expectedUsername ||
+ !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW'] != $expectedPassword) {
+ header("WWW-Authenticate: Basic realm=\"" . $realm . "\"");
+ header('HTTP/1.0 401 Unauthorized');
+ print 'Sent username:password of (' . $_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW'] . ') which is not what was expected';
+ exit;
+}
+?>
+Authenticated as user: <?php print (string)$_SERVER['PHP_AUTH_USER']?> password: <?php print (string)$_SERVER['PHP_AUTH_PW']?>
Modified: trunk/LayoutTests/platform/wk2/TestExpectations (186475 => 186476)
--- trunk/LayoutTests/platform/wk2/TestExpectations 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/LayoutTests/platform/wk2/TestExpectations 2015-07-07 21:13:31 UTC (rev 186476)
@@ -421,6 +421,9 @@
# This test is not the cause of the problem, just the one that happens to currently be the victim.
svg/filters/filter-hidden-content.svg [ Pass Failure ]
+# No good way to test private browsing in WKTR right now
+http/tests/security/private-browsing-http-auth.html
+
### END OF (2) Classified failures without bug reports (yet)
########################################
Modified: trunk/Source/WebCore/ChangeLog (186475 => 186476)
--- trunk/Source/WebCore/ChangeLog 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/ChangeLog 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1,3 +1,68 @@
+2015-07-07 Brady Eidson <beid...@apple.com>
+
+ HTTP Auth cached after disabling private browsing/reset.
+ <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654
+
+ Reviewed by Tim Horton.
+
+ Test: http/tests/security/private-browsing-http-auth.html
+
+ - Change most static CredentialStorage methods to be instance methods instead.
+ - Make a CredentialStorage objects be per-NetworkStorageSession.
+
+ * Modules/websockets/WebSocketChannel.cpp:
+ (WebCore::WebSocketChannel::WebSocketChannel):
+ (WebCore::WebSocketChannel::connect): Only start the web socket load if a networking
+ context is available.
+
+ * platform/network/CredentialStorage.cpp:
+ (WebCore::CredentialStorage::defaultCredentialStorage): Returns the credential storage
+ from the default NetworkStorageSession.
+ (WebCore::CredentialStorage::set):
+ (WebCore::CredentialStorage::get):
+ (WebCore::CredentialStorage::remove):
+ (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):
+ (WebCore::CredentialStorage::clearCredentials):
+ (WebCore::protectionSpaceToCredentialMap): Deleted.
+ (WebCore::originsWithCredentials): Deleted.
+ (WebCore::pathToDefaultProtectionSpaceMap): Deleted.
+ (WebCore::findDefaultProtectionSpaceForURL): Deleted.
+ (WebCore::CredentialStorage::setPrivateMode): Deleted. Was a no-op anyways.
+ * platform/network/CredentialStorage.h:
+
+ * platform/network/NetworkStorageSession.h:
+ (WebCore::NetworkStorageSession::credentialStorage):
+
+ * platform/network/cf/ResourceHandleCFNet.cpp:
+ (WebCore::ResourceHandle::createCFURLConnection):
+ (WebCore::ResourceHandle::willSendRequest):
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+ (WebCore::ResourceHandle::receivedCredential):
+
+ * platform/network/cf/SocketStreamHandle.h:
+ (WebCore::SocketStreamHandle::create):
+ * platform/network/cf/SocketStreamHandleCFNet.cpp:
+ (WebCore::SocketStreamHandle::SocketStreamHandle):
+ (WebCore::SocketStreamHandle::getStoredCONNECTProxyCredentials):
+ (WebCore::getStoredCONNECTProxyCredentials): Deleted.
+
+ * platform/network/curl/ResourceHandleCurl.cpp:
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+ (WebCore::ResourceHandle::receivedCredential):
+ * platform/network/curl/ResourceHandleManager.cpp:
+ (WebCore::ResourceHandleManager::applyAuthenticationToRequest):
+
+ * platform/network/mac/ResourceHandleMac.mm:
+ (WebCore::ResourceHandle::createNSURLConnection):
+ (WebCore::ResourceHandle::willSendRequest):
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+ (WebCore::ResourceHandle::receivedCredential):
+
+ * platform/network/soup/ResourceHandleSoup.cpp:
+ (WebCore::applyAuthenticationToRequest):
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+ (WebCore::ResourceHandle::receivedCredential):
+
2015-07-07 Zalan Bujtas <za...@apple.com>
REGRESSION(169105): CSS Regions: renderer returns wrong selection root when it is inside a column flow.
Modified: trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp (186475 => 186476)
--- trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -81,6 +81,8 @@
, m_outgoingFrameQueueStatus(OutgoingFrameQueueOpen)
, m_blobLoaderStatus(BlobLoaderNotStarted)
{
+ ASSERT(m_document);
+
if (Page* page = m_document->page())
m_identifier = page->progress().createUniqueIdentifier();
@@ -103,8 +105,13 @@
m_handshake->addExtensionProcessor(m_deflateFramer.createExtensionProcessor());
if (m_identifier)
InspectorInstrumentation::didCreateWebSocket(m_document, m_identifier, url, m_document->url(), protocol);
- ref();
- m_handle = SocketStreamHandle::create(m_handshake->url(), this);
+
+ if (Frame* frame = m_document->frame()) {
+ if (NetworkingContext* networkingContext = frame->loader().networkingContext()) {
+ ref();
+ m_handle = SocketStreamHandle::create(m_handshake->url(), this, *networkingContext);
+ }
+ }
}
String WebSocketChannel::subprotocol()
Modified: trunk/Source/WebCore/platform/network/CredentialStorage.cpp (186475 => 186476)
--- trunk/Source/WebCore/platform/network/CredentialStorage.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/CredentialStorage.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -26,15 +26,9 @@
#include "config.h"
#include "CredentialStorage.h"
-#include "Credential.h"
+#include "NetworkStorageSession.h"
#include "URL.h"
-#include "ProtectionSpaceHash.h"
-#include <wtf/text/WTFString.h>
-#include <wtf/text/StringHash.h>
-#include <wtf/HashMap.h>
-#include <wtf/HashSet.h>
-#include <wtf/MainThread.h>
-#include <wtf/StdLibExtras.h>
+#include <wtf/NeverDestroyed.h>
#if PLATFORM(IOS)
#include "WebCoreThread.h"
@@ -42,29 +36,11 @@
namespace WebCore {
-typedef HashMap<ProtectionSpace, Credential> ProtectionSpaceToCredentialMap;
-static ProtectionSpaceToCredentialMap& protectionSpaceToCredentialMap()
+CredentialStorage& CredentialStorage::defaultCredentialStorage()
{
- ASSERT(isMainThread());
- DEPRECATED_DEFINE_STATIC_LOCAL(ProtectionSpaceToCredentialMap, map, ());
- return map;
+ return NetworkStorageSession::defaultStorageSession().credentialStorage();
}
-static HashSet<String>& originsWithCredentials()
-{
- ASSERT(isMainThread());
- DEPRECATED_DEFINE_STATIC_LOCAL(HashSet<String>, set, ());
- return set;
-}
-
-typedef HashMap<String, ProtectionSpace> PathToDefaultProtectionSpaceMap;
-static PathToDefaultProtectionSpaceMap& pathToDefaultProtectionSpaceMap()
-{
- ASSERT(isMainThread());
- DEPRECATED_DEFINE_STATIC_LOCAL(PathToDefaultProtectionSpaceMap, map, ());
- return map;
-}
-
static String originStringFromURL(const URL& url)
{
if (url.port())
@@ -96,7 +72,7 @@
ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.protocolIsInHTTPFamily());
ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.isValid());
- protectionSpaceToCredentialMap().set(protectionSpace, credential);
+ m_protectionSpaceToCredentialMap.set(protectionSpace, credential);
#if PLATFORM(IOS)
if (protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested)
@@ -104,46 +80,44 @@
#endif
if (!protectionSpace.isProxy() && protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
- originsWithCredentials().add(originStringFromURL(url));
+ m_originsWithCredentials.add(originStringFromURL(url));
ProtectionSpaceAuthenticationScheme scheme = protectionSpace.authenticationScheme();
if (scheme == ProtectionSpaceAuthenticationSchemeHTTPBasic || scheme == ProtectionSpaceAuthenticationSchemeDefault) {
// The map can contain both a path and its subpath - while redundant, this makes lookups faster.
- pathToDefaultProtectionSpaceMap().set(protectionSpaceMapKeyFromURL(url), protectionSpace);
+ m_pathToDefaultProtectionSpaceMap.set(protectionSpaceMapKeyFromURL(url), protectionSpace);
}
}
}
Credential CredentialStorage::get(const ProtectionSpace& protectionSpace)
{
- return protectionSpaceToCredentialMap().get(protectionSpace);
+ return m_protectionSpaceToCredentialMap.get(protectionSpace);
}
void CredentialStorage::remove(const ProtectionSpace& protectionSpace)
{
- protectionSpaceToCredentialMap().remove(protectionSpace);
+ m_protectionSpaceToCredentialMap.remove(protectionSpace);
}
-static PathToDefaultProtectionSpaceMap::iterator findDefaultProtectionSpaceForURL(const URL& url)
+HashMap<String, ProtectionSpace>::iterator CredentialStorage::findDefaultProtectionSpaceForURL(const URL& url)
{
ASSERT(url.protocolIsInHTTPFamily());
ASSERT(url.isValid());
- PathToDefaultProtectionSpaceMap& map = pathToDefaultProtectionSpaceMap();
-
// Don't spend time iterating the path for origins that don't have any credentials.
