Bug 28431

Summary:

Application Cache doesn't work with HTTP authentication

Product:

WebKit

Reporter:

Alexey Proskuryakov <ap>

Component:

WebCore Misc.

Assignee:

Alexey Proskuryakov <ap>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
proposed fix	darin: review+

Description Alexey Proskuryakov 2009-08-18 10:18:05 PDT

When updating an application cache, the user is not asked for credentials, which makes sense. However, credentials that already exist in credential storage also aren't used.

I'm not sure if it makes huge sense to cache authenticated resources - once they are cached, they become available to anyone who asks, even after browser restart. Also, there is no way to make appcache store several versions of content that depends on user identity (cookies have the same problem). But if web developers want to, we probably shouldn't stop them. This works in Firefox, FWIW.

Comment 1 Alexey Proskuryakov 2009-08-18 10:27:18 PDT

Created attachment 35048 [details]
proposed fix

Comment 2 Darin Adler 2009-08-18 10:29:42 PDT

Comment on attachment 35048 [details]
proposed fix

> +    // For normal resource loading, WebKit client is asked about each resource individually. Since application cache does not belong to any particular document,
> +    // the existing client callback cannot be used, and just assume that any client that enables application cache also wants it to use credential storage.

Should say "so assume" rather than "and just assume".

r=me

Comment 3 Alexey Proskuryakov 2009-08-18 12:04:04 PDT

Committed revision 47439.