I'm developing an application that URI that has a semicolon in the path part of the URI (not the query string) and Webkit is not able to access it when it is protected with Basic Authentication. Semicolons in query strings work fine, but its when its in the paths like the following that cause problems: http://www.example.com/admin/books;all http://www.example.com/admin/books;all?sort=author When typing in the URI, the page flickers for a second, but does nothing. I can see in the server logs that a request was sent to the server, and the server responded with a 401 Unauthorized status. The browser does not attempt to prompt for a password. Also in cases where the password has already been entered for that realm, the browser does not automatically send the correct authentication information to the server. I have tested this with multiple different URIs, and the behaviour is consistent. All URIs *without* semicolons work fine however.
Reporter, do you have a publicly accessible URL where this can be reproduced?
Here's a test page I just set up: http://onautopilot.com/test;webkit This works fine with Firefox, but not with the Webkit Nightly build 15614 or Safari 2.0.4. This test is set up with Apache 2.2 and mod_auth_basic, but I originally experienced the problem in a Ruby on Rails project, using Mongrel (web server) and the simple_http_auth rails plugin.
I can reproduce this with ToT WebKit. A sniff of the network shows WebKit making the request, and receving a 401 Unauthorized response back. It never prompts for authentication details. Safari's Activity Monitor window shows "error" next to the URL. It's quite possible that this bug may be outside of WebKit, either in Safari or the URL loading subsystem.
(In reply to comment #2) > > http://onautopilot.com/test;webkit When testing use the username "test" and the password "test" to attempt to access the URL.
As you mentioned this, it occurred to me that <http://test:test@onautopilot.com/test;webkit> may work differently -- eg, it might send the credentials on the first request and thus succeed. No such luck. The same symptoms occur.
(In reply to comment #3) > It's quite possible that this bug may be outside of WebKit, either in Safari or > the URL loading subsystem. Certainly looks like the latter - the very first delegate method that's invoked is -[WebLoader connection:didFailWithError:]. We don't even get -[WebLoader connection:willSendRequest:redirectResponse:]. The error is: NSError "Error NSURLErrorDomain -1012" Domain=NSURLErrorDomain Code=-1012 UserInfo={ NSErrorFailingURLKey = http://onautopilot.com/test;webkit; NSErrorFailingURLStringKey = "http://onautopilot.com/test;webkit"; } -1012 is NSURLErrorUserCancelledAuthentication. I think it may be useful for us to make a reduction before filing a Radar.
It doesn't look like I'll get to making a reduction soon, sorry. Reporter, could you please file this issue at <http://bugreport.apple.com>, mentioning this report, and then post the bug id here?
I've entered this into Apple's Radar as: <rdar://problem/4853103> WebKit #10073: URI with semicolon in the path can't be accessed w/basic authentication
My original bug was marked as a duplicate to: <rdar://problem/4222767> URLs with semicolons don't work with HTTP authentication So, it is good that it is getting noticed. :-)
This issue was below WebKit in the HTTP layer and it has been fixed in Mac OS X 10.5. Closing as invalid to represent that it was not a WebKit bug. Thanks for the bug report.