Bug 107298

Summary:

XMLHttpRequest re-issued if server returns 401

Product:

WebKit

Reporter:

Victor Costan <costan>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

UNCONFIRMED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.8

URL:

http://jsbin.com/ohehon/1/

Attachments:

Description	Flags
Test case (also in JSBin)	none

Victor Costan

Reported 2013-01-18 09:56:34 PST

Created attachment 183491 [details] Test case (also in JSBin) When Safari issues an XMLHttpRequest and the server returns a 401, Safari seems to repeat the request. If the server uses OAuth, repeating the request triggers an OAuth error, because the nonce is reused. The server returns a 403, which is reported by the XMLHttpRequest. Both Chrome and Firefox report the 401 response from the XMLHttpRequest. The link is to a JSBin that demonstrates this issue with the Dropbox API server, but the bug is applicable to any other OAuth API. To reproduce the issue, click through the pop-up authentication (sign into Dropbox if necessary) and look at the console. Safari shows a 403 error, Chrome and Firefox show a 401 error. I used the Charles proxy to confirm my suspicion that Safari sends a second request to the API server. Any intercepting SSL proxy should do the trick. Please let me know if there is anything else I can do to help investigate this issue.

Attachments
Test case (also in JSBin) (939 bytes, text/html) 2013-01-18 09:56 PST, Victor Costan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.