135241 – [Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases

RESOLVED FIXED 135241

[Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases

https://bugs.webkit.org/show_bug.cgi?id=135241

Summary [Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns fa...

mitz

Reported 2014-07-24 10:07:06 PDT

WebProtectionSpace::receivesCredentialSecurely uses the generic test in WebCore::ProtectionSpace (perhaps soon to be in ProtectionSpaceBase), rather than -[NSURLProtectionSpace receivesCredentialSecurely]. This leads to false negatives, such as in the case of an HTTP server with NEGO/NTLM authentication. This causes the authentication sheet in Safari to falsely say that the password will be sent unencrypted.

Attachments
Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa (3.35 KB, patch) 2014-07-24 22:33 PDT, mitz	ap: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

mitz

Comment 1 2014-07-24 22:33:19 PDT

Created attachment 235502 [details] Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa

mitz

Comment 2 2014-07-25 09:40:26 PDT

Fixed in <http://trac.webkit.org/r171599>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

mitz

Reported

2014-07-24 10:07 PDT

Modified

2014-07-25 09:40 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks