Bug 18682
| Summary: | Page not asking for authentication due to malformed WWW-Authenticate header | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Rob Das <post> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Minor | Keywords: | InRadar |
| Priority: | P2 | ||
| Version: | 525.x (Safari 3.1) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.5 | ||
| URL: | http://docs.idtv.nl | ||
Rob Das
Not showing authentication, Firefox works for the page...
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Rowe (bdash)
The headers the server returns are as follows:
HTTP/1.1 401 Authorization Required
Date: Tue, 22 Apr 2008 21:39:47 GMT
Server: Apache/1.3.33 (Debian GNU/Linux) mod_perl/1.29 PHP/4.3.10-22
X-Powered-By: PHP/4.3.10-22
Set-Cookie: PHPSESSID=98f6cd1bf4b7ead42eeac5db5073533f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
WWW-Authenticate: Basic realm=188044978 SECOND level: Enter your password.
Transfer-Encoding: chunked
Content-Type: text/html
Of particular relevance is the WWW-Authenticate header, the value of which does not appear to follow the format outlined in the HTTP authentication specification (RFC 2617). In particular, the value of the "realm" key is expected to be a quoted string.
Mark Rowe (bdash)
Parsing of WWW-Authenticate headers is handled by the network library that WebKit uses, which is CFNetwork on the Mac. The server really should not be sending malformed WWW-Authenticate headers in the first place, but it would be nice if CFNetwork would handle them more gracefully.
Mark Rowe (bdash)
<rdar://problem/5881924>
Mark Rowe (bdash)
Closing as INVALID to indicate that the problem is outside of WebKit.