- Revision
- 235631
- Author
- commit-qu...@webkit.org
- Date
- 2018-09-04 13:37:29 -0700 (Tue, 04 Sep 2018)
Log Message
Adjust XMLHttpRequest username/password precedence rules
https://bugs.webkit.org/show_bug.cgi?id=184910
Patch by Rob Buis <rb...@igalia.com> on 2018-09-04
Reviewed by Chris Dumez.
LayoutTests/imported/w3c:
Update test result.
* web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:
Source/WebCore:
Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
specify that non null user or non null password ought
to be set on the URL, so implement this.
Behavior matches Firefox and Chrome.
[1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open
Test: xhr/send-authentication-competing-names-passwords.htm
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open):
LayoutTests:
Adjust test because now we do set password on the url in
open(), even if the username is null.
* http/tests/xmlhttprequest/basic-auth.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (235630 => 235631)
--- trunk/LayoutTests/ChangeLog 2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/ChangeLog 2018-09-04 20:37:29 UTC (rev 235631)
@@ -1,3 +1,15 @@
+2018-09-04 Rob Buis <rb...@igalia.com>
+
+ Adjust XMLHttpRequest username/password precedence rules
+ https://bugs.webkit.org/show_bug.cgi?id=184910
+
+ Reviewed by Chris Dumez.
+
+ Adjust test because now we do set password on the url in
+ open(), even if the username is null.
+
+ * http/tests/xmlhttprequest/basic-auth.html:
+
2018-09-03 Dean Jackson <d...@apple.com>
Move SystemPreview code from WebKitAdditions to WebKit
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html (235630 => 235631)
--- trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html 2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html 2018-09-04 20:37:29 UTC (rev 235631)
@@ -49,7 +49,7 @@
req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync6").replace("http://", "http://sync6:123@"), false, undefined);
sendAndLogResponse("sync6", req);
- req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:123@"), false, undefined, "incorrect");
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:incorrect@"), false, undefined, "123");
sendAndLogResponse("sync7", req);
// async
@@ -97,7 +97,7 @@
asyncStep = 7;
log('async6: ' + req.responseText);
req._onreadystatechange_ = processStateChange;
- req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:123@"), true, undefined, "incorrect");
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:incorrect@"), true, undefined, "123");
req.send("");
} else if (asyncStep == 7) {
log('async7: ' + req.responseText);
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (235630 => 235631)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-09-04 20:37:29 UTC (rev 235631)
@@ -1,3 +1,14 @@
+2018-09-04 Rob Buis <rb...@igalia.com>
+
+ Adjust XMLHttpRequest username/password precedence rules
+ https://bugs.webkit.org/show_bug.cgi?id=184910
+
+ Reviewed by Chris Dumez.
+
+ Update test result.
+
+ * web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:
+
2018-09-04 Andy Estes <aes...@apple.com>
[Payment Request] PaymentResponse should have an onpayerdetailchange event handler
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt (235630 => 235631)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt 2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt 2018-09-04 20:37:29 UTC (rev 235631)
@@ -5,11 +5,11 @@
PASS XMLHttpRequest user/pass options: pass in URL, user in open()
PASS XMLHttpRequest user/pass options: pass in URL, user/pass in open()
PASS XMLHttpRequest user/pass options: user in URL
-FAIL XMLHttpRequest user/pass options: user in URL, pass in open() assert_equals: responseText should contain the right user and password expected "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n8ae16e77-30e0-4758-8c85-ddbac8ff9923" but got "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n"
+PASS XMLHttpRequest user/pass options: user in URL, pass in open()
PASS XMLHttpRequest user/pass options: user/pass in URL
PASS XMLHttpRequest user/pass options: user in URL and open()
PASS XMLHttpRequest user/pass options: user in URL; user/pass in open()
PASS XMLHttpRequest user/pass options: user/pass in URL; user in open()
-FAIL XMLHttpRequest user/pass options: user/pass in URL; pass in open() assert_equals: responseText should contain the right user and password expected "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbce2a8d7-ce76-48be-8c8f-ff29647b78ff" but got "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbcf673a4-b893-48cd-95ec-3bd4c0d72a84"
+PASS XMLHttpRequest user/pass options: user/pass in URL; pass in open()
PASS XMLHttpRequest user/pass options: user/pass in URL and open()
Modified: trunk/Source/WebCore/ChangeLog (235630 => 235631)
--- trunk/Source/WebCore/ChangeLog 2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/Source/WebCore/ChangeLog 2018-09-04 20:37:29 UTC (rev 235631)
@@ -1,3 +1,23 @@
+2018-09-04 Rob Buis <rb...@igalia.com>
+
+ Adjust XMLHttpRequest username/password precedence rules
+ https://bugs.webkit.org/show_bug.cgi?id=184910
+
+ Reviewed by Chris Dumez.
+
+ Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
+ specify that non null user or non null password ought
+ to be set on the URL, so implement this.
+
+ Behavior matches Firefox and Chrome.
+
+ [1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open
+
+ Test: xhr/send-authentication-competing-names-passwords.htm
+
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::open):
+
2018-09-04 Simon Fraser <simon.fra...@apple.com>
Simplify RenderLayer filter code
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (235630 => 235631)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2018-09-04 20:27:09 UTC (rev 235630)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2018-09-04 20:37:29 UTC (rev 235631)
@@ -389,11 +389,10 @@
ExceptionOr<void> XMLHttpRequest::open(const String& method, const String& url, bool async, const String& user, const String& password)
{
URL urlWithCredentials = scriptExecutionContext()->completeURL(url);
- if (!user.isNull()) {
+ if (!user.isNull())
urlWithCredentials.setUser(user);
- if (!password.isNull())
- urlWithCredentials.setPass(password);
- }
+ if (!password.isNull())
+ urlWithCredentials.setPass(password);
return open(method, urlWithCredentials, async);
}