Bug 87660

Summary: [BlackBerry] http authentication challenge issue when loading subresource
Product: WebKit Reporter: Jonathan Dong <jonathan.dong.webkit>
Component: WebKit BlackBerryAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: charles.wei, joenotcharles, leo.yang, rwlbuis, staikos, tonikitoo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch none

Jonathan Dong
Reported 2012-05-28 07:00:53 PDT
RIM PR: 160585 way to reproduce: try to load an digest http authenticated page which has a subresource, e.g. an img tag pointing to a png file which needs the same authentication. the auth challenge dialog would pop up twice, even you've entered the right credentials for the main resource. root cause: we load store the credentials in handleNotifyDone, after finish loading the whole main resource, which is too late. We should do it as soon as we receives the headers which indicate that we've passed the authentication. Then we can find the credential information from CredentialStorage when loading subresource.
Attachments
Patch (2.84 KB, patch)
2012-05-28 07:31 PDT, Jonathan Dong 		no flags
DetailsFormatted DiffDiff
Patch (2.88 KB, patch)
2012-05-28 21:20 PDT, Jonathan Dong 		no flags
DetailsFormatted DiffDiff
Patch (2.88 KB, patch)
2012-05-28 22:10 PDT, Jonathan Dong 		no flags
DetailsFormatted DiffDiff
Patch (2.88 KB, patch)
2012-05-28 22:30 PDT, Jonathan Dong 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Jonathan Dong
Comment 1 2012-05-28 07:31:43 PDT
Created attachment 144357 [details] Patch
Joe Mason
Comment 2 2012-05-28 07:41:45 PDT
LGTM
Rob Buis
Comment 3 2012-05-28 10:31:52 PDT
Comment on attachment 144357 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=144357&action=review Looks good, but can maybe cleaned up some more. > Source/WebCore/ChangeLog:14 > + No new tests because of no behavior changed. No new tests since there is no change in behavior. > Source/WebCore/platform/network/blackberry/NetworkJob.cpp:214 > + // the saved credentials. The comment is quite obvious, and the code below it is readable, maybe not needed. > Source/WebCore/platform/network/blackberry/NetworkJob.cpp:218 > + purgeCredentials(); Is it useful to log the fact that there was an error? How about dealing with isError case first, you do not need the ! operation in that case.
Jonathan Dong
Comment 4 2012-05-28 21:20:59 PDT
Created attachment 144438 [details] Patch
Jonathan Dong
Comment 5 2012-05-28 22:10:54 PDT
Created attachment 144443 [details] Patch
Jonathan Dong
Comment 6 2012-05-28 22:30:25 PDT
Created attachment 144446 [details] Patch
Jonathan Dong
Comment 7 2012-05-28 23:21:14 PDT
(In reply to comment #6) > Created an attachment (id=144446) [details] > Patch after talk with Joe, we agreed to keep the exact same code as before, just move them to notifyStatusReceived. We need to think more before being sure we are right about that, such as 500 or 404 or something else, and we need have more tests. For now the way won't be perfect but at least we won't make things worse.
Rob Buis
Comment 8 2012-05-29 08:31:17 PDT
Hi Jonathan, (In reply to comment #7) > (In reply to comment #6) > > Created an attachment (id=144446) [details] [details] > > Patch > > after talk with Joe, we agreed to keep the exact same code as before, just move them to notifyStatusReceived. We need to think more before being sure we are right about that, such as 500 or 404 or something else, and we need have more tests. For now the way won't be perfect but at least we won't make things worse. So I made my comment because if the isError is true but isUnauthorized is false, we would not report/log this error, isn't that losing information? Hence my log suggestion, why not always log if there is an error? Cheers, Rob.
Joe Mason
Comment 9 2012-05-29 08:35:20 PDT
(In reply to comment #8) > So I made my comment because if the isError is true but isUnauthorized is false, we would not report/log this error, isn't that losing information? Hence my log suggestion, why not always log if there is an error? Of coures we report that error. If isError is true but isUnauthorized is false, it just falls through to existing error handling and doesn't touch the credentials at all.
Rob Buis
Comment 10 2012-05-29 08:52:40 PDT
Comment on attachment 144446 [details] Patch Looks good.
WebKit Review Bot
Comment 11 2012-05-29 09:57:35 PDT
Comment on attachment 144446 [details] Patch Clearing flags on attachment: 144446 Committed r118799: <http://trac.webkit.org/changeset/118799>
WebKit Review Bot
Comment 12 2012-05-29 09:57:41 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.