Bug 85643

Summary: [BlackBerry] WWW-Authenticate header on 200 response pops up authentication dialog
Product: WebKit Reporter: Liam Quinn <lquinn>
Component: WebKit BlackBerryAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, staikos, tonikitoo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://www.onstar.com/
Attachments:
Description Flags
Patch
none
Patch none

Liam Quinn
Reported 2012-05-04 10:52:52 PDT
If a Web site includes a WWW-Authenticate header on a 200 response, BlackBerry pops up an authentication dialog. Other browsers (Firefox/Chrome/Opera) ignore the WWW-Authenticate header on anything other than a 401 response. This was reported by a user visiting http://www.onstar.com, which oddly provides WWW-Authenticate headers on its 301 and 200 responses.
Attachments
Patch (3.54 KB, patch)
2012-05-04 14:22 PDT, Liam Quinn 		no flags
DetailsFormatted DiffDiff
Patch (3.34 KB, patch)
2012-05-04 14:51 PDT, Liam Quinn 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Liam Quinn
Comment 1 2012-05-04 14:22:06 PDT
Created attachment 140326 [details] Patch
Rob Buis
Comment 2 2012-05-04 14:41:51 PDT
Comment on attachment 140326 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=140326&action=review > Source/WebCore/ChangeLog:11 > + Reviewed by NOBODY (OOPS!). This ChangeLog is not of the correct format. The Reviewed by line should be at the line where "Patch by" is, and I am not sure "Patch by" is needed since you are stated as author in the first line. > ChangeLog:11 > + Reviewed by NOBODY (OOPS!). Ditto.
Liam Quinn
Comment 3 2012-05-04 14:51:00 PDT
Created attachment 140331 [details] Patch
Alexey Proskuryakov
Comment 4 2012-05-04 15:42:31 PDT
Why is this a manual test? On at least some platforms, DumpRenderTree/WebKitTestRunner dumps authentication delegate calls, and should be able to test automatically. Also, the test doesn't look platform specific.
George Staikos
Comment 5 2012-05-07 07:24:36 PDT
Comment on attachment 140331 [details] Patch Ok for me. May want to add an automated testcase later if there is a way. I'm not familiar enough to know if we have a way to automatically test this one.
George Staikos
Comment 6 2012-05-07 07:26:16 PDT
(In reply to comment #4) > Why is this a manual test? On at least some platforms, DumpRenderTree/WebKitTestRunner dumps authentication delegate calls, and should be able to test automatically. > > Also, the test doesn't look platform specific. Oops I missed this comment. So we could add a new test that is platform-independent and automated. I think we'll need some help from someone who has done this before. The fix, however, is platform-specific and seems correct.
WebKit Review Bot
Comment 7 2012-05-07 07:31:48 PDT
Comment on attachment 140331 [details] Patch Clearing flags on attachment: 140331 Committed r116308: <http://trac.webkit.org/changeset/116308>
WebKit Review Bot
Comment 8 2012-05-07 07:32:00 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.