Diff
Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (107006 => 107007)
--- branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-02-08 00:17:42 UTC (rev 107006)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,3 +1,20 @@
+2011-02-07 Lucas Forschler <lforsch...@apple.com>
+
+ Merge 106982
+
+ 2012-02-07 Brady Eidson <beid...@apple.com>
+
+ <rdar://problem/9567286> and https://bugs.webkit.org/show_bug.cgi?id=78003
+ WebKit associates credentials with the wrong site if the authentication challenge takes place after a redirect chain
+
+ Reviewed by Alexey Proskuryakov.
+
+ * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt: Added.
+ * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html: Added.
+ * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php: Added.
+ * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php: Added.
+ * http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php: Added.
+
2011-02-06 Lucas Forschler <lforsch...@apple.com>
Merge 104356
Deleted: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt (106982 => 107007)
--- trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt 2012-02-07 21:37:17 UTC (rev 106982)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,30 +0,0 @@
-main frame - didStartProvisionalLoadForFrame
-main frame - didCommitLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
-main frame - didFinishDocumentLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didReceiveServerRedirectForProvisionalLoadForFrame
-<unknown> - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword
-frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
-main frame - didHandleOnloadEventsForFrame
-frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
-main frame - didFinishLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php
-frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
-frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
-frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
-This test causes an HTTP authentication challenge in the middle of a redirect chain.
-It then loads a new page after that challenge, and the new page should *not* get any credentials passed to it.
-See bug 78003 for more details.
-
-
-
---------
-Frame: '<!--framePath //<!--frame0-->-->'
---------
-No HTTP authentication credentials
-
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt (from rev 106982, trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt) (0 => 107007)
--- branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt 2012-02-08 00:26:45 UTC (rev 107007)
@@ -0,0 +1,30 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didReceiveServerRedirectForProvisionalLoadForFrame
+<unknown> - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+This test causes an HTTP authentication challenge in the middle of a redirect chain.
+It then loads a new page after that challenge, and the new page should *not* get any credentials passed to it.
+See bug 78003 for more details.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+No HTTP authentication credentials
+
Deleted: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html (106982 => 107007)
--- trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html 2012-02-07 21:37:17 UTC (rev 106982)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,20 +0,0 @@
-<html>
-<script>
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.dumpChildFramesAsText();
- layoutTestController.waitUntilDone();
- layoutTestController.setHandlesAuthenticationChallenges(true);
- layoutTestController.setAuthenticationUsername("httpUsername");
- layoutTestController.setAuthenticationPassword("httpPassword");
-}
-</script>
-
-<body>
-This test causes an HTTP authentication challenge in the middle of a redirect chain.<br>
-It then loads a new page after that challenge, and the new page should *not* get any credentials passed to it.<br>
-See <a href="" 78003</a> for more details.<br>
-<iframe src=""
-</iframe><br>
-</body>
-</html>
\ No newline at end of file
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html (from rev 106982, trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html) (0 => 107007)
--- branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html 2012-02-08 00:26:45 UTC (rev 107007)
@@ -0,0 +1,20 @@
+<html>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.setHandlesAuthenticationChallenges(true);
+ layoutTestController.setAuthenticationUsername("httpUsername");
+ layoutTestController.setAuthenticationPassword("httpPassword");
+}
+</script>
+
+<body>
+This test causes an HTTP authentication challenge in the middle of a redirect chain.<br>
+It then loads a new page after that challenge, and the new page should *not* get any credentials passed to it.<br>
+See <a href="" 78003</a> for more details.<br>
+<iframe src=""
+</iframe><br>
+</body>
+</html>
\ No newline at end of file
Deleted: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php (106982 => 107007)
--- trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php 2012-02-07 21:37:17 UTC (rev 106982)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,6 +0,0 @@
-<?php
-// This page was supposed to be loaded using a localhost URL.
-// That is important, and the next page has to be loaded using 127.0.0.1.
-header("Location: http://127.0.0.1:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php");
-exit;
-?>
\ No newline at end of file
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php (from rev 106982, trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php) (0 => 107007)
--- branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-1-redirect-to-auth.php 2012-02-08 00:26:45 UTC (rev 107007)
@@ -0,0 +1,6 @@
+<?php
+// This page was supposed to be loaded using a localhost URL.
+// That is important, and the next page has to be loaded using 127.0.0.1.
+header("Location: http://127.0.0.1:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php");
+exit;
+?>
\ No newline at end of file
Deleted: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php (106982 => 107007)
--- trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php 2012-02-07 21:37:17 UTC (rev 106982)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,13 +0,0 @@
-<?php
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
- header('WWW-Authenticate: Basic');
- header('HTTP/1.0 401 Unauthorized');
- exit;
-}
-?>
-<script>
-// This page was supposed to be loaded using a 127.0.0.1 URL.
-// That is important, and the final page has to be loaded using localhost.
-// Plus, the redirect to the final page in this test has to be a new page load to trigger the bug; It cannot be an HTTP redirect.