- if (!originsWithCredentials().contains(originStringFromURL(url)))
- return map.end();
+ if (!m_originsWithCredentials.contains(originStringFromURL(url)))
+ return m_pathToDefaultProtectionSpaceMap.end();
String directoryURL = protectionSpaceMapKeyFromURL(url);
unsigned directoryURLPathStart = url.pathStart();
while (true) {
- PathToDefaultProtectionSpaceMap::iterator iter = map.find(directoryURL);
- if (iter != map.end())
+ PathToDefaultProtectionSpaceMap::iterator iter = m_pathToDefaultProtectionSpaceMap.find(directoryURL);
+ if (iter != m_pathToDefaultProtectionSpaceMap.end())
return iter;
if (directoryURL.length() == directoryURLPathStart + 1) // path is "/" already, cannot shorten it any more
- return map.end();
+ return m_pathToDefaultProtectionSpaceMap.end();
size_t index = directoryURL.reverseFind('/', directoryURL.length() - 2);
ASSERT(index != notFound);
@@ -158,34 +132,26 @@
ASSERT(url.protocolIsInHTTPFamily());
ASSERT(url.isValid());
PathToDefaultProtectionSpaceMap::iterator iter = findDefaultProtectionSpaceForURL(url);
- if (iter == pathToDefaultProtectionSpaceMap().end())
+ if (iter == m_pathToDefaultProtectionSpaceMap.end())
return false;
- ASSERT(originsWithCredentials().contains(originStringFromURL(url)));
- protectionSpaceToCredentialMap().set(iter->value, credential);
+ ASSERT(m_originsWithCredentials.contains(originStringFromURL(url)));
+ m_protectionSpaceToCredentialMap.set(iter->value, credential);
return true;
}
Credential CredentialStorage::get(const URL& url)
{
PathToDefaultProtectionSpaceMap::iterator iter = findDefaultProtectionSpaceForURL(url);
- if (iter == pathToDefaultProtectionSpaceMap().end())
+ if (iter == m_pathToDefaultProtectionSpaceMap.end())
return Credential();
- return protectionSpaceToCredentialMap().get(iter->value);
+ return m_protectionSpaceToCredentialMap.get(iter->value);
}
-#if PLATFORM(IOS)
void CredentialStorage::clearCredentials()
{
- pathToDefaultProtectionSpaceMap().clear();
- originsWithCredentials().clear();
- protectionSpaceToCredentialMap().clear();
+ m_protectionSpaceToCredentialMap.clear();
+ m_originsWithCredentials.clear();
+ m_pathToDefaultProtectionSpaceMap.clear();
}
-#endif
-void CredentialStorage::setPrivateMode(bool mode)
-{
- if (!mode)
- protectionSpaceToCredentialMap().clear();
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/network/CredentialStorage.h (186475 => 186476)
--- trunk/Source/WebCore/platform/network/CredentialStorage.h 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/CredentialStorage.h 2015-07-07 21:13:31 UTC (rev 186476)
@@ -26,33 +26,49 @@
#ifndef CredentialStorage_h
#define CredentialStorage_h
+#include "Credential.h"
+#include "ProtectionSpaceHash.h"
+#include <wtf/HashMap.h>
+#include <wtf/HashSet.h>
+#include <wtf/text/StringHash.h>
+#include <wtf/text/WTFString.h>
+
namespace WebCore {
-class Credential;
class URL;
class ProtectionSpace;
class CredentialStorage {
public:
+ WEBCORE_EXPORT static CredentialStorage& defaultCredentialStorage();
+
// WebCore session credential storage.
- static void set(const Credential&, const ProtectionSpace&, const URL&);
- WEBCORE_EXPORT static Credential get(const ProtectionSpace&);
- static void remove(const ProtectionSpace&);
+ void set(const Credential&, const ProtectionSpace&, const URL&);
+ WEBCORE_EXPORT Credential get(const ProtectionSpace&);
+ void remove(const ProtectionSpace&);
// OS persistent storage.
- WEBCORE_EXPORT static Credential getFromPersistentStorage(const ProtectionSpace&);
+ WEBCORE_EXPORT Credential getFromPersistentStorage(const ProtectionSpace&);
+ WEBCORE_EXPORT void clearCredentials();
+
#if PLATFORM(IOS)
- static void saveToPersistentStorage(const ProtectionSpace&, const Credential&);
- WEBCORE_EXPORT static void clearCredentials();
+ void saveToPersistentStorage(const ProtectionSpace&, const Credential&);
#endif
// These methods work for authentication schemes that support sending credentials without waiting for a request. E.g., for HTTP Basic authentication scheme
// a client should assume that all paths at or deeper than the depth of a known protected resource share are within the same protection space.
- static bool set(const Credential&, const URL&); // Returns true if the URL corresponds to a known protection space, so credentials could be updated.
- WEBCORE_EXPORT static Credential get(const URL&);
+ bool set(const Credential&, const URL&); // Returns true if the URL corresponds to a known protection space, so credentials could be updated.
+ WEBCORE_EXPORT Credential get(const URL&);
- static void setPrivateMode(bool);
+private:
+ HashMap<ProtectionSpace, Credential> m_protectionSpaceToCredentialMap;
+ HashSet<String> m_originsWithCredentials;
+
+ typedef HashMap<String, ProtectionSpace> PathToDefaultProtectionSpaceMap;
+ PathToDefaultProtectionSpaceMap m_pathToDefaultProtectionSpaceMap;
+
+ PathToDefaultProtectionSpaceMap::iterator findDefaultProtectionSpaceForURL(const URL&);
};
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/network/NetworkStorageSession.h (186475 => 186476)
--- trunk/Source/WebCore/platform/network/NetworkStorageSession.h 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/NetworkStorageSession.h 2015-07-07 21:13:31 UTC (rev 186476)
@@ -26,6 +26,8 @@
#ifndef NetworkStorageSession_h
#define NetworkStorageSession_h
+#include "CredentialStorage.h"
+
#include <wtf/RetainPtr.h>
#include <wtf/text/WTFString.h>
@@ -47,6 +49,8 @@
WEBCORE_EXPORT static void switchToNewTestingSession();
+ CredentialStorage& credentialStorage() { return m_credentialStorage; }
+
#if PLATFORM(COCOA) || USE(CFNETWORK)
NetworkStorageSession(RetainPtr<CFURLStorageSessionRef>);
// May be null, in which case a Foundation default should be used.
@@ -72,6 +76,8 @@
#else
RefPtr<NetworkingContext> m_context;
#endif
+
+ CredentialStorage m_credentialStorage;
};
}
Modified: trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp (186475 => 186476)
--- trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -132,12 +132,12 @@
if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
// <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
// try and reuse the credential preemptively, as allowed by RFC 2617.
- d->m_initialCredential = CredentialStorage::get(firstRequest().url());
+ d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().url());
} else {
// If there is already a protection space known for the URL, update stored credentials before sending a request.
// This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
// (so that an authentication dialog doesn't pop up).
- CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
+ d->m_context->storageSession().credentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
}
}
@@ -293,7 +293,7 @@
// Only consider applying authentication credentials if this is actually a redirect and the redirect
// URL didn't include credentials of its own.
if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
- Credential credential = CredentialStorage::get(request.url());
+ Credential credential = d->m_context->storageSession().credentialStorage().get(request.url());
if (!credential.isEmpty()) {
d->m_initialCredential = credential;
@@ -358,7 +358,7 @@
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
- CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore);
+ d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), urlToStore);
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
d->m_user = String();
@@ -372,16 +372,16 @@
// The stored credential wasn't accepted, stop using it.
// There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
// but the observable effect should be very minor, if any.
- CredentialStorage::remove(challenge.protectionSpace());
+ d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
- Credential credential = CredentialStorage::get(challenge.protectionSpace());
+ Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
- CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
+ d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
#if PLATFORM(COCOA)
CFURLConnectionUseCredential(d->m_connection.get(), credential.cfCredential(), challenge.cfURLAuthChallengeRef());
@@ -435,7 +435,7 @@
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
- CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore);
+ d->m_context->storageSession().credentialStorage().set(webCredential, challenge.protectionSpace(), urlToStore);
if (d->m_connection) {
#if PLATFORM(COCOA)
Modified: trunk/Source/WebCore/platform/network/cf/SocketStreamHandle.h (186475 => 186476)
--- trunk/Source/WebCore/platform/network/cf/SocketStreamHandle.h 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/cf/SocketStreamHandle.h 2015-07-07 21:13:31 UTC (rev 186476)
@@ -43,11 +43,13 @@
class AuthenticationChallenge;
class Credential;
+class NetworkingContext;
+class ProtectionSpace;
class SocketStreamHandleClient;
class SocketStreamHandle : public ThreadSafeRefCounted<SocketStreamHandle>, public SocketStreamHandleBase, public AuthenticationClient {
public:
- static PassRefPtr<SocketStreamHandle> create(const URL& url, SocketStreamHandleClient* client) { return adoptRef(new SocketStreamHandle(url, client)); }
+ static PassRefPtr<SocketStreamHandle> create(const URL& url, SocketStreamHandleClient* client, NetworkingContext& networkingContext) { return adoptRef(new SocketStreamHandle(url, client, networkingContext)); }
virtual ~SocketStreamHandle();
@@ -58,7 +60,7 @@
virtual int platformSend(const char* data, int length);
virtual void platformClose();
- SocketStreamHandle(const URL&, SocketStreamHandleClient*);
+ SocketStreamHandle(const URL&, SocketStreamHandleClient*, NetworkingContext&);
void createStreams();
void scheduleStreams();
void chooseProxy();
@@ -84,6 +86,8 @@
void reportErrorToClient(CFErrorRef);
+ bool getStoredCONNECTProxyCredentials(const ProtectionSpace&, String& login, String& password);
+
// No authentication for streams per se, but proxy may ask for credentials.
