182358 – Log error when authentication challenge is blocked due to an insecure request

Bug 182358 - Log error when authentication challenge is blocked due to an insecure request

Summary: Log error when authentication challenge is blocked due to an insecure request

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Daniel Bates

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-01-31 16:23 PST by Daniel Bates
Modified:	2018-02-07 10:57 PST (History)
CC List:	10 users (show)

See Also:

Attachments
Patch and layout tests (36.75 KB, patch) 2018-01-31 16:25 PST, Daniel Bates	no flags	Details \| Formatted Diff \| Diff
Patch and layout tests (36.98 KB, patch) 2018-02-02 16:55 PST, Daniel Bates	no flags	Details \| Formatted Diff \| Diff
Patch and layout tests (37.30 KB, patch) 2018-02-06 10:00 PST, Daniel Bates	aestes: review+	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Bates 2018-01-31 16:23:47 PST

Log error when authentication challenge is blocked due to an insecure request.

Comment 1 Daniel Bates 2018-01-31 16:25:31 PST

Created attachment 332819 [details]
Patch and layout tests

Comment 2 Daniel Bates 2018-02-02 16:55:34 PST

Created attachment 333019 [details]
Patch and layout tests

Updated patch so that we do not emit a message if the authentication challenge was blocked by the embedding client.

Comment 3 Daniel Bates 2018-02-06 10:00:17 PST

Created attachment 333184 [details]
Patch and layout tests

Updated patch to make the tests more robust to prevent flakiness caused by the preload scanner.

Comment 4 Andy Estes 2018-02-06 14:11:48 PST

Comment on attachment 333184 [details]
Patch and layout tests

View in context: https://bugs.webkit.org/attachment.cgi?id=333184&action=review

> LayoutTests/http/tests/security/mixedContent/insecure-download-redirects-to-basic-auth-secure-download.https-expected.txt:2
> +CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-pdf.php from asking for credentials because navigated from a secure page or went through an insecure redirect.

The phrasing of this message seems off. Perhaps something like "Blocked <url> from asking for credentials because it was navigated to from a secure page or went through an insecure redirect."

Comment 5 Daniel Bates 2018-02-07 10:47:37 PST

(In reply to Andy Estes from comment #4)
> Comment on attachment 333184 [details]
> Patch and layout tests
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=333184&action=review
> 
> > LayoutTests/http/tests/security/mixedContent/insecure-download-redirects-to-basic-auth-secure-download.https-expected.txt:2
> > +CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-pdf.php from asking for credentials because navigated from a secure page or went through an insecure redirect.
> 
> The phrasing of this message seems off. Perhaps something like "Blocked
> <url> from asking for credentials because it was navigated to from a secure
> page or went through an insecure redirect."

Will fix before landing.

Comment 6 Daniel Bates 2018-02-07 10:56:13 PST

Committed r228231: <https://trac.webkit.org/changeset/228231>

Comment 7 Radar WebKit Bug Importer 2018-02-07 10:57:28 PST

<rdar://problem/37319486>