3420 2005-06-10 13:46:51 -0700 XMLHttpRequest does not handle set-cookie headers 2007-01-05 11:43:05 -0800 1 1 1 Unclassified WebKit XML 412 Mac OS X 10.4 RESOLVED FIXED InRadar P2 Normal --- 1 sullivan ap bugs-webkit ian mrowe oldest_to_newest 11329 0 sullivan 2005-06-10 13:46:51 -0700 This is also in Radar as <rdar://problem/4079527> When sending a login POST to a website with an XMLHttpRequest object in JavaScript, the expected behavior is the creation of a cookie that is reusable later (and ideally reusable by Safari when it directly hits the same domain). However, that does not happen. It appears that XMLHttpRequest is not handing the set-cookie headers that come back from such an action. Attached cookiebug.zip. It's a teardown of a 3rd-party Dashboard widget. To reproduce: 0) Turn off popup blocking. 1) Load CRSX.html. Username is dashboard, password 'tiger' 2) click "Log in normally" you'll be redirected to forums.clubrsx.com. Notice that the front page says "Welcome, dashboard", acknowledging you've logged in. 3) Reload CRSX.html and click the "Clear all cookies" link to start over. 4) Log in again this time using the "Log in using XMLHttpRequest" link The debug div will walk through the submission of the post. The login confirmation from the server will appear as a popup and you'll see the debug div throw out the set-cookie headers that the XMLHttpRequest received. It will also send a 2nd request to the forum FAQ page, which should have a div saying "Welcome, dashboard" assuming the session was persisted. It does not. You can also confirm that cookies.xml has none of the entries listed in the debug div. You can also to go clubrsx.com in a new window after the XMLHttpRequest login and see that it does not recognize that you've logged in. 11330 1 2227 sullivan 2005-06-10 13:47:24 -0700 Created attachment 2227 12935 2 2227 sullivan 2005-06-23 09:28:35 -0700 Comment on attachment 2227 Removed attachment as it contained login information. 37307 3 12186 ap 2007-01-03 06:39:34 -0800 Created attachment 12186 test case I cannot reproduce this problem with shipping Safari or TOT. Here is a test case, since we didn't have this behavior covered. 37227 4 ap 2007-01-03 11:35:52 -0800 Test committed revision 18549. 37259 5 mrowe 2007-01-03 18:10:05 -0800 I'm seeing this test failing locally in a debug build of r18568. --- /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/LayoutTests/http/tests/xmlhttprequest/cookies-expected.txt 2007-01-04 10:51:32.000000000 +1100 +++ /tmp/layout-test-results/http/tests/xmlhttprequest/cookies-actual.txt 2007-01-04 12:57:04.000000000 +1100 @@ -1,4 +1,4 @@ Tests for bug 3420: XMLHttpRequest does not handle set-cookie headers. -SUCCESS +FAIL: the cookie was not set 37191 6 ap 2007-01-04 02:06:37 -0800 Could you please tell more about the failure? 1. Is this on Tiger or Leopard? 2. Does this test fail with shipping Safari? 3. Does it fail with a nightly build (without DRT)? 37058 7 mrowe 2007-01-04 16:48:46 -0800 I'm on Tiger. I've narrowed the problem down somewhat -- the test fails when the URL is <http://127.0.0.1:8000/xmlhttprequest/cookies.html>, but passes when it is <http://localhost:8000/xmlhttprequest/cookies.html>. The same behaviour occurs in DRT, Safari with WebKit 418.9.1, and Safari with ToT WebKit. 36878 8 12241 ap 2007-01-05 11:40:04 -0800 Created attachment 12241 fix the test The test failed if there were other cookies already present for 127.0.0.1. I accounted for that in .html, but not in .cgi; fixed. 