Bug 135241

Summary:

[Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases

Product:

WebKit

Reporter:

mitz

Component:

WebKit2

Assignee:

mitz

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, beidson

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa	ap: review+

Description mitz 2014-07-24 10:07:06 PDT

WebProtectionSpace::receivesCredentialSecurely uses the generic test in WebCore::ProtectionSpace (perhaps soon to be in ProtectionSpaceBase), rather than -[NSURLProtectionSpace receivesCredentialSecurely]. This leads to false negatives, such as in the case of an HTTP server with NEGO/NTLM authentication. This causes the authentication sheet in Safari to falsely say that the password will be sent unencrypted.

Comment 1 mitz 2014-07-24 22:33:19 PDT

Created attachment 235502 [details]
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa

Comment 2 mitz 2014-07-25 09:40:26 PDT

Fixed in <http://trac.webkit.org/r171599>.