Bug 113159

Summary:

Use session persistence in ResourceHandle::didReceiveAuthenticationChallenge() in CFNetwork loader to match Foundation one

Product:

WebKit

Reporter:

Pratik Solanki <psolanki>

Component:

Platform

Assignee:

Pratik Solanki <psolanki>

Status:

NEW

Severity:

Normal

CC:

ap, psolanki

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	ap: review-

Pratik Solanki

Reported 2013-03-24 15:18:54 PDT

Looking at ResourceHandle::didReceiveAuthenticationChallenge() implementation, I see ResourceHandleMac.mm if (!d->m_user.isNull() && !d->m_pass.isNull()) { NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user password:d->m_pass persistence:NSURLCredentialPersistenceForSession]; ... } And ResourceHandleCFNet.cpp has if (!d->m_user.isNull() && !d->m_pass.isNull()) { RetainPtr<CFURLCredentialRef> credential = adoptCF(CFURLCredentialCreate(kCFAllocatorDefault, d->m_user.createCFString().get(), d->m_pass.createCFString().get(), 0, kCFURLCredentialPersistenceNone)); ... } Note that we use NSURLCredentialPersistenceForSession in one and kCFURLCredentialPersistenceNone in the other. The CFNetwork loader should use session persistence.

Attachments
Patch (1.81 KB, patch) 2013-03-24 15:29 PDT, Pratik Solanki	ap: review-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Pratik Solanki

Comment 1 2013-03-24 15:29:10 PDT

Created attachment 194770 [details] Patch

Alexey Proskuryakov

Comment 2 2013-03-24 17:14:29 PDT

Comment on attachment 194770 [details] Patch This is super confusing, but I think that they actually match now. The reason is that Mac version calls ResourceHandle::receivedCredential, which changes persistence to None, while CFNet calls CFURLConnectionUseCredential directly.

Pratik Solanki

Comment 3 2013-03-24 18:12:55 PDT

You're right. It will set it to none. Should we call receivedCredential() in ResourceHandleCFNet.cpp?

Alexey Proskuryakov

Comment 4 2013-03-24 20:43:58 PDT

The credentials code is not quite parallel between Mac and CFNet versions, because APIs are different. Generally, we obviously want the code to be as similar as possible, and ideally shared. I do not remember if there was a specific reason why these parts had be be different.

Alexey Proskuryakov

Comment 5 2013-03-25 13:51:18 PDT

Also, the idea behind Mac code is that setting persistence to None is an implementation detail of how CredentialStorage works, as semantically it's still session persistence. Eventually we'll remove CredentialStorage completely (probably by using a separate storage session for cross-origin requests).

Note You need to log in before you can comment on or make changes to this bug.