virtual void receivedCredential(const AuthenticationChallenge&, const Credential&);
virtual void receivedRequestToContinueWithoutCredential(const AuthenticationChallenge&);
@@ -108,6 +112,8 @@
RetainPtr<CFWriteStreamRef> m_writeStream;
RetainPtr<CFURLRef> m_httpsURL; // ws(s): replaced with https:
+
+ Ref<NetworkingContext> m_networkingContext;
};
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/network/cf/SocketStreamHandleCFNet.cpp (186475 => 186476)
--- trunk/Source/WebCore/platform/network/cf/SocketStreamHandleCFNet.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/cf/SocketStreamHandleCFNet.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -35,6 +35,7 @@
#include "Credential.h"
#include "CredentialStorage.h"
#include "Logging.h"
+#include "NetworkingContext.h"
#include "ProtectionSpace.h"
#include "SocketStreamError.h"
#include "SocketStreamHandleClient.h"
@@ -61,11 +62,12 @@
namespace WebCore {
-SocketStreamHandle::SocketStreamHandle(const URL& url, SocketStreamHandleClient* client)
+SocketStreamHandle::SocketStreamHandle(const URL& url, SocketStreamHandleClient* client, NetworkingContext& networkingContext)
: SocketStreamHandleBase(url, client)
, m_connectingSubstate(New)
, m_connectionType(Unknown)
, m_sentStoredCredentials(false)
+ , m_networkingContext(networkingContext)
{
LOG(Network, "SocketStreamHandle %p new client %p", this, m_client);
@@ -331,14 +333,14 @@
}
}
-static bool getStoredCONNECTProxyCredentials(const ProtectionSpace& protectionSpace, String& login, String& password)
+bool SocketStreamHandle::getStoredCONNECTProxyCredentials(const ProtectionSpace& protectionSpace, String& login, String& password)
{
// FIXME (<rdar://problem/10416495>): Proxy credentials should be retrieved from AuthBrokerAgent.
// Try system credential storage first, matching HTTP behavior (CFNetwork only asks the client for password if it couldn't find it in Keychain).
- Credential storedCredential = CredentialStorage::getFromPersistentStorage(protectionSpace);
+ Credential storedCredential = m_networkingContext->storageSession().credentialStorage().getFromPersistentStorage(protectionSpace);
if (storedCredential.isEmpty())
- storedCredential = CredentialStorage::get(protectionSpace);
+ storedCredential = m_networkingContext->storageSession().credentialStorage().get(protectionSpace);
if (storedCredential.isEmpty())
return false;
Modified: trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp (186475 => 186476)
--- trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -193,7 +193,7 @@
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
- CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore);
+ CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), urlToStore);
String userpass = credential.user() + ":" + credential.password();
curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
@@ -209,16 +209,16 @@
// The stored credential wasn't accepted, stop using it.
// There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
// but the observable effect should be very minor, if any.
- CredentialStorage::remove(challenge.protectionSpace());
+ CredentialStorage::defaultCredentialStorage().remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
- Credential credential = CredentialStorage::get(challenge.protectionSpace());
+ Credential credential = CredentialStorage::defaultCredentialStorage().get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
- CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
+ CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
String userpass = credential.user() + ":" + credential.password();
curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
@@ -246,7 +246,7 @@
if (shouldUseCredentialStorage()) {
if (challenge.failureResponse().httpStatusCode() == 401) {
URL urlToStore = challenge.failureResponse().url();
- CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore);
+ CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), urlToStore);
}
}
Modified: trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp (186475 => 186476)
--- trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -967,13 +967,13 @@
if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
// <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
// try and reuse the credential preemptively, as allowed by RFC 2617.
