135241 – [Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases

Bug 135241 - [Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases

Summary: [Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns fa...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	mitz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-07-24 10:07 PDT by mitz
Modified:	2014-07-25 09:40 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa (3.35 KB, patch) 2014-07-24 22:33 PDT, mitz	ap: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2014-07-24 10:07:06 PDT

WebProtectionSpace::receivesCredentialSecurely uses the generic test in WebCore::ProtectionSpace (perhaps soon to be in ProtectionSpaceBase), rather than -[NSURLProtectionSpace receivesCredentialSecurely]. This leads to false negatives, such as in the case of an HTTP server with NEGO/NTLM authentication. This causes the authentication sheet in Safari to falsely say that the password will be sent unencrypted.

Comment 1 mitz 2014-07-24 22:33:19 PDT

Created attachment 235502 [details]
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa

Comment 2 mitz 2014-07-25 09:40:26 PDT

Fixed in <http://trac.webkit.org/r171599>.