Changeset 235631 in webkit

Timestamp:

Sep 4, 2018, 1:37:29 PM (7 years ago)

Author:

commit-queue@webkit.org

Message:

Adjust XMLHttpRequest username/password precedence rules
​https://bugs.webkit.org/show_bug.cgi?id=184910

Patch by Rob Buis <​rbuis@igalia.com> on 2018-09-04
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Update test result.

• web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:

Source/WebCore:

Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
specify that non null user or non null password ought
to be set on the URL, so implement this.

Behavior matches Firefox and Chrome.

[1] ​https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open

Test: xhr/send-authentication-competing-names-passwords.htm

• xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::open):

LayoutTests:

Adjust test because now we do set password on the url in
open(), even if the username is null.

• http/tests/xmlhttprequest/basic-auth.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/xmlhttprequest/basic-auth.html (modified) (2 diffs)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/xml/XMLHttpRequest.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-09-04  Rob Buis  <rbuis@igalia.com>
+
+        Adjust XMLHttpRequest username/password precedence rules
+        https://bugs.webkit.org/show_bug.cgi?id=184910
+
+        Reviewed by Chris Dumez.
+
+        Adjust test because now we do set password on the url in
+        open(), even if the username is null.
+
+        * http/tests/xmlhttprequest/basic-auth.html:
+
 2018-09-03  Dean Jackson  <dino@apple.com>
 

trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth.html

@@ -50 +50 @@
     sendAndLogResponse("sync6", req);
 
-    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:123@"), false, undefined, "incorrect");
+    req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=sync7").replace("http://", "http://sync7:incorrect@"), false, undefined, "123");
     sendAndLogResponse("sync7", req);
 
@@ -98 +98 @@
             log('async6: ' + req.responseText);
             req.onreadystatechange = processStateChange;
-            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:123@"), true, undefined, "incorrect");
+            req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth/basic-auth.php?uid=async7").replace("http://", "http://async7:incorrect@"), true, undefined, "123");
             req.send("");
           } else if (asyncStep == 7) {

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2018-09-04  Rob Buis  <rbuis@igalia.com>
+
+        Adjust XMLHttpRequest username/password precedence rules
+        https://bugs.webkit.org/show_bug.cgi?id=184910
+
+        Reviewed by Chris Dumez.
+
+        Update test result.
+
+        * web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt:
+
 2018-09-04  Andy Estes  <aestes@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/send-authentication-competing-names-passwords-expected.txt

@@ -6 +6 @@
 PASS XMLHttpRequest user/pass options: pass in URL, user/pass in open() 
 PASS XMLHttpRequest user/pass options: user in URL 
-FAIL XMLHttpRequest user/pass options: user in URL, pass in open() assert_equals: responseText should contain the right user and password expected "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n8ae16e77-30e0-4758-8c85-ddbac8ff9923" but got "a89b5bdc-8844-4e0c-8b67-bccb90cc5006\n"
+PASS XMLHttpRequest user/pass options: user in URL, pass in open() 
 PASS XMLHttpRequest user/pass options: user/pass in URL 
 PASS XMLHttpRequest user/pass options: user in URL and open() 
 PASS XMLHttpRequest user/pass options: user in URL; user/pass in open() 
 PASS XMLHttpRequest user/pass options: user/pass in URL; user in open() 
-FAIL XMLHttpRequest user/pass options: user/pass in URL; pass in open() assert_equals: responseText should contain the right user and password expected "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbce2a8d7-ce76-48be-8c8f-ff29647b78ff" but got "7add18d7-4945-4a7c-b1d3-e50eff2f65c8\nbcf673a4-b893-48cd-95ec-3bd4c0d72a84"
+PASS XMLHttpRequest user/pass options: user/pass in URL; pass in open() 
 PASS XMLHttpRequest user/pass options: user/pass in URL and open() 
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-09-04  Rob Buis  <rbuis@igalia.com>
+
+        Adjust XMLHttpRequest username/password precedence rules
+        https://bugs.webkit.org/show_bug.cgi?id=184910
+
+        Reviewed by Chris Dumez.
+
+        Steps 9.1 and 9.2 in the XMLHTTPRequest::open [1] algorithm
+        specify that non null user or non null password ought
+        to be set on the URL, so implement this.
+
+        Behavior matches Firefox and Chrome.
+
+        [1] https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open
+
+        Test: xhr/send-authentication-competing-names-passwords.htm
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::open):
+
 2018-09-04  Simon Fraser  <simon.fraser@apple.com>
 

trunk/Source/WebCore/xml/XMLHttpRequest.cpp

@@ -390 +390 @@
 {
     URL urlWithCredentials = scriptExecutionContext()->completeURL(url);
-    if (!user.isNull()) {
+    if (!user.isNull())
         urlWithCredentials.setUser(user);
-        if (!password.isNull())
-            urlWithCredentials.setPass(password);
-    }
+    if (!password.isNull())
+        urlWithCredentials.setPass(password);
 
     return open(method, urlWithCredentials, async);