Summary: | XMLHttpRequest produces undefined:undefined HTTP authentication | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Gary-adam Shannon <gary> | ||||
Component: | XML | Assignee: | Alexey Proskuryakov <ap> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Major | CC: | ap, mrowe | ||||
Priority: | P2 | ||||||
Version: | 420+ | ||||||
Hardware: | Mac | ||||||
OS: | OS X 10.4 | ||||||
URL: | http://www.fulgore.net/prototype.js | ||||||
Attachments: |
|
Description
Gary-adam Shannon
2006-11-17 20:42:14 PST
RoR bug report here (and patch): http://dev.rubyonrails.org/ticket/6638 Thanks for the bug report! Created attachment 11562 [details]
proposed fix
We also have issues with null parameters (and the draft XHR spec also does), but this change seems straightforward and simple enough to be made right away.
Hi Alexey, (In reply to comment #3) > Created an attachment (id=11562) [edit] > proposed fix > > We also have issues with null parameters (and the draft XHR spec also does), > but this change seems straightforward and simple enough to be made right away. Comparing with the RoR patch, there seems to be a difference. That one passes user and password string only if both are defined, your patch passes both when user is defined but password is undefined. I am not too familiar with XHR (yet), but I can imagine this would not make sense? Cheers, Rob. The patch makes open(..., "login", undefined) work like open(..., "login"), which I think is correct. How the latter should work is an open issue still; quoting the current XHR editor's draft: ----------------------------- Issue: Need to look at the password argument. What syntax does it need to match. Can it be UTF-8 on transmission? When it's omitted, do UAs still use the user argument? IE doesn't. ----------------------------- (In reply to comment #4) > Hi Alexey, > > (In reply to comment #3) > > Created an attachment (id=11562) [edit] > > proposed fix > > > > We also have issues with null parameters (and the draft XHR spec also does), > > but this change seems straightforward and simple enough to be made right away. > > Comparing with the RoR patch, there seems to be a difference. That one passes > user and > password string only if both are defined, your patch passes both when user is > defined but > password is undefined. I am not too familiar with XHR (yet), but I can imagine > this would not make sense? ap explained that above scenario behaves like providing a user without a password, which still is an open issue for the specification. For that same reason there are no tests for this in basic-realm.html yet. With that in mind, I am going to r+ it. Cheers, Rob. Comment on attachment 11562 [details]
proposed fix
r=me
Committed revision 17842. |