- Revision
- 196034
- Author
- [email protected]
- Date
- 2016-02-02 15:42:40 -0800 (Tue, 02 Feb 2016)
Log Message
Fix authentication with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=153779
Reviewed by Brady Eidson.
This fixes many tests, including http/tests/xmlhttprequest/cross-origin-authorization.html.
* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::NetworkLoad):
NetworkingContexts are not used with NetworkSession. NetworkSession is used instead.
Pass allowStoredCredentials to the NetworkLoad so it knows whether to use a session with credential storage or not.
(WebKit::NetworkLoad::didReceiveChallenge):
Always call continueCanAuthenticateAgainstProtectionSpace because we might need credentials for synchronous requests.
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
Reject the protection space if we cannot authenticate against this protection space.
If the protection space is not password-based (such as ServerTrustEvaluationRequested) and we can authenticate against this protection space,
then perform default handling instead of asking the UI process for a password, which wouldn't mean anything.
* NetworkProcess/NetworkLoad.h:
* NetworkProcess/NetworkSession.h:
Use a NSURLSession with configuration.URLCredentialStorage = nil but with the same cookie storage for requests without credentials.
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::NetworkSession::NetworkSession):
(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::dataTaskForIdentifier):
(WebKit::NetworkSession::takeDownloadID):
(WebKit::NetworkDataTask::NetworkDataTask):
* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace):
Always send a reply message so we can always do the callbacks of NSURLSession delegates.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (196033 => 196034)
--- trunk/Source/WebKit2/ChangeLog 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/ChangeLog 2016-02-02 23:42:40 UTC (rev 196034)
@@ -1,3 +1,35 @@
+2016-02-02 Alex Christensen <[email protected]>
+
+ Fix authentication with NetworkSession
+ https://bugs.webkit.org/show_bug.cgi?id=153779
+
+ Reviewed by Brady Eidson.
+
+ This fixes many tests, including http/tests/xmlhttprequest/cross-origin-authorization.html.
+
+ * NetworkProcess/NetworkLoad.cpp:
+ (WebKit::NetworkLoad::NetworkLoad):
+ NetworkingContexts are not used with NetworkSession. NetworkSession is used instead.
+ Pass allowStoredCredentials to the NetworkLoad so it knows whether to use a session with credential storage or not.
+ (WebKit::NetworkLoad::didReceiveChallenge):
+ Always call continueCanAuthenticateAgainstProtectionSpace because we might need credentials for synchronous requests.
+ (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+ Reject the protection space if we cannot authenticate against this protection space.
+ If the protection space is not password-based (such as ServerTrustEvaluationRequested) and we can authenticate against this protection space,
+ then perform default handling instead of asking the UI process for a password, which wouldn't mean anything.
+ * NetworkProcess/NetworkLoad.h:
+ * NetworkProcess/NetworkSession.h:
+ Use a NSURLSession with configuration.URLCredentialStorage = nil but with the same cookie storage for requests without credentials.
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (WebKit::NetworkSession::NetworkSession):
+ (WebKit::NetworkSession::~NetworkSession):
+ (WebKit::NetworkSession::dataTaskForIdentifier):
+ (WebKit::NetworkSession::takeDownloadID):
+ (WebKit::NetworkDataTask::NetworkDataTask):
+ * WebProcess/Network/WebResourceLoader.cpp:
+ (WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace):
+ Always send a reply message so we can always do the callbacks of NSURLSession delegates.
+
2016-02-01 Dave Hyatt <[email protected]>
Add a line grid pagination SPI to WebKit.
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (196033 => 196034)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-02-02 23:42:40 UTC (rev 196034)
@@ -46,12 +46,14 @@
NetworkLoad::NetworkLoad(NetworkLoadClient& client, const NetworkLoadParameters& parameters)
: m_client(client)
, m_parameters(parameters)
+#if !USE(NETWORK_SESSION)
, m_networkingContext(RemoteNetworkingContext::create(parameters.sessionID, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect))
+#endif
, m_currentRequest(parameters.request)
{
#if USE(NETWORK_SESSION)
if (auto* networkSession = SessionTracker::networkSession(parameters.sessionID)) {
- m_task = std::make_unique<NetworkDataTask>(*networkSession, *this, parameters.request);
+ m_task = std::make_unique<NetworkDataTask>(*networkSession, *this, parameters.request, parameters.allowStoredCredentials);
if (!parameters.defersLoading)
m_task->resume();
} else
@@ -193,21 +195,21 @@
// Handle server trust evaluation at platform-level if requested, for performance reasons.
if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested
&& !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
- completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
+ completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, Credential());
return;
}
+ m_challengeCompletionHandler = completionHandler;
+ m_challenge = challenge;
+
if (m_client.isSynchronous()) {
// FIXME: We should ask the WebProcess like the asynchronous case below does.
// This is currently impossible as the WebProcess is blocked waiting on this synchronous load.
// It's possible that we can jump straight to the UI process to resolve this.
- completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
+ continueCanAuthenticateAgainstProtectionSpace(true);
return;
- }
-
- m_challengeCompletionHandler = completionHandler;
- m_challenge = challenge;
- m_client.canAuthenticateAgainstProtectionSpaceAsync(challenge.protectionSpace());
+ } else
+ m_client.canAuthenticateAgainstProtectionSpaceAsync(challenge.protectionSpace());
}
void NetworkLoad::didReceiveResponse(const ResourceResponse& response, ResponseCompletionHandler completionHandler)
@@ -322,6 +324,11 @@
ASSERT(m_challengeCompletionHandler);
auto completionHandler = WTFMove(m_challengeCompletionHandler);
if (!result) {
+ completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, Credential());
+ return;
+ }
+
+ if (!m_challenge.protectionSpace().isPasswordBased()) {
completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
return;
}
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h (196033 => 196034)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h 2016-02-02 23:42:40 UTC (rev 196034)
@@ -122,7 +122,6 @@
NetworkLoadClient& m_client;
const NetworkLoadParameters m_parameters;
- RefPtr<RemoteNetworkingContext> m_networkingContext;
#if USE(NETWORK_SESSION)
std::unique_ptr<NetworkDataTask> m_task;
WebCore::AuthenticationChallenge m_challenge;
@@ -130,6 +129,7 @@
ResponseCompletionHandler m_responseCompletionHandler;
RedirectCompletionHandler m_redirectCompletionHandler;
#else
+ RefPtr<RemoteNetworkingContext> m_networkingContext;
RefPtr<WebCore::ResourceHandle> m_handle;
#endif
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkSession.h (196033 => 196034)
--- trunk/Source/WebKit2/NetworkProcess/NetworkSession.h 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkSession.h 2016-02-02 23:42:40 UTC (rev 196034)
@@ -35,6 +35,7 @@
#include "DownloadID.h"
#include <WebCore/FrameLoaderTypes.h>
+#include <WebCore/ResourceHandleTypes.h>
#include <WebCore/SessionID.h>
#include <wtf/HashMap.h>
#include <wtf/Ref.h>
@@ -84,7 +85,7 @@
class NetworkDataTask {
friend class NetworkSession;
public:
- explicit NetworkDataTask(NetworkSession&, NetworkSessionTaskClient&, const WebCore::ResourceRequest&);
+ explicit NetworkDataTask(NetworkSession&, NetworkSessionTaskClient&, const WebCore::ResourceRequest&, WebCore::StoredCredentials);
void suspend();
void cancel();
@@ -146,7 +147,8 @@
HashMap<NetworkDataTask::TaskIdentifier, NetworkDataTask*> m_dataTaskMap;
HashMap<NetworkDataTask::TaskIdentifier, DownloadID> m_downloadMap;
#if PLATFORM(COCOA)
- RetainPtr<NSURLSession> m_session;
+ RetainPtr<NSURLSession> m_sessionWithCredentialStorage;
+ RetainPtr<NSURLSession> m_sessionWithoutCredentialStorage;
RetainPtr<WKNetworkSessionDelegate> m_sessionDelegate;
#endif
};
Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm (196033 => 196034)
--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2016-02-02 23:42:40 UTC (rev 196034)
@@ -233,12 +233,15 @@
if (CFHTTPCookieStorageRef storage = storageSession->cookieStorage().get())
configuration.HTTPCookieStorage = [[[NSHTTPCookieStorage alloc] _initWithCFHTTPCookieStorage:storage] autorelease];
}
- m_session = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
+ m_sessionWithCredentialStorage = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
+ configuration.URLCredentialStorage = nil;
+ m_sessionWithoutCredentialStorage = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
}
NetworkSession::~NetworkSession()
{
- [m_session invalidateAndCancel];
+ [m_sessionWithCredentialStorage invalidateAndCancel];
+ [m_sessionWithoutCredentialStorage invalidateAndCancel];
}
NetworkDataTask* NetworkSession::dataTaskForIdentifier(NetworkDataTask::TaskIdentifier taskIdentifier)
@@ -270,7 +273,7 @@
return downloadID;
}
-NetworkDataTask::NetworkDataTask(NetworkSession& session, NetworkSessionTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials)
+NetworkDataTask::NetworkDataTask(NetworkSession& session, NetworkSessionTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, WebCore::StoredCredentials storedCredentials)
: m_session(session)
, m_client(client)
{
@@ -280,9 +283,12 @@
m_user = request.url().user();
m_password = request.url().pass();
request.removeCredentials();
+
+ if (storedCredentials == WebCore::AllowStoredCredentials)
+ m_task = [m_session.m_sessionWithCredentialStorage dataTaskWithRequest:request.nsURLRequest(WebCore::UpdateHTTPBody)];
+ else
+ m_task = [m_session.m_sessionWithoutCredentialStorage dataTaskWithRequest:request.nsURLRequest(WebCore::UpdateHTTPBody)];
- m_task = [m_session.m_session dataTaskWithRequest:request.nsURLRequest(WebCore::UpdateHTTPBody)];
-
ASSERT(!m_session.m_dataTaskMap.contains(taskIdentifier()));
m_session.m_dataTaskMap.add(taskIdentifier(), this);
}
Modified: trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp (196033 => 196034)
--- trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2016-02-02 23:42:40 UTC (rev 196034)
@@ -207,11 +207,8 @@
#if USE(PROTECTION_SPACE_AUTH_CALLBACK)
void WebResourceLoader::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
{
- if (!m_coreLoader)
- return;
+ bool result = m_coreLoader ? m_coreLoader->canAuthenticateAgainstProtectionSpace(protectionSpace) : false;
- bool result = m_coreLoader->canAuthenticateAgainstProtectionSpace(protectionSpace);
-
send(Messages::NetworkResourceLoader::ContinueCanAuthenticateAgainstProtectionSpace(result));
}
#endif
