Bug 28431

Summary: Application Cache doesn't work with HTTP authentication
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: WebCore Misc.Assignee: Alexey Proskuryakov <ap>
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Description Flags
proposed fix darin: review+

Description Alexey Proskuryakov 2009-08-18 10:18:05 PDT
When updating an application cache, the user is not asked for credentials, which makes sense. However, credentials that already exist in credential storage also aren't used.

I'm not sure if it makes huge sense to cache authenticated resources - once they are cached, they become available to anyone who asks, even after browser restart. Also, there is no way to make appcache store several versions of content that depends on user identity (cookies have the same problem). But if web developers want to, we probably shouldn't stop them. This works in Firefox, FWIW.
Comment 1 Alexey Proskuryakov 2009-08-18 10:27:18 PDT
Created attachment 35048 [details]
proposed fix
Comment 2 Darin Adler 2009-08-18 10:29:42 PDT
Comment on attachment 35048 [details]
proposed fix

> +    // For normal resource loading, WebKit client is asked about each resource individually. Since application cache does not belong to any particular document,
> +    // the existing client callback cannot be used, and just assume that any client that enables application cache also wants it to use credential storage.

Should say "so assume" rather than "and just assume".

Comment 3 Alexey Proskuryakov 2009-08-18 12:04:04 PDT
Committed revision 47439.