Bug 135241

Summary:

[Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases

Product:

WebKit

Reporter:

mitz

Component:

WebKit2

Assignee:

mitz

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, beidson

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa	ap: review+

mitz

Reported 2014-07-24 10:07:06 PDT

WebProtectionSpace::receivesCredentialSecurely uses the generic test in WebCore::ProtectionSpace (perhaps soon to be in ProtectionSpaceBase), rather than -[NSURLProtectionSpace receivesCredentialSecurely]. This leads to false negatives, such as in the case of an HTTP server with NEGO/NTLM authentication. This causes the authentication sheet in Safari to falsely say that the password will be sent unencrypted.

Attachments
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa (3.35 KB, patch) 2014-07-24 22:33 PDT, mitz	ap: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

mitz

Comment 1 2014-07-24 22:33:19 PDT

Created attachment 235502 [details] Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa

mitz

Comment 2 2014-07-25 09:40:26 PDT

Fixed in <http://trac.webkit.org/r171599>.

Note You need to log in before you can comment on or make changes to this bug.