Changeset 135040 in webkit
- Timestamp:
- Nov 17, 2012, 12:03:32 AM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
platform/network/ResourceHandle.h (modified) (1 diff)
-
platform/network/soup/ResourceHandleSoup.cpp (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r135039 r135040 1 2012-11-17 Martin Robinson <mrobinson@igalia.com> 2 3 [Soup] CredentialStorage should only be used for HTTP-family requests 4 https://bugs.webkit.org/show_bug.cgi?id=102582 5 6 Reviewed by Gustavo Noronha Silva. 7 8 Do not use CredentialStorage when handling non-HTTP family requests. CredentialStorage 9 only expects to handle requests in the HTTP family. 10 11 No new tests. This is covered by existing tests. 12 13 * platform/network/ResourceHandle.h: 14 (ResourceHandle): Add a shouldUseCredentialStorage helper to ResourceHandle. This 15 helper returns false when firstRequest() is a non-HTTP family request. 16 * platform/network/soup/ResourceHandleSoup.cpp: 17 (WebCore::applyAuthenticationToRequest): Use the new helper. 18 (WebCore::createSoupRequestAndMessageForHandle): Ditto. 19 (WebCore::ResourceHandle::start): Ditto. 20 (WebCore::ResourceHandle::shouldUseCredentialStorage): Ditto. 21 (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): Ditto. 22 (WebCore::ResourceHandle::receivedCredential): Ditto. 23 1 24 2012-11-16 Patrick Gansterer <paroga@webkit.org> 2 25 -
trunk/Source/WebCore/platform/network/ResourceHandle.h
r134960 r135040 170 170 void continueDidReceiveAuthenticationChallenge(const Credential& credentialFromPersistentStorage); 171 171 void sendPendingRequest(); 172 bool shouldUseCredentialStorage(); 172 173 static SoupSession* defaultSession(); 173 174 static uint64_t getSoupRequestInitiaingPageID(SoupRequest*); -
trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
r134971 r135040 328 328 329 329 ResourceRequest& request = d->m_firstRequest; 330 if ( !handle->client() || handle->client()->shouldUseCredentialStorage(handle)) {330 if (handle->shouldUseCredentialStorage()) { 331 331 if (d->m_user.isEmpty() && d->m_pass.isEmpty()) 332 332 d->m_initialCredential = CredentialStorage::get(request.url()); … … 913 913 } 914 914 915 bool ResourceHandle::shouldUseCredentialStorage() 916 { 917 return (!client() || client()->shouldUseCredentialStorage(this)) && firstRequest().url().protocolIsInHTTPFamily(); 918 } 919 915 920 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host) 916 921 { … … 960 965 ASSERT(d->m_currentWebChallenge.isNull()); 961 966 962 bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);967 bool useCredentialStorage = shouldUseCredentialStorage(); 963 968 if (!d->m_user.isNull() && !d->m_pass.isNull()) { 964 969 Credential credential = Credential(d->m_user, d->m_pass, CredentialPersistenceForSession); 965 if ( shouldUseCredentialStorage)970 if (useCredentialStorage) 966 971 CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); 967 972 soup_auth_authenticate(challenge.soupAuth(), credential.user().utf8().data(), credential.password().utf8().data()); … … 971 976 972 977 // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. 973 if ( shouldUseCredentialStorage) {978 if (useCredentialStorage) { 974 979 if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) { 975 980 // The stored credential wasn't accepted, stop using it. There is a race condition … … 1002 1007 // use HTTP authentication. In the end, this doesn't matter much, because persistent credentials 1003 1008 // will become session credentials after the first use. 1004 if ( shouldUseCredentialStorage) {1009 if (useCredentialStorage) { 1005 1010 credentialBackingStore().credentialForChallenge(challenge, getCredentialFromPersistentStoreCallback, this); 1006 1011 return; … … 1033 1038 } 1034 1039 1035 // Eventually we will manage per-session credentials only internally or use some newly-exposed API from libsoup, 1036 // because once we authenticate via libsoup, there is no way to ignore it for a particular request. Right now, 1037 // we place the credentials in the store even though libsoup will never fire the authenticate signal again for 1038 // this protection space. 1039 if (credential.persistence() == CredentialPersistenceForSession || credential.persistence() == CredentialPersistencePermanent) 1040 CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); 1040 if (shouldUseCredentialStorage()) { 1041 // Eventually we will manage per-session credentials only internally or use some newly-exposed API from libsoup, 1042 // because once we authenticate via libsoup, there is no way to ignore it for a particular request. Right now, 1043 // we place the credentials in the store even though libsoup will never fire the authenticate signal again for 1044 // this protection space. 1045 if (credential.persistence() == CredentialPersistenceForSession || credential.persistence() == CredentialPersistencePermanent) 1046 CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); 1041 1047 1042 1048 #if PLATFORM(GTK) 1043 if (credential.persistence() == CredentialPersistencePermanent) { 1044 d->m_credentialDataToSaveInPersistentStore.credential = credential; 1045 d->m_credentialDataToSaveInPersistentStore.challenge = challenge; 1046 } 1047 #endif 1049 if (credential.persistence() == CredentialPersistencePermanent) { 1050 d->m_credentialDataToSaveInPersistentStore.credential = credential; 1051 d->m_credentialDataToSaveInPersistentStore.challenge = challenge; 1052 } 1053 #endif 1054 } 1048 1055 1049 1056 ASSERT(challenge.soupSession());
Note:
See TracChangeset
for help on using the changeset viewer.