- d->m_initialCredential = CredentialStorage::get(request.url());
+ d->m_initialCredential = CredentialStorage::defaultCredentialStorage().get(request.url());
} else {
// If there is already a protection space known for the URL, update stored credentials
// before sending a request. This makes it possible to implement logout by sending an
// XMLHttpRequest with known incorrect credentials, and aborting it immediately (so that
// an authentication dialog doesn't pop up).
- CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), request.url());
+ CredentialStorage::defaultCredentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), request.url());
}
}
Modified: trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm (186475 => 186476)
--- trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2015-07-07 21:13:31 UTC (rev 186476)
@@ -160,12 +160,12 @@
if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
// <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
// try and reuse the credential preemptively, as allowed by RFC 2617.
- d->m_initialCredential = CredentialStorage::get(firstRequest().url());
+ d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().url());
} else {
// If there is already a protection space known for the URL, update stored credentials before sending a request.
// This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
// (so that an authentication dialog doesn't pop up).
- CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
+ d->m_context->storageSession().credentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
}
}
@@ -478,7 +478,7 @@
// Only consider applying authentication credentials if this is actually a redirect and the redirect
// URL didn't include credentials of its own.
if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
- Credential credential = CredentialStorage::get(request.url());
+ Credential credential = d->m_context->storageSession().credentialStorage().get(request.url());
if (!credential.isEmpty()) {
d->m_initialCredential = credential;
@@ -562,16 +562,16 @@
// The stored credential wasn't accepted, stop using it.
// There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
// but the observable effect should be very minor, if any.
- CredentialStorage::remove(challenge.protectionSpace());
+ d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
- Credential credential = CredentialStorage::get(challenge.protectionSpace());
+ Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
- CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
+ d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
[challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
return;
@@ -656,7 +656,7 @@
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
- CredentialStorage::set(webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
+ d->m_context->storageSession().credentialStorage().set(webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
[[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
} else
[[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
Modified: trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp (186475 => 186476)
--- trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -378,13 +378,13 @@
if (handle->shouldUseCredentialStorage()) {
if (d->m_user.isEmpty() && d->m_pass.isEmpty())
- d->m_initialCredential = CredentialStorage::get(request.url());
+ d->m_initialCredential = CredentialStorage::defaultCredentialStorage().get(request.url());
else if (!redirect) {
// If there is already a protection space known for the URL, update stored credentials
// before sending a request. This makes it possible to implement logout by sending an
// XMLHttpRequest with known incorrect credentials, and aborting it immediately (so that
// an authentication dialog doesn't pop up).
- CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), request.url());
+ CredentialStorage::defaultCredentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), request.url());
}
}
@@ -1137,17 +1137,17 @@
// The stored credential wasn't accepted, stop using it. There is a race condition
// here, since a different credential might have already been stored by another
// ResourceHandle, but the observable effect should be very minor, if any.
- CredentialStorage::remove(challenge.protectionSpace());
+ CredentialStorage::defaultCredentialStorage().remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
- Credential credential = CredentialStorage::get(challenge.protectionSpace());
+ Credential credential = CredentialStorage::defaultCredentialStorage().get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
// Store the credential back, possibly adding it as a default for this directory.
if (isAuthenticationFailureStatusCode(challenge.failureResponse().httpStatusCode()))
- CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
+ CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
soup_auth_authenticate(challenge.soupAuth(), credential.user().utf8().data(), credential.password().utf8().data());
return;
@@ -1200,7 +1200,7 @@
// we place the credentials in the store even though libsoup will never fire the authenticate signal again for
// this protection space.
if (credential.persistence() == CredentialPersistenceForSession || credential.persistence() == CredentialPersistencePermanent)
- CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
+ CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
#if PLATFORM(GTK)
if (credential.persistence() == CredentialPersistencePermanent) {
Modified: trunk/Source/WebKit/mac/ChangeLog (186475 => 186476)
--- trunk/Source/WebKit/mac/ChangeLog 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/ChangeLog 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1,3 +1,26 @@
+2015-07-07 Brady Eidson <beid...@apple.com>
+
+ HTTP Auth cached after disabling private browsing/reset.
+ <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654
+
+ Reviewed by Tim Horton.
+
+ * Misc/WebCache.h:
+ * Misc/WebCache.mm:
+ (+[WebCache clearCachedCredentials]): Clear the global CredentialStorage as well as the
+ storages belonging to each main frame of each WebView. This method is for DRT.
+
+ * Misc/WebDownload.mm:
+ (-[WebDownloadInternal download:didReceiveAuthenticationChallenge:]):
+
+ * Plugins/WebBaseNetscapePluginView.mm:
+ (WebKit::getAuthenticationInfo):
+
+ * WebView/WebView.mm:
+ (-[WebView _clearCredentials]): Clear the storage belonging to the current networking session
+ of the main frame of this WebView.
+ * WebView/WebViewInternal.h:
+
2015-07-04 Chris Dumez <cdu...@apple.com>
Drop RefPtr::clear() method
Modified: trunk/Source/WebKit/mac/Misc/WebCache.h (186475 => 186476)
--- trunk/Source/WebKit/mac/Misc/WebCache.h 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/Misc/WebCache.h 2015-07-07 21:13:31 UTC (rev 186476)
@@ -36,7 +36,6 @@
#if TARGET_OS_IPHONE
+ (void)emptyInMemoryResources;
+ (void)sizeOfDeadResources:(int *)resources;
-+ (void)clearCachedCredentials;
// SPI to add a CGImageRef directly to the WebCore cache.
+ (bool)addImageToCache:(CGImageRef)image forURL:(NSURL *)url;
+ (bool)addImageToCache:(CGImageRef)image forURL:(NSURL *)url forFrame:(WebFrame *)frame;
@@ -46,5 +45,6 @@
#endif
+ (void)setDisabled:(BOOL)disabled;
+ (BOOL)isDisabled;
++ (void)clearCachedCredentials;
@end
Modified: trunk/Source/WebKit/mac/Misc/WebCache.mm (186475 => 186476)
--- trunk/Source/WebKit/mac/Misc/WebCache.mm 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/Misc/WebCache.mm 2015-07-07 21:13:31 UTC (rev 186476)
@@ -32,6 +32,7 @@
#import "WebView.h"
#import "WebViewInternal.h"
#import <WebCore/ApplicationCacheStorage.h>
+#import <WebCore/CredentialStorage.h>
#import <WebCore/CrossOriginPreflightResultCache.h>
#import <WebCore/MemoryCache.h>
#import <runtime/InitializeThreading.h>
@@ -42,7 +43,6 @@
#import "MemoryMeasure.h"
#import "WebFrameInternal.h"
#import <WebCore/CachedImage.h>
-#import <WebCore/CredentialStorage.h>
#import <WebCore/Frame.h>
#import <WebCore/PageCache.h>
#import <WebCore/WebCoreThreadRun.h>
@@ -158,11 +158,6 @@
}
}
-+ (void)clearCachedCredentials
-{
- WebCore::CredentialStorage::clearCredentials();
-}
-
+ (bool)addImageToCache:(CGImageRef)image forURL:(NSURL *)url
{
return [WebCache addImageToCache:image forURL:url forFrame:nil];
@@ -227,4 +222,10 @@
return WebCore::MemoryCache::singleton().disabled();
}
++ (void)clearCachedCredentials
+{
+ [WebView _makeAllWebViewsPerformSelector:@selector(_clearCredentials)];
+ WebCore::CredentialStorage::defaultCredentialStorage().clearCredentials();
+}
+
@end
Modified: trunk/Source/WebKit/mac/Misc/WebDownload.mm (186475 => 186476)
--- trunk/Source/WebKit/mac/Misc/WebDownload.mm 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/Misc/WebDownload.mm 2015-07-07 21:13:31 UTC (rev 186476)
@@ -128,7 +128,7 @@
#if !PLATFORM(IOS)
// Try previously stored credential first.
if (![challenge previousFailureCount]) {
- NSURLCredential *credential = CredentialStorage::get(ProtectionSpace([challenge protectionSpace])).nsCredential();
+ NSURLCredential *credential = CredentialStorage::defaultCredentialStorage().get(ProtectionSpace([challenge protectionSpace])).nsCredential();
if (credential) {
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
return;
Modified: trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm (186475 => 186476)
--- trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm 2015-07-07 21:13:31 UTC (rev 186476)
@@ -927,7 +927,7 @@
RetainPtr<NSURLProtectionSpace> protectionSpace = adoptNS([[NSURLProtectionSpace alloc] initWithHost:host port:port protocol:protocol realm:realm authenticationMethod:authenticationMethod]);
- NSURLCredential *credential = CredentialStorage::get(ProtectionSpace(protectionSpace.get())).nsCredential();
+ NSURLCredential *credential = CredentialStorage::defaultCredentialStorage().get(ProtectionSpace(protectionSpace.get())).nsCredential();
if (!credential)
credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:protectionSpace.get()];
if (!credential)
Modified: trunk/Source/WebKit/mac/WebView/WebView.mm (186475 => 186476)
--- trunk/Source/WebKit/mac/WebView/WebView.mm 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/WebView/WebView.mm 2015-07-07 21:13:31 UTC (rev 186476)
@@ -8275,6 +8275,19 @@
return result;
}
+- (void)_clearCredentials
+{
+ Frame* frame = [self _mainCoreFrame];
+ if (!frame)
+ return;
+
+ NetworkingContext* networkingContext = frame->loader().networkingContext();
+ if (!networkingContext)
+ return;
+
+ networkingContext->storageSession().credentialStorage().clearCredentials();
+}
+
- (BOOL)_needsOneShotDrawingSynchronization
{
return _private->needsOneShotDrawingSynchronization;
Modified: trunk/Source/WebKit/mac/WebView/WebViewInternal.h (186475 => 186476)
--- trunk/Source/WebKit/mac/WebView/WebViewInternal.h 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/mac/WebView/WebViewInternal.h 2015-07-07 21:13:31 UTC (rev 186476)
@@ -103,6 +103,8 @@
- (WebCore::Frame*)_mainCoreFrame;
- (WebFrame *)_selectedOrMainFrame;
+- (void)_clearCredentials;
+
- (WebCore::KeyboardUIMode)_keyboardUIMode;
- (BOOL)_becomingFirstResponderFromOutside;
Modified: trunk/Source/WebKit/win/ChangeLog (186475 => 186476)
--- trunk/Source/WebKit/win/ChangeLog 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/win/ChangeLog 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1,3 +1,13 @@
+2015-07-07 Brady Eidson <beid...@apple.com>
+
+ HTTP Auth cached after disabling private browsing/reset.
+ <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654
+
+ Reviewed by Tim Horton.
+
+ * WebDownloadCFNet.cpp:
+ (WebDownload::didReceiveAuthenticationChallenge):
+
2015-07-04 Chris Dumez <cdu...@apple.com>
Drop RefPtr::clear() method
Modified: trunk/Source/WebKit/win/WebDownloadCFNet.cpp (186475 => 186476)
--- trunk/Source/WebKit/win/WebDownloadCFNet.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit/win/WebDownloadCFNet.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -386,7 +386,7 @@
{
// Try previously stored credential first.
if (!CFURLAuthChallengeGetPreviousFailureCount(challenge)) {
- Credential credential = CredentialStorage::get(core(CFURLAuthChallengeGetProtectionSpace(challenge)));
+ Credential credential = CredentialStorage::defaultCredentialStorage().get(core(CFURLAuthChallengeGetProtectionSpace(challenge)));
if (!credential.isEmpty()) {
RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential));
CFURLDownloadUseCredential(m_download.get(), cfCredential.get(), challenge);
Modified: trunk/Source/WebKit2/ChangeLog (186475 => 186476)
--- trunk/Source/WebKit2/ChangeLog 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit2/ChangeLog 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1,3 +1,13 @@
+2015-07-07 Brady Eidson <beid...@apple.com>
+
+ HTTP Auth cached after disabling private browsing/reset.
+ <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654
+
+ Reviewed by Tim Horton.
+
+ * WebProcess/Plugins/PluginView.cpp:
+ (WebKit::PluginView::getAuthenticationInfo):
+
2015-07-07 Anders Carlsson <ander...@apple.com>
Make sure to remove the download message receiver before freeing it
Modified: trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp (186475 => 186476)
--- trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1572,9 +1572,9 @@
bool PluginView::getAuthenticationInfo(const ProtectionSpace& protectionSpace, String& username, String& password)
{
- Credential credential = CredentialStorage::get(protectionSpace);
+ Credential credential = CredentialStorage::defaultCredentialStorage().get(protectionSpace);
if (credential.isEmpty())
- credential = CredentialStorage::getFromPersistentStorage(protectionSpace);
+ credential = CredentialStorage::defaultCredentialStorage().getFromPersistentStorage(protectionSpace);
if (!credential.hasPassword())
return false;
Modified: trunk/Tools/ChangeLog (186475 => 186476)
--- trunk/Tools/ChangeLog 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Tools/ChangeLog 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1,3 +1,13 @@
+2015-07-07 Brady Eidson <beid...@apple.com>
+
+ HTTP Auth cached after disabling private browsing/reset.
+ <rdar://problem/8293055> and https://bugs.webkit.org/show_bug.cgi?id=146654
+
+ Reviewed by Tim Horton.
+
+ * DumpRenderTree/mac/DumpRenderTree.mm:
+ (resetWebViewToConsistentStateBeforeTesting): Clear in-memory credentials in between test runs.
+
2015-07-06 Alex Christensen <achristen...@webkit.org>
[Content Extensions] Remove memory page reporting
Modified: trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm (186475 => 186476)
--- trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm 2015-07-07 20:16:41 UTC (rev 186475)
+++ trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm 2015-07-07 21:13:31 UTC (rev 186476)
@@ -1823,6 +1823,8 @@
[[webView window] setAutodisplay:NO];
#endif
[webView setTracksRepaints:NO];
+
+ [WebCache clearCachedCredentials];
resetWebPreferencesToConsistentValues();