Created attachment 207008 [details] Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=207008&action=review This looks cool, I've also wanted to implement this :) > Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:299 > + err = curl_easy_getinfo(h, CURLINFO_EFFECTIVE_URL, &url); The 'err'-s are only set but not used elsewhere, this could cause compiler warnings. > Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:823 > + // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, > + // try and reuse the credential preemptively, as allowed by RFC 2617. I don't know if we should keep this rdar url as we don't have a way to access it.

Created attachment 207083 [details] Patch

(In reply to comment #2) Thanks for reviewing! Updated patch according to comments. > View in context: https://bugs.webkit.org/attachment.cgi?id=207008&action=review > > This looks cool, I've also wanted to implement this :) > > > Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:299 > > + err = curl_easy_getinfo(h, CURLINFO_EFFECTIVE_URL, &url); > > The 'err'-s are only set but not used elsewhere, this could cause compiler warnings. > > > Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:823 > > + // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, > > + // try and reuse the credential preemptively, as allowed by RFC 2617. > > I don't know if we should keep this rdar url as we don't have a way to access it.

Comment on attachment 207083 [details] Patch Nice job! r=me.

(In reply to comment #2) > > Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:823 > > + // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, > > + // try and reuse the credential preemptively, as allowed by RFC 2617. > > I don't know if we should keep this rdar url as we don't have a way to access it. Please leave the rdar tag in place. This is a reminder why we added this code on the CFNetwork side, and I imagine it would be good to have on the cURL side as well. The bug had to do with authentication on certain wireless routers that failed if this case was not handled properly.

Comment on attachment 207083 [details] Patch Clearing flags on attachment: 207083 Committed r152908: <http://trac.webkit.org/changeset/152908>

All reviewed patches have been landed. Closing bug.

(In reply to comment #5) > (From update of attachment 207083 [details]) > Nice job! r=me. Thanks for the review, Brent :)

In this patch,when given username and password was wrong,Will webkit or curl resend the request? And Does WebCore resend the request ? or client? or Curl automatic?

(In reply to comment #10) > In this patch,when given username and password was wrong,Will webkit or curl resend the request? > And Does WebCore resend the request ? or client? or Curl automatic? When given username or password is incorrect, I believe we will receive another 401 response, and give the user another chance to provide credentials. If new credentials are provided, we will give the user/password to curl by calling curl_easy_setopt(curlHandle, CURLOPT_USERPWD, usernameAndPassword). AFAIK this will make curl resend the request automatically.

(In reply to comment #11) > (In reply to comment #10) > > In this patch,when given username and password was wrong,Will webkit or curl resend the request? > > And Does WebCore resend the request ? or client? or Curl automatic? > > When given username or password is incorrect, I believe we will receive another 401 response, and give the user another chance to provide credentials. > If new credentials are provided, we will give the user/password to curl by calling curl_easy_setopt(curlHandle, CURLOPT_USERPWD, usernameAndPassword). > AFAIK this will make curl resend the request automatically. Thanks for your replay. I had met some problems.My browser is developed on WinCE SYS。 I had patched the webcore part of this patch to my browser and code FrameLoaderClientWinCE::dispatchDidReceiveAuthenticationChallenge() as follow: void FrameLoaderClientWinCE::dispatchDidReceiveAuthenticationChallenge(DocumentLoader*, unsigned long, const AuthenticationChallenge& challenge) { String user; String pwd; if (m_webView->requestAuthentication(challenge,user,pwd) == 0) { Credential credential(user,pwd,CredentialPersistenceNone); challenge.authenticationClient()->receivedCredential(challenge,credential); return; } challenge.authenticationClient()->receivedRequestToContinueWithoutCredential(challenge); } In WebView::requestAuthentication()，I will give user a dialog to input username and password. In expect,when visit a website with basic authentication,browser should given user a dialog to input username and password.if username and password is correct,the page will dispaly.if username and password is incorrect,browser should given user a dialog again until user inputs a right username and password or cancel the visit. In actually,on my browser,if user's first input is correct,the request page will be dispalyed. but if the first input is incorrect,whaterver the second input is ,401 error page will be displayed and there is not dialog yet. When degbugging in curl,I find "hand->state.authproblem" has been set to "true" when user inputs wrong usename and password. Then request will be ended with 401 error. I don't know why it does not work well as expectation.Does this patch could implement the expectation as above?

(In reply to comment #12) > (In reply to comment #11) > > (In reply to comment #10) > > > In this patch,when given username and password was wrong,Will webkit or curl resend the request? > > > And Does WebCore resend the request ? or client? or Curl automatic? > > > > When given username or password is incorrect, I believe we will receive another 401 response, and give the user another chance to provide credentials. > > If new credentials are provided, we will give the user/password to curl by calling curl_easy_setopt(curlHandle, CURLOPT_USERPWD, usernameAndPassword). > > AFAIK this will make curl resend the request automatically. > > Thanks for your replay. > I had met some problems.My browser is developed on WinCE SYS。 > I had patched the webcore part of this patch to my browser and code FrameLoaderClientWinCE::dispatchDidReceiveAuthenticationChallenge() as follow: > void FrameLoaderClientWinCE::dispatchDidReceiveAuthenticationChallenge(DocumentLoader*, unsigned long, const AuthenticationChallenge& challenge) > { > String user; > String pwd; > if (m_webView->requestAuthentication(challenge,user,pwd) == 0) > { > Credential credential(user,pwd,CredentialPersistenceNone); > challenge.authenticationClient()->receivedCredential(challenge,credential); > return; > } > > challenge.authenticationClient()->receivedRequestToContinueWithoutCredential(challenge); > } > > In WebView::requestAuthentication()，I will give user a dialog to input username and password. > I think this code looks fine. > In expect,when visit a website with basic authentication,browser should given user a dialog to input username and password.if username and password is correct,the page will dispaly.if username and password is incorrect,browser should given user a dialog again until user inputs a right username and password or cancel the visit. > > In actually,on my browser,if user's first input is correct,the request page will be dispalyed. but if the first input is incorrect,whaterver the second input is ,401 error page will be displayed and there is not dialog yet. > I guess the behaviour also depends on how many times the server will send back a 401 response, before it sends an error page. Have you tried other sites? How does other browsers behave on your test site?