Bug 78993 (http-511)
| Summary: | Handle HTTP error 511 Network Authentication Required (standard secure proxy authentification/captive portal detection | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | Platform | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | ap |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Nicolas Mailhot
Since
http://code.google.com/p/chromium/issues/detail?id=7338 and
https://bugzilla.mozilla.org/show_bug.cgi?id=479880
there is no clean way for a proxy or captive portal to get a browser to display an authentication dialog when user credentials expire while he is browsing on an https website.
(to be sure, the previous methods were insecure and hackish but they existed because nothing better was available)
The IETF finally set up to fix this problem and defined a standard HTTP error that let access control equipments tell the browser authentication or re-authentication is needed and where the authentication form is located.
http://tools.ietf.org/id/draft-nottingham-http-new-status-04.txt
(since error 511 uses out-of-band authentication it is possible for the browser to only trust specific certs on error 511 and protect the user)
Please add error 511 handling in webkit, or have the ietf draft corrected if it's missing something
→ <http://www.rfc-editor.org/queue2.html#draft-nottingham-http-new-status> (so the spec is approved and in the queue for publication as RFC)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
<rdar://problem/10897053>
Alexey Proskuryakov
Could you please clarify what handling is expected from WebKit? In other words, is there a test suite that we should pass in order to claim victory?
Alexey Proskuryakov
Closing as INVALID, since this is not actionable without a response.