// The scheme might have changed, but the server type shouldn't have! BLACKBERRY_ASSERT(serverType == oldSpace.serverType()); That comment is wrong - the server type could change if we contact a site taking HTTP auth, through an HTTP proxy taking auth of its own. First we get a 407 from the proxy, and then when get passed the proxy, we get a 401 from the end site - so notifyAuthReceived gets called again with auth type Proxy instead of HTTP. The correct thing to do when that happens is skip the "update the auth type in the credentials" step, since these are actually new credentials and not just credentials being reused for a different auth type on the same server.
Created attachment 174524 [details] fix
Created attachment 174526 [details] fix first pathc had a typo
Comment on attachment 174526 [details] fix LGTM.
Comment on attachment 174526 [details] fix Clearing flags on attachment: 174526 Committed r134853: <http://trac.webkit.org/changeset/134853>
All reviewed patches have been landed. Closing bug.