36879 9 12241 darin 2007-01-05 11:40:56 -0800 Comment on attachment 12241 fix the test r=me 36880 10 ap 2007-01-05 11:43:05 -0800 Committed revision 18620. 12186 2007-01-03 06:39:34 -0800 2007-01-03 11:05:40 -0800 test case 3420r1_patch.txt text/plain 3877 ap SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9D aGFuZ2VMb2cJKHJldmlzaW9uIDE4NTQ1KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3Jr aW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMDctMDEtMDMgIEFsZXhleSBQcm9za3VyeWFr b3YgIDxhcEB3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFRlc3QgZm9yIGh0dHA6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTM0MjAKKyAgICAgICAgWE1MSHR0cFJlcXVlc3QgZG9lcyBub3QgaGFuZGxlIHNldC1jb29r aWUgaGVhZGVycworCisgICAgICAgICogaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9jb29raWVz LWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogaHR0cC90ZXN0cy94bWxodHRwcmVxdWVz dC9jb29raWVzLmh0bWw6IEFkZGVkLgorICAgICAgICAqIGh0dHAvdGVzdHMveG1saHR0cHJlcXVl c3QvcmVzb3VyY2VzL2dldC1zZXQtY29va2llLmNnaTogQWRkZWQuCisKIDIwMDctMDEtMDIgIFNh bSBXZWluaWcgIDxzYW1Ad2Via2l0Lm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBBbmRlcnMu CkluZGV4OiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nvb2tpZXMtZXhw ZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJl cXVlc3QvY29va2llcy1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9o dHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nvb2tpZXMtZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAw KQpAQCAtMCwwICsxLDQgQEAKK1Rlc3RzIGZvciBidWcgMzQyMDogWE1MSHR0cFJlcXVlc3QgZG9l cyBub3QgaGFuZGxlIHNldC1jb29raWUgaGVhZGVycy4KKworU1VDQ0VTUworCgpQcm9wZXJ0eSBj aGFuZ2VzIG9uOiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nvb2tpZXMt ZXhwZWN0ZWQudHh0Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18KTmFtZTogc3ZuOm1pbWUtdHlwZQogICArIHRleHQvcGxh aW4KTmFtZTogc3ZuOmVvbC1zdHlsZQogICArIG5hdGl2ZQoKSW5kZXg6IExheW91dFRlc3RzL2h0 dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY29va2llcy5odG1sCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91 dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY29va2llcy5odG1sCShyZXZpc2lvbiAw KQorKysgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9jb29raWVzLmh0bWwJ KHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMzMgQEAKKzxodG1sPgorPGJvZHk+Cis8cD5UZXN0cyBm b3IgPGEgaHJlZj0iaHR0cDovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MzQyMCI+ YnVnIDM0MjA8L2E+OgorWE1MSHR0cFJlcXVlc3QgZG9lcyBub3QgaGFuZGxlIHNldC1jb29raWUg aGVhZGVycy48L3A+Cis8ZGl2IGlkPSJyZXN1bHQiPkZBSUw6IHRlc3Qgc2NyaXB0IGRpZG4ndCBy dW4uPC9kaXY+CisKKzxzY3JpcHQ+CisgICAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxl cikKKyAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICAgIAorICAg IHRyeSB7CisgICAgCisgICAgICAgIHJlcSA9IG5ldyBYTUxIdHRwUmVxdWVzdDsKKyAgICAgICAg cmVxLm9wZW4oIlBPU1QiLCAicmVzb3VyY2VzL2dldC1zZXQtY29va2llLmNnaSIsIGZhbHNlKTsK KyAgICAgICAgcmVxLnNlbmQoIiIpOworICAgICAgICBpZiAocmVxLnJlc3BvbnNlVGV4dCAmJiBy ZXEucmVzcG9uc2VUZXh0Lm1hdGNoKC8uKldLLXRlc3Q9MS4qLykpIHsKKyAgICAgICAgICAgIGRv Y3VtZW50LmdldEVsZW1lbnRCeUlkKCJyZXN1bHQiKS5maXJzdENoaWxkLmRhdGEgPSAiRkFJTDog dGhlIGNvb2tpZSBpcyBhbHJlYWR5IHByZXNlbnQuIFBsZWFzZSByZXN0YXJ0IHlvdXIgYnJvd3Nl ciB0byByZW1vdmUgaXQuIjsKKyAgICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAgIHJlcS5vcGVu KCJQT1NUIiwgInJlc291cmNlcy9nZXQtc2V0LWNvb2tpZS5jZ2kiLCBmYWxzZSk7CisgICAgICAg ICAgICByZXEuc2VuZCgiIik7CisgICAgICAgICAgICBpZiAocmVxLnJlc3BvbnNlVGV4dC5tYXRj aCgvLipXSy10ZXN0LXNlY3VyZT0xLiovKSkKKyAgICAgICAgICAgICAgICBkb2N1bWVudC5nZXRF bGVtZW50QnlJZCgicmVzdWx0IikuZmlyc3RDaGlsZC5kYXRhID0gIkZBSUw6IGEgc2VjdXJlIGNv b2tpZSB3YXMgc2VudCB2aWEgSFRUUCI7CisgICAgICAgICAgICBlbHNlIGlmIChyZXEucmVzcG9u