Bug 87660

Summary:

[BlackBerry] http authentication challenge issue when loading subresource

Product:

WebKit

Reporter:

Jonathan Dong <jonathan.dong.webkit>

Component:

WebKit BlackBerry

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

charles.wei, joenotcharles, leo.yang, rwlbuis, staikos, tonikitoo, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none

Jonathan Dong

Reported 2012-05-28 07:00:53 PDT

RIM PR: 160585 way to reproduce: try to load an digest http authenticated page which has a subresource, e.g. an img tag pointing to a png file which needs the same authentication. the auth challenge dialog would pop up twice, even you've entered the right credentials for the main resource. root cause: we load store the credentials in handleNotifyDone, after finish loading the whole main resource, which is too late. We should do it as soon as we receives the headers which indicate that we've passed the authentication. Then we can find the credential information from CredentialStorage when loading subresource.

Attachments
Patch (2.84 KB, patch) 2012-05-28 07:31 PDT, Jonathan Dong	no flags	Details Formatted Diff Diff
Patch (2.88 KB, patch) 2012-05-28 21:20 PDT, Jonathan Dong	no flags	Details Formatted Diff Diff
Patch (2.88 KB, patch) 2012-05-28 22:10 PDT, Jonathan Dong	no flags	Details Formatted Diff Diff
Patch (2.88 KB, patch) 2012-05-28 22:30 PDT, Jonathan Dong	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Jonathan Dong

Comment 1 2012-05-28 07:31:43 PDT

Created attachment 144357 [details] Patch

Joe Mason

Comment 2 2012-05-28 07:41:45 PDT

LGTM

Rob Buis

Comment 3 2012-05-28 10:31:52 PDT

Comment on attachment 144357 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=144357&action=review Looks good, but can maybe cleaned up some more. > Source/WebCore/ChangeLog:14 > + No new tests because of no behavior changed. No new tests since there is no change in behavior. > Source/WebCore/platform/network/blackberry/NetworkJob.cpp:214 > + // the saved credentials. The comment is quite obvious, and the code below it is readable, maybe not needed. > Source/WebCore/platform/network/blackberry/NetworkJob.cpp:218 > + purgeCredentials(); Is it useful to log the fact that there was an error? How about dealing with isError case first, you do not need the ! operation in that case.

Jonathan Dong

Comment 4 2012-05-28 21:20:59 PDT

Created attachment 144438 [details] Patch

Jonathan Dong

Comment 5 2012-05-28 22:10:54 PDT

Created attachment 144443 [details] Patch

Jonathan Dong

Comment 6 2012-05-28 22:30:25 PDT

Created attachment 144446 [details] Patch

Jonathan Dong

Comment 7 2012-05-28 23:21:14 PDT

(In reply to comment #6) > Created an attachment (id=144446) [details] > Patch after talk with Joe, we agreed to keep the exact same code as before, just move them to notifyStatusReceived. We need to think more before being sure we are right about that, such as 500 or 404 or something else, and we need have more tests. For now the way won't be perfect but at least we won't make things worse.

Rob Buis

Comment 8 2012-05-29 08:31:17 PDT

Hi Jonathan, (In reply to comment #7) > (In reply to comment #6) > > Created an attachment (id=144446) [details] [details] > > Patch > > after talk with Joe, we agreed to keep the exact same code as before, just move them to notifyStatusReceived. We need to think more before being sure we are right about that, such as 500 or 404 or something else, and we need have more tests. For now the way won't be perfect but at least we won't make things worse. So I made my comment because if the isError is true but isUnauthorized is false, we would not report/log this error, isn't that losing information? Hence my log suggestion, why not always log if there is an error? Cheers, Rob.

Joe Mason

Comment 9 2012-05-29 08:35:20 PDT

(In reply to comment #8) > So I made my comment because if the isError is true but isUnauthorized is false, we would not report/log this error, isn't that losing information? Hence my log suggestion, why not always log if there is an error? Of coures we report that error. If isError is true but isUnauthorized is false, it just falls through to existing error handling and doesn't touch the credentials at all.

Rob Buis

Comment 10 2012-05-29 08:52:40 PDT

Comment on attachment 144446 [details] Patch Looks good.

WebKit Review Bot

Comment 11 2012-05-29 09:57:35 PDT

Comment on attachment 144446 [details] Patch Clearing flags on attachment: 144446 Committed r118799: <http://trac.webkit.org/changeset/118799>

WebKit Review Bot

Comment 12 2012-05-29 09:57:41 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.