Bug 31634

Summary: Ignore realm for proxy protection spaces
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: PlatformAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
proposed patch
darin: review-
updated patch darin: review+

Description Alexey Proskuryakov 2009-11-18 12:21:44 PST 
Realm makes no sense for HTTP(S) proxy authentication. It is not even set in NSURLAuthenticationChallenge's protection space that is sent for HTTP.

This makes it difficult to use stored credentials for Web Socket, as servers so actually send realms for proxy auth. One solution is to not set realm when creating a ProtectionSpace object for proxy auth. I think it would be even better to treat proxy protection spaces with different realms.

One related data point: it looks like the realm isn't stored in Keychain, even for non-proxy credentials.
Comment 1 Alexey Proskuryakov 2009-11-18 12:26:51 PST 
Created attachment 43446 [details]
proposed patch
Comment 2 Alexey Proskuryakov 2009-11-18 13:51:48 PST 
...to treat proxy protection spaces with different realms AS EQUAL
Comment 3 Alexey Proskuryakov 2009-11-18 14:08:57 PST 
> One related data point: it looks like the realm isn't stored in Keychain, even
> for non-proxy credentials.

That may be a lie - perhaps it's just not displayed in UI. Not sure yet.
Comment 4 Darin Adler 2009-11-18 16:14:50 PST 
Comment on attachment 43446 [details]
proposed patch

> +        if (protectionSpace.isProxy())
> +            codeCount -= sizeof(UChar);

Should be sizeof(hashCodes[0]) / sizeof(UChar) or some similar expression, not sizeof(UChar).
Comment 5 Alexey Proskuryakov 2009-11-18 16:54:24 PST 
Created attachment 43472 [details]
updated patch
Comment 6 Alexey Proskuryakov 2009-11-19 09:44:04 PST 
Committed <http://trac.webkit.org/changeset/51189>.