RESOLVED INVALID 10073
A URI with a semicolon in the path cannot be accessed when using basic authentication 
https://bugs.webkit.org/show_bug.cgi?id=10073
Summary A URI with a semicolon in the path cannot be accessed when using basic authen...
Dan Kubb
Reported 2006-07-23 08:30:28 PDT
I'm developing an application that URI that has a semicolon in the path part of the URI (not the query string) and Webkit is not able to access it when it is protected with Basic Authentication. Semicolons in query strings work fine, but its when its in the paths like the following that cause problems: http://www.example.com/admin/books;all http://www.example.com/admin/books;all?sort=author When typing in the URI, the page flickers for a second, but does nothing. I can see in the server logs that a request was sent to the server, and the server responded with a 401 Unauthorized status. The browser does not attempt to prompt for a password. Also in cases where the password has already been entered for that realm, the browser does not automatically send the correct authentication information to the server. I have tested this with multiple different URIs, and the behaviour is consistent. All URIs *without* semicolons work fine however.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-07-23 22:08:04 PDT
Reporter, do you have a publicly accessible URL where this can be reproduced?
Dan Kubb
Comment 2 2006-07-24 19:29:04 PDT
Here's a test page I just set up: http://onautopilot.com/test;webkit This works fine with Firefox, but not with the Webkit Nightly build 15614 or Safari 2.0.4. This test is set up with Apache 2.2 and mod_auth_basic, but I originally experienced the problem in a Ruby on Rails project, using Mongrel (web server) and the simple_http_auth rails plugin.
Mark Rowe (bdash)
Comment 3 2006-07-24 21:06:48 PDT
I can reproduce this with ToT WebKit. A sniff of the network shows WebKit making the request, and receving a 401 Unauthorized response back. It never prompts for authentication details. Safari's Activity Monitor window shows "error" next to the URL. It's quite possible that this bug may be outside of WebKit, either in Safari or the URL loading subsystem.
Dan Kubb
Comment 4 2006-07-24 21:13:02 PDT
(In reply to comment #2) > > http://onautopilot.com/test;webkit When testing use the username "test" and the password "test" to attempt to access the URL.
Mark Rowe (bdash)
Comment 5 2006-07-24 21:21:02 PDT
As you mentioned this, it occurred to me that <http://test:test@onautopilot.com/test;webkit> may work differently -- eg, it might send the credentials on the first request and thus succeed. No such luck. The same symptoms occur.
Alexey Proskuryakov
Comment 6 2006-07-24 21:45:35 PDT
(In reply to comment #3) > It's quite possible that this bug may be outside of WebKit, either in Safari or > the URL loading subsystem. Certainly looks like the latter - the very first delegate method that's invoked is -[WebLoader connection:didFailWithError:]. We don't even get -[WebLoader connection:willSendRequest:redirectResponse:]. The error is: NSError "Error NSURLErrorDomain -1012" Domain=NSURLErrorDomain Code=-1012 UserInfo={ NSErrorFailingURLKey = http://onautopilot.com/test;webkit; NSErrorFailingURLStringKey = "http://onautopilot.com/test;webkit"; } -1012 is NSURLErrorUserCancelledAuthentication. I think it may be useful for us to make a reduction before filing a Radar.
Alexey Proskuryakov
Comment 7 2006-11-27 11:55:50 PST
It doesn't look like I'll get to making a reduction soon, sorry. Reporter, could you please file this issue at <http://bugreport.apple.com>, mentioning this report, and then post the bug id here?
Ernest Prabhakar
Comment 8 2006-11-28 14:22:22 PST
I've entered this into Apple's Radar as: <rdar://problem/4853103> WebKit #10073: URI with semicolon in the path can't be accessed w/basic authentication
Ernest Prabhakar
Comment 9 2006-12-01 09:59:15 PST
My original bug was marked as a duplicate to: <rdar://problem/4222767> URLs with semicolons don't work with HTTP authentication So, it is good that it is getting noticed. :-)
Mark Rowe (bdash)
Comment 10 2007-11-12 05:55:44 PST
This issue was below WebKit in the HTTP layer and it has been fixed in Mac OS X 10.5. Closing as invalid to represent that it was not a WebKit bug. Thanks for the bug report.
Note You need to log in before you can comment on or make changes to this bug.