Bug 85643

Summary: [BlackBerry] WWW-Authenticate header on 200 response pops up authentication dialog
Product: WebKit Reporter: Liam Quinn <lquinn>
Component: WebKit BlackBerryAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, staikos, tonikitoo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://www.onstar.com/
Attachments:
Description Flags
Patch
none
Patch none

Description Liam Quinn 2012-05-04 10:52:52 PDT 
If a Web site includes a WWW-Authenticate header on a 200 response, BlackBerry pops up an authentication dialog. Other browsers (Firefox/Chrome/Opera) ignore the WWW-Authenticate header on anything other than a 401 response.

This was reported by a user visiting http://www.onstar.com, which oddly provides WWW-Authenticate headers on its 301 and 200 responses.
Comment 1 Liam Quinn 2012-05-04 14:22:06 PDT 
Created attachment 140326 [details]
Patch
Comment 2 Rob Buis 2012-05-04 14:41:51 PDT 
Comment on attachment 140326 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=140326&action=review

> Source/WebCore/ChangeLog:11
> +        Reviewed by NOBODY (OOPS!).

This ChangeLog is not of the correct format. The Reviewed by line should be at the line where "Patch by" is, and I am not sure "Patch by" is needed since you are stated as author in the first line.

> ChangeLog:11
> +        Reviewed by NOBODY (OOPS!).

Ditto.
Comment 3 Liam Quinn 2012-05-04 14:51:00 PDT 
Created attachment 140331 [details]
Patch
Comment 4 Alexey Proskuryakov 2012-05-04 15:42:31 PDT 
Why is this a manual test? On at least some platforms, DumpRenderTree/WebKitTestRunner dumps authentication delegate calls, and should be able to test automatically.

Also, the test doesn't look platform specific.
Comment 5 George Staikos 2012-05-07 07:24:36 PDT 
Comment on attachment 140331 [details]
Patch

Ok for me.  May want to add an automated testcase later if there is a way.  I'm not familiar enough to know if we have a way to automatically test this one.
Comment 6 George Staikos 2012-05-07 07:26:16 PDT 
(In reply to comment #4)
> Why is this a manual test? On at least some platforms, DumpRenderTree/WebKitTestRunner dumps authentication delegate calls, and should be able to test automatically.
> 
> Also, the test doesn't look platform specific.

Oops I missed this comment.  So we could add a new test that is platform-independent and automated.  I think we'll need some help from someone who has done this before.  The fix, however, is platform-specific and seems correct.
Comment 7 WebKit Review Bot 2012-05-07 07:31:48 PDT 
Comment on attachment 140331 [details]
Patch

Clearing flags on attachment: 140331

Committed r116308: <http://trac.webkit.org/changeset/116308>
Comment 8 WebKit Review Bot 2012-05-07 07:32:00 PDT 
All reviewed patches have been landed.  Closing bug.