-window.setTimeout("window.location = 'http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php';", 0);
-</script>
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php (from rev 106982, trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php) (0 => 107007)
--- branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-2-auth-then-redirect-to-finish.php 2012-02-08 00:26:45 UTC (rev 107007)
@@ -0,0 +1,13 @@
+<?php
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic');
+ header('HTTP/1.0 401 Unauthorized');
+ exit;
+}
+?>
+<script>
+// This page was supposed to be loaded using a 127.0.0.1 URL.
+// That is important, and the final page has to be loaded using localhost.
+// Plus, the redirect to the final page in this test has to be a new page load to trigger the bug; It cannot be an HTTP redirect.
+window.setTimeout("window.location = 'http://localhost:8000/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php';", 0);
+</script>
Deleted: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php (106982 => 107007)
--- trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php 2012-02-07 21:37:17 UTC (rev 106982)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,10 +0,0 @@
-<?php
-if (!isset($_SERVER['PHP_AUTH_USER']))
- echo "No HTTP authentication credentials<br>";
-else
- echo "Authenticated as {$_SERVER['PHP_AUTH_USER']} with password {$_SERVER['PHP_AUTH_PW']}<br>";
-?>
-<script>
-if (window.layoutTestController)
- layoutTestController.notifyDone();
-</script>
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php (from rev 106982, trunk/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php) (0 => 107007)
--- branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/resources/wrong-credential-3-output-credentials-then-finish.php 2012-02-08 00:26:45 UTC (rev 107007)
@@ -0,0 +1,10 @@
+<?php
+if (!isset($_SERVER['PHP_AUTH_USER']))
+ echo "No HTTP authentication credentials<br>";
+else
+ echo "Authenticated as {$_SERVER['PHP_AUTH_USER']} with password {$_SERVER['PHP_AUTH_PW']}<br>";
+?>
+<script>
+if (window.layoutTestController)
+ layoutTestController.notifyDone();
+</script>
Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (107006 => 107007)
--- branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-02-08 00:17:42 UTC (rev 107006)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-02-08 00:26:45 UTC (rev 107007)
@@ -1,3 +1,24 @@
+2011-02-07 Lucas Forschler <lforsch...@apple.com>
+
+ Merge 106982
+
+ 2012-02-07 Brady Eidson <beid...@apple.com>
+
+ <rdar://problem/9567286> and https://bugs.webkit.org/show_bug.cgi?id=78003
+ WebKit associates credentials with the wrong site if the authentication challenge takes place after a redirect chain
+
+ Reviewed by Alexey Proskuryakov.
+
+ Test: http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html
+
+ Associate the credential with the URL of the challenge itself, not the original request:
+ * platform/network/cf/ResourceHandleCFNet.cpp:
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+ (WebCore::ResourceHandle::receivedCredential):
+ * platform/network/mac/ResourceHandleMac.mm:
+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
+ (WebCore::ResourceHandle::receivedCredential):
+
2011-02-06 Lucas Forschler <lforsch...@apple.com>
Merge 106729
Modified: branches/safari-534.54-branch/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp (107006 => 107007)
--- branches/safari-534.54-branch/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp 2012-02-08 00:17:42 UTC (rev 107006)
+++ branches/safari-534.54-branch/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp 2012-02-08 00:26:45 UTC (rev 107007)
@@ -511,7 +511,7 @@
KURL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
- urlToStore = firstRequest().url();
+ urlToStore = challenge.failureResponse().url();
CredentialStorage::set(core(credential.get()), challenge.protectionSpace(), urlToStore);
CFURLConnectionUseCredential(d->m_connection.get(), credential.get(), challenge.cfURLAuthChallengeRef());
@@ -535,7 +535,7 @@
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
- CredentialStorage::set(credential, challenge.protectionSpace(), firstRequest().url());
+ CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
@@ -572,7 +572,7 @@
KURL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
- urlToStore = firstRequest().url();
+ urlToStore = challenge.failureResponse().url();
CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore);
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
Modified: branches/safari-534.54-branch/Source/WebCore/platform/network/mac/ResourceHandleMac.mm (107006 => 107007)
--- branches/safari-534.54-branch/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2012-02-08 00:17:42 UTC (rev 107006)
+++ branches/safari-534.54-branch/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2012-02-08 00:26:45 UTC (rev 107007)
@@ -551,7 +551,7 @@
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
- CredentialStorage::set(credential, challenge.protectionSpace(), firstRequest().url());
+ CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
[challenge.sender() useCredential:mac(credential) forAuthenticationChallenge:mac(challenge)];
return;
@@ -606,7 +606,7 @@
Credential webCredential(credential, CredentialPersistenceNone);
KURL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
- urlToStore = firstRequest().url();
+ urlToStore = challenge.failureResponse().url();
CredentialStorage::set(webCredential, core([d->m_currentMacChallenge protectionSpace]), urlToStore);
[[d->m_currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:d->m_currentMacChallenge];
} else