RESOLVED FIXED 24804
[GTK] 401 responses cause rogue content to be loaded 
https://bugs.webkit.org/show_bug.cgi?id=24804
Summary [GTK] 401 responses cause rogue content to be loaded
Gustavo Noronha (kov)
Reported 2009-03-25 10:18:46 PDT
Since my change to unspecial-case most responses >= 400, when first loading a page that requires HTTP basic authentication, the error message will be loaded along with the content. This bug is here to track fixing this regression.
Attachments
2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> (2.39 KB, patch)
2009-03-25 10:20 PDT, Gustavo Noronha (kov) 		no flags
DetailsFormatted DiffDiff
2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> (4.00 KB, patch)
2009-03-25 11:16 PDT, Gustavo Noronha (kov) 		zecke: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Gustavo Noronha (kov)
Comment 1 2009-03-25 10:20:11 PDT
Created attachment 28934 [details] 2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> Reviewed by NOBODY (OOPS!). https://bugs.webkit.org/show_bug.cgi?id=24804 [GTK] 401 responses cause rogue content to be loaded Our soup code handles 401 responses itself, so we should not feed the headers and data of those responses to the loader. * platform/network/soup/ResourceHandleSoup.cpp: (WebCore::gotHeadersCallback): (WebCore::gotChunkCallback): --- WebCore/ChangeLog | 14 ++++++++++++++ .../platform/network/soup/ResourceHandleSoup.cpp | 8 +++++--- 2 files changed, 19 insertions(+), 3 deletions(-)
Gustavo Noronha (kov)
Comment 2 2009-03-25 11:16:26 PDT
Created attachment 28937 [details] 2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> Reviewed by NOBODY (OOPS!). https://bugs.webkit.org/show_bug.cgi?id=24804 [GTK] 401 responses cause rogue content to be loaded Our soup code handles 401 responses itself, so we should not feed the headers and data of those responses to the loader. * platform/network/soup/ResourceHandleSoup.cpp: (WebCore::gotHeadersCallback): (WebCore::gotChunkCallback): --- WebCore/ChangeLog | 14 ++++++++ .../platform/network/soup/ResourceHandleSoup.cpp | 33 +++++++++++++++++--- 2 files changed, 42 insertions(+), 5 deletions(-)
Holger Freyther
Comment 3 2009-03-25 21:30:08 PDT
Comment on attachment 28937 [details] 2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> > a5cf3ffc4ba04bd9ca5be3cf646f112aee3fe2db > diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog > index 03b7af7..a27bbf0 100644 > --- a/WebCore/ChangeLog > +++ b/WebCore/ChangeLog > @@ -1,3 +1,17 @@ > +2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> > + > + Reviewed by NOBODY (OOPS!). > + > + https://bugs.webkit.org/show_bug.cgi?id=24804 > + [GTK] 401 responses cause rogue content to be loaded > + > + Our soup code handles 401 responses itself, so we should not feed > + the headers and data of those responses to the loader. tabs vs. spaces here? anyway the pre-commit hook would catch these :) > + // For 401, we will accumulate the resource body, and only use it > + // in case authentication with the soup feature doesn't happen > + if (msg->status_code == SOUP_STATUS_UNAUTHORIZED) { > + soup_message_body_set_accumulate(msg->response_body, TRUE); > + return; > + } > + > + // For all the other responses, we handle each chunk ourselves, > + // and we don't need msg->response_body to contain all of the data > + // we got, when we finish downloading. > + soup_message_body_set_accumulate(msg->response_body, FALSE); > + > // The 304 status code (SOUP_STATUS_NOT_MODIFIED) needs to be fed > // into WebCore, as opposed to other kinds of redirections, which > // are handled by soup directly, so we special-case it here and in > // gotChunk. > if (SOUP_STATUS_IS_TRANSPORT_ERROR(msg->status_code) > - || (SOUP_STATUS_IS_REDIRECTION(msg->status_code) && (msg->status_code != SOUP_STATUS_NOT_MODIFIED))) > + || (SOUP_STATUS_IS_REDIRECTION(msg->status_code) && (msg->status_code != SOUP_STATUS_NOT_MODIFIED)) > + || (msg->status_code == SOUP_STATUS_UNAUTHORIZED)) > return; okay, with status->code == SOUP_STATUS_UNAU... we will never reach here... unless soup_message_body_set_accumulate changes the status_code. So can this be removed? > > // We still don't know anything about Content-Type, so we will try > @@ -268,7 +281,8 @@ static void gotHeadersCallback(SoupMessage* msg, gpointer data) > static void gotChunkCallback(SoupMessage* msg, SoupBuffer* chunk, gpointer data) > { > if (SOUP_STATUS_IS_TRANSPORT_ERROR(msg->status_code) > - || (SOUP_STATUS_IS_REDIRECTION(msg->status_code) && (msg->status_code != SOUP_STATUS_NOT_MODIFIED))) > + || (SOUP_STATUS_IS_REDIRECTION(msg->status_code) && (msg->status_code != SOUP_STATUS_NOT_MODIFIED)) > + || (msg->status_code == SOUP_STATUS_UNAUTHORIZED)) > return; what about an ASSERT(msg->status_code != SOUP_STATUS_UNAUTHORIZED)? Or will gotChunkCallback be called regardles of the body accumulate? otherwise, it looks pretty good.
Holger Freyther
Comment 4 2009-03-26 04:01:59 PDT
Comment on attachment 28937 [details] 2009-03-25 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> Okay. There is agreement on the first hunk (needles return statement) and uncertainty about the ASSERT. I'm saying r=+ based on this, please try the assert first if that does not work go for the current code in gotChunkCallback.
Gustavo Noronha (kov)
Comment 5 2009-03-26 04:44:01 PDT
Landed as r42001; soup will always emit got-chunk at least once, from my reading of the docs/code, so no assert for us.
Note You need to log in before you can comment on or make changes to this bug.