Changeset 167185 in webkit

Timestamp:

Apr 12, 2014 1:01:45 PM (10 years ago)

Author:

commit-queue@webkit.org

Message:

[SOUP] Libsoup internal credential setting should be controlled by loader decision
​https://bugs.webkit.org/show_bug.cgi?id=130963

Patch by Youenn Fablet <​youenn.fablet@crf.canon.fr> on 2014-04-12
Reviewed by Darin Adler.

Source/WebCore:

Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.

• platform/network/ResourceHandleInternal.h:

(WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.

• platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
(WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
(WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
(WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
(WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.

Source/WebKit/efl:

• WebCoreSupport/FrameLoaderClientEfl.cpp:

(WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true

LayoutTests:

• platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
• platform/gtk/TestExpectations: Ditto.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/efl/TestExpectations (modified) (1 diff)
• LayoutTests/platform/gtk/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/network/ResourceHandleInternal.h (modified) (2 diffs)
• Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp (modified) (8 diffs)
• Source/WebKit/efl/ChangeLog (modified) (1 diff)
• Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2014-04-12  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [SOUP] Libsoup internal credential setting should be controlled by loader decision
+        https://bugs.webkit.org/show_bug.cgi?id=130963
+
+        Reviewed by Darin Adler.
+
+        * platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
+        * platform/gtk/TestExpectations: Ditto.
+
 2014-04-12  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>
 

trunk/LayoutTests/platform/efl/TestExpectations

@@ -238 +238 @@
 http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
 http/tests/xmlhttprequest/access-control-basic-whitelist-request-headers.html
-http/tests/xmlhttprequest/cross-origin-no-authorization.html
 http/tests/xmlhttprequest/logout.html
 http/tests/xmlhttprequest/redirect-cross-origin-tripmine.html

trunk/LayoutTests/platform/gtk/TestExpectations

@@ -1247 +1247 @@
 Bug(GTK) http/tests/xmlhttprequest/logout.html [ Failure ]
 
-Bug(GTK) http/tests/xmlhttprequest/cross-origin-no-authorization.html [ Failure ]
-
 Bug(GTK) media/video-size-intrinsic-scale.html [ Failure ]
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-04-12  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [SOUP] Libsoup internal credential setting should be controlled by loader decision
+        https://bugs.webkit.org/show_bug.cgi?id=130963
+
+        Reviewed by Darin Adler.
+
+        Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
+        Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
+        Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.
+
+        * platform/network/ResourceHandleInternal.h:
+        (WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.
+        * platform/network/soup/ResourceHandleSoup.cpp:
+        (WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
+        (WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
+        (WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
+        (WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
+        (WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.
+
 2014-04-11  Darin Adler  <darin@apple.com>
 

trunk/Source/WebCore/platform/network/ResourceHandleInternal.h

@@ -111 +111 @@
             , m_redirectCount(0)
             , m_previousPosition(0)
+            , m_useAuthenticationManager(true)
 #endif
 #if PLATFORM(COCOA)
@@ -203 +204 @@
         int m_redirectCount;
         size_t m_previousPosition;
+        bool m_useAuthenticationManager;
 #endif
 #if PLATFORM(GTK)

trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp

@@ -83 +83 @@
 public:
 
-    WebCoreSynchronousLoader(ResourceError& error, ResourceResponse& response, SoupSession* session, Vector<char>& data)
+    WebCoreSynchronousLoader(ResourceError& error, ResourceResponse& response, SoupSession* session, Vector<char>& data, StoredCredentials storedCredentials)
         : m_error(error)
         , m_response(response)
@@ -89 +89 @@
         , m_data(data)
         , m_finished(false)
+        , m_storedCredentials(storedCredentials)
+        
     {
         // We don't want any timers to fire while we are doing our synchronous load
@@ -174 +176 @@
     }
 
+    virtual bool shouldUseCredentialStorage(ResourceHandle*)
+    {
+        return m_storedCredentials == AllowStoredCredentials;
+    }
+
     void run()
     {
@@ -187 +194 @@
     bool m_finished;
     GRefPtr<GMainLoop> m_mainLoop;
+    StoredCredentials m_storedCredentials;
 };
 
@@ -356 +364 @@
     }
 
-    if (user.isEmpty() && password.isEmpty())
-        return;
+    if (user.isEmpty() && password.isEmpty()) {
+        // In case credential is not available from the handle and credential storage should not to be used,
+        // disable authentication manager so that credentials stored in libsoup are not used.
+        d->m_useAuthenticationManager = handle->shouldUseCredentialStorage();
+        return;
+    }
 
     // We always put the credentials into the URL. In the CFNetwork-port HTTP family credentials are applied in
@@ -937 +949 @@
     if (!handle->shouldContentSniff())
         soup_message_disable_feature(soupMessage, SOUP_TYPE_CONTENT_SNIFFER);
+    if (!d->m_useAuthenticationManager)
+        soup_message_disable_feature(soupMessage, SOUP_TYPE_AUTH_MANAGER);
 
     FormData* httpBody = request.httpBody();
@@ -1271 +1285 @@
 }
 
-void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials /*storedCredentials*/, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
     ASSERT(!loadingSynchronousRequest);
@@ -1277 +1291 @@
         return;                    // we want to avoid accidentally going into an infinite loop of requests.
 
-    WebCoreSynchronousLoader syncLoader(error, response, sessionFromContext(context), data);
+    WebCoreSynchronousLoader syncLoader(error, response, sessionFromContext(context), data, storedCredentials);
     RefPtr<ResourceHandle> handle = create(context, request, &syncLoader, false /*defersLoading*/, false /*shouldContentSniff*/);
     if (!handle)

trunk/Source/WebKit/efl/ChangeLog

@@ +1 @@
+2014-04-12  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [SOUP] Libsoup internal credential setting should be controlled by loader decision
+        https://bugs.webkit.org/show_bug.cgi?id=130963
+
+        Reviewed by Darin Adler.
+
+        * WebCoreSupport/FrameLoaderClientEfl.cpp:
+        (WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true  
+
 2014-04-08  Ryuan Choi  <ryuan.choi@samsung.com>
 

trunk/Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp

@@ -222 +222 @@
 bool FrameLoaderClientEfl::shouldUseCredentialStorage(DocumentLoader*, unsigned long)
 {
-    notImplemented();
-    return false;
+    return true;
 }