[webkit-changes] [235631] trunk

[commit-queue]

Title: [235631] trunk

Revision

235631

Author

commit-qu...@webkit.org

Date

2018-09-04 13:37:29 -0700 (Tue, 04 Sep 2018)

Log Message

Adjust XMLHttpRequest username/password precedence rules
https://bugs.webkit.org/show_bug.cgi?id=184910

Patch by Rob Buis <rb...@igalia.com> on 2018-09-04
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Update test result.

* web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:

Source/WebCore:

Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
specify that non null user or non null password ought
to be set on the URL, so implement this.

Behavior matches Firefox and Chrome.

[1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open

Test: xhr/send-authentication-competing-names-passwords.htm

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open):

LayoutTests:

Adjust test because now we do set password on the url in
open(), even if the username is null.

* http/tests/xmlhttprequest/basic-auth.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html
• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/xml/XMLHttpRequest.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (235630 => 235631)

--- trunk/LayoutTests/ChangeLog	2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/ChangeLog	2018-09-04 20:37:29 UTC (rev 235631)
@@ -1,3 +1,15 @@
+2018-09-04  Rob Buis  <rb...@igalia.com>
+
+        Adjust XMLHttpRequest username/password precedence rules
+        https://bugs.webkit.org/show_bug.cgi?id=184910
+
+        Reviewed by Chris Dumez.
+
+        Adjust test because now we do set password on the url in
+        open(), even if the username is null.
+
+        * http/tests/xmlhttprequest/basic-auth.html:
+
 2018-09-03  Dean Jackson  <d...@apple.com>
 
         Move SystemPreview code from WebKitAdditions to WebKit

Modified: trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html (235630 => 235631)

--- trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html	2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html	2018-09-04 20:37:29 UTC (rev 235631)
@@ -49,7 +49,7 @@
     req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync6").replace("http://", "http://sync6:123@"), false, undefined);
     sendAndLogResponse("sync6", req);
 
-    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:123@"), false, undefined, "incorrect");
+    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:incorrect@"), false, undefined, "123");
     sendAndLogResponse("sync7", req);
 
     // async
@@ -97,7 +97,7 @@
             asyncStep = 7;
             log('async6: ' + req.responseText);
             req._onreadystatechange_ = processStateChange;
-            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:123@"), true, undefined, "incorrect");
+            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:incorrect@"), true, undefined, "123");
             req.send("");
           } else if (asyncStep == 7) {
             log('async7: ' + req.responseText);

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (235630 => 235631)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2018-09-04 20:37:29 UTC (rev 235631)
@@ -1,3 +1,14 @@
+2018-09-04  Rob Buis  <rb...@igalia.com>
+
+        Adjust XMLHttpRequest username/password precedence rules
+        https://bugs.webkit.org/show_bug.cgi?id=184910
+
+        Reviewed by Chris Dumez.
+
+        Update test result.
+
+        * web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:
+
 2018-09-04  Andy Estes  <aes...@apple.com>
 
         [Payment Request] PaymentResponse should have an onpayerdetailchange event handler

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt (235630 => 235631)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt	2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt	2018-09-04 20:37:29 UTC (rev 235631)
@@ -5,11 +5,11 @@
 PASS XMLHttpRequest user/pass options: pass in URL, user in open() 
 PASS XMLHttpRequest user/pass options: pass in URL, user/pass in open() 
 PASS XMLHttpRequest user/pass options: user in URL 
-FAIL XMLHttpRequest user/pass options: user in URL, pass in open() assert_equals: responseText should contain the right user and password expected "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n8ae16e77-30e0-4758-8c85-ddbac8ff9923" but got "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n"
+PASS XMLHttpRequest user/pass options: user in URL, pass in open() 
 PASS XMLHttpRequest user/pass options: user/pass in URL 
 PASS XMLHttpRequest user/pass options: user in URL and open() 
 PASS XMLHttpRequest user/pass options: user in URL; user/pass in open() 
 PASS XMLHttpRequest user/pass options: user/pass in URL; user in open() 
-FAIL XMLHttpRequest user/pass options: user/pass in URL; pass in open() assert_equals: responseText should contain the right user and password expected "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbce2a8d7-ce76-48be-8c8f-ff29647b78ff" but got "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbcf673a4-b893-48cd-95ec-3bd4c0d72a84"
+PASS XMLHttpRequest user/pass options: user/pass in URL; pass in open() 
 PASS XMLHttpRequest user/pass options: user/pass in URL and open() 
 

Modified: trunk/Source/WebCore/ChangeLog (235630 => 235631)

--- trunk/Source/WebCore/ChangeLog	2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/Source/WebCore/ChangeLog	2018-09-04 20:37:29 UTC (rev 235631)
@@ -1,3 +1,23 @@
+2018-09-04  Rob Buis  <rb...@igalia.com>
+
+        Adjust XMLHttpRequest username/password precedence rules
+        https://bugs.webkit.org/show_bug.cgi?id=184910
+
+        Reviewed by Chris Dumez.
+
+        Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
+        specify that non null user or non null password ought
+        to be set on the URL, so implement this.
+
+        Behavior matches Firefox and Chrome.
+
+        [1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open
+
+        Test: xhr/send-authentication-competing-names-passwords.htm
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::open):
+
 2018-09-04  Simon Fraser  <simon.fra...@apple.com>
 
         Simplify RenderLayer filter code

Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (235630 => 235631)

--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp	2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp	2018-09-04 20:37:29 UTC (rev 235631)
@@ -389,11 +389,10 @@
 ExceptionOr<void> XMLHttpRequest::open(const String& method, const String& url, bool async, const String& user, const String& password)
 {
     URL urlWithCredentials = scriptExecutionContext()->completeURL(url);
-    if (!user.isNull()) {
+    if (!user.isNull())
         urlWithCredentials.setUser(user);
-        if (!password.isNull())
-            urlWithCredentials.setPass(password);
-    }
+    if (!password.isNull())
+        urlWithCredentials.setPass(password);
 
     return open(method, urlWithCredentials, async);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes