Bug 182358

Summary: Log error when authentication challenge is blocked due to an insecure request
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, aestes, beidson, bfulgham, cdumez, ews-watchlist, japhet, mkwst, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch and layout tests
none
Patch and layout tests
none
Patch and layout tests aestes: review+

Daniel Bates
Reported 2018-01-31 16:23:47 PST
Log error when authentication challenge is blocked due to an insecure request.
Attachments
Patch and layout tests (36.75 KB, patch)
2018-01-31 16:25 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch and layout tests (36.98 KB, patch)
2018-02-02 16:55 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch and layout tests (37.30 KB, patch)
2018-02-06 10:00 PST, Daniel Bates 		aestes: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2018-01-31 16:25:31 PST
Created attachment 332819 [details] Patch and layout tests
Daniel Bates
Comment 2 2018-02-02 16:55:34 PST
Created attachment 333019 [details] Patch and layout tests Updated patch so that we do not emit a message if the authentication challenge was blocked by the embedding client.
Daniel Bates
Comment 3 2018-02-06 10:00:17 PST
Created attachment 333184 [details] Patch and layout tests Updated patch to make the tests more robust to prevent flakiness caused by the preload scanner.
Andy Estes
Comment 4 2018-02-06 14:11:48 PST
Comment on attachment 333184 [details] Patch and layout tests View in context: https://bugs.webkit.org/attachment.cgi?id=333184&action=review > LayoutTests/http/tests/security/mixedContent/insecure-download-redirects-to-basic-auth-secure-download.https-expected.txt:2 > +CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-pdf.php from asking for credentials because navigated from a secure page or went through an insecure redirect. The phrasing of this message seems off. Perhaps something like "Blocked <url> from asking for credentials because it was navigated to from a secure page or went through an insecure redirect."
Daniel Bates
Comment 5 2018-02-07 10:47:37 PST
(In reply to Andy Estes from comment #4) > Comment on attachment 333184 [details] > Patch and layout tests > > View in context: > https://bugs.webkit.org/attachment.cgi?id=333184&action=review > > > LayoutTests/http/tests/security/mixedContent/insecure-download-redirects-to-basic-auth-secure-download.https-expected.txt:2 > > +CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-pdf.php from asking for credentials because navigated from a secure page or went through an insecure redirect. > > The phrasing of this message seems off. Perhaps something like "Blocked > <url> from asking for credentials because it was navigated to from a secure > page or went through an insecure redirect." Will fix before landing.
Daniel Bates
Comment 6 2018-02-07 10:56:13 PST
Committed r228231: <https://trac.webkit.org/changeset/228231>
Radar WebKit Bug Importer
Comment 7 2018-02-07 10:57:28 PST
<rdar://problem/37319486>
Note You need to log in before you can comment on or make changes to this bug.