Bug 13075

Summary: XMLHttpRequest with failed authentication should set status to 401
Product: WebKit Reporter: Jesse Costello-Good <jesse>
Component: XMLAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: annevk, ap
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
Bug Depends on: 14704    
Bug Blocks: 10489, 6871    
Attachments:
Description Flags
test case
none
proposed fix darin: review+

Jesse Costello-Good
Reported 2007-03-14 14:13:21 PDT
The current behavior is to throw an error (NETWORK_ERR: XMLHttpRequest Exception 101) for synchronous requests and set the status to 0 for asynchronous requests. IE and Fx both correctly set the status to 401 for both synchronous and asynchronous requests.
Attachments
test case (1.10 KB, text/html)
2007-07-05 11:55 PDT, Alexey Proskuryakov 		no flags
Details
proposed fix (11.87 KB, patch)
2010-07-09 17:44 PDT, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2007-03-15 04:54:41 PDT
Could you please provide a test case? I did not see this behavior when I was testing autentication in XHR, so I was probably doing something differently.
Jesse Costello-Good
Comment 2 2007-03-15 08:18:14 PDT
Here's 4: var r = new XMLHttpRequest(); r.open("GET", "http://gi.tibco.com/tests/auth2/data1.xml", false); r.send(); assertEquals(401, r.status); var r = new XMLHttpRequest(); r.open("GET", "http://gi.tibco.com/tests/auth2/data1.xml", false, "badname", "passpw"); r.send(); assertEquals(401, r.status); var r = new XMLHttpRequest(); r.open("GET", "http://gi.tibco.com/tests/auth2/data1.xml", true); r.onreadystatechange = function() { if (r.readyState == 4) { assertEquals(401, r.status); } }; r.send(); var r = new XMLHttpRequest(); r.open("GET", "http://gi.tibco.com/tests/auth2/data1.xml", true, "badname", "passpw"); r.onreadystatechange = function() { if (r.readyState == 4) { assertEquals(401, r.status); } }; r.send();
Alexey Proskuryakov
Comment 3 2007-07-05 11:54:27 PDT
Confirmed with r23984. Please note that the current draft of XMLHttpRequest spec just says that "If authentication fails, user agents should prompt the users for credentials." It probably needs to say that the user can be asked for credentials only once, and if that doesn't help, the 401 response is returned.
Alexey Proskuryakov
Comment 4 2007-07-05 11:55:23 PDT
Created attachment 15402 [details] test case A test case that works from LayoutTests/http/tests/xmlhttprequest.
Alexey Proskuryakov
Comment 5 2007-07-30 11:34:31 PDT
The sync (regression) part was fixed in bug 14704. A commented out test for the async case can be found in http/tests/xmlhttprequest/failed-auth.html.
Alexey Proskuryakov
Comment 6 2010-07-09 17:44:28 PDT
Created attachment 61123 [details] proposed fix
Alexey Proskuryakov
Comment 7 2010-07-12 09:59:33 PDT
Fixed on Mac in <http://trac.webkit.org/changeset/63095>. A Windows Safari fix is in closed source code. The fix was to change what happens when the user cancels authentication sheet. Please file new bugs for other aspects that may be still wrong.
Note You need to log in before you can comment on or make changes to this bug.