c2VUZXh0Lm1hdGNoKC8uKldLLXRlc3Q9MS4qLykpCisgICAgICAgICAgICAgICAgZG9jdW1lbnQu Z2V0RWxlbWVudEJ5SWQoInJlc3VsdCIpLmZpcnN0Q2hpbGQuZGF0YSA9ICJTVUNDRVNTIjsKKyAg ICAgICAgICAgIGVsc2UKKyAgICAgICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgi cmVzdWx0IikuZmlyc3RDaGlsZC5kYXRhID0gIkZBSUw6IHRoZSBjb29raWUgd2FzIG5vdCBzZXQi OworICAgICAgICB9CisgICAgfSBjYXRjaCAoZXgpIHsKKyAgICAgICAgZG9jdW1lbnQuZ2V0RWxl bWVudEJ5SWQoInJlc3VsdCIpLmZpcnN0Q2hpbGQuZGF0YSA9IGV4OworICAgIH0KKzwvc2NyaXB0 PgorPGJvZHk+Cis8L2h0bWw+CgpQcm9wZXJ0eSBjaGFuZ2VzIG9uOiBMYXlvdXRUZXN0cy9odHRw L3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nvb2tpZXMuaHRtbApfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCk5hbWU6IHN2bjpt aW1lLXR5cGUKICAgKyB0ZXh0L2h0bWwKCkluZGV4OiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3ht bGh0dHByZXF1ZXN0L3Jlc291cmNlcy9nZXQtc2V0LWNvb2tpZS5jZ2kKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g TGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9yZXNvdXJjZXMvZ2V0LXNldC1j b29raWUuY2dpCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRw cmVxdWVzdC9yZXNvdXJjZXMvZ2V0LXNldC1jb29raWUuY2dpCShyZXZpc2lvbiAwKQpAQCAtMCww ICsxLDkgQEAKKyMhL3Vzci9iaW4vcGVybCAtdworCitwcmludCAiQ29udGVudC10eXBlOiB0ZXh0 L3BsYWluXG4iOyAKK2lmICgkRU5WeyJIVFRQX0NPT0tJRSJ9KSB7CisgICAgcHJpbnQgIlxuJEVO VntcIkhUVFBfQ09PS0lFXCJ9XG4iOworfSBlbHNlIHsKKyAgICBwcmludCAiU2V0LUNvb2tpZTog V0stdGVzdD0xXG4iOworICAgIHByaW50ICJTZXQtQ29va2llOiBXSy10ZXN0LXNlY3VyZT0xOyBz ZWN1cmVcblxuIjsKK30KClByb3BlcnR5IGNoYW5nZXMgb246IExheW91dFRlc3RzL2h0dHAvdGVz dHMveG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2dldC1zZXQtY29va2llLmNnaQpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Ck5hbWU6IHN2bjpleGVjdXRhYmxlCiAgICsgKgpOYW1lOiBzdm46ZW9sLXN0eWxlCiAgICsgTEYK Cg== 12241 2007-01-05 11:40:04 -0800 2007-01-05 11:40:56 -0800 fix the test 3420fix.txt text/plain 1380 ap SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9D aGFuZ2VMb2cJKHJldmlzaW9uIDE4NjE5KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3Jr aW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMDctMDEtMDUgIEFsZXhleSBQcm9za3VyeWFr b3YgIDxhcEB3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFRlc3QgZm9yIGh0dHA6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTM0MjAKKyAgICAgICAgWE1MSHR0cFJlcXVlc3QgZG9lcyBub3QgaGFuZGxlIHNldC1jb29r aWUgaGVhZGVycworCisgICAgICAgICogaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9yZXNvdXJj ZXMvZ2V0LXNldC1jb29raWUuY2dpOgorICAgICAgICBTZXQgdGhlIGNvb2tpZXMgdW5jb25kaXRp b25hbGx5IChwcmV2aW91c2x5LCB0aGUgdGVzdCBmYWlsZWQgaWYgdGhlcmUgCisgICAgICAgIHdl cmUgb3RoZXIgY29va2llcyBmb3IgMTI3LjAuMC4xOjgwMDAuCisKIDIwMDctMDEtMDQgIEFsZXhl eSBQcm9za3VyeWFrb3YgIDxhcEB3ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IEdl b2ZmLgpJbmRleDogTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9yZXNvdXJj ZXMvZ2V0LXNldC1jb29raWUuY2dpCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVz dHMveG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2dldC1zZXQtY29va2llLmNnaQkocmV2aXNpb24g MTg2MTcpCisrKyBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L3Jlc291cmNl cy9nZXQtc2V0LWNvb2tpZS5jZ2kJKHdvcmtpbmcgY29weSkKQEAgLTEsOSArMSw5IEBACiAjIS91 c3IvYmluL3BlcmwgLXcKIAogcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpblxuIjsgCitw cmludCAiU2V0LUNvb2tpZTogV0stdGVzdD0xXG4iOworcHJpbnQgIlNldC1Db29raWU6IFdLLXRl c3Qtc2VjdXJlPTE7IHNlY3VyZVxuXG4iOworCiBpZiAoJEVOVnsiSFRUUF9DT09LSUUifSkgewot ICAgIHByaW50ICJcbiRFTlZ7XCJIVFRQX0NPT0tJRVwifVxuIjsKLX0gZWxzZSB7Ci0gICAgcHJp bnQgIlNldC1Db29raWU6IFdLLXRlc3Q9MVxuIjsKLSAgICBwcmludCAiU2V0LUNvb2tpZTogV0st dGVzdC1zZWN1cmU9MTsgc2VjdXJlXG5cbiI7CisgICAgcHJpbnQgIiRFTlZ7XCJIVFRQX0NPT0tJ RVwifVxuIjsKIH0K