<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[167185] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/167185">167185</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2014-04-12 13:01:45 -0700 (Sat, 12 Apr 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>[SOUP] Libsoup internal credential setting should be controlled by loader decision
https://bugs.webkit.org/show_bug.cgi?id=130963
Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-12
Reviewed by Darin Adler.
Source/WebCore:
Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.
* platform/network/ResourceHandleInternal.h:
(WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
(WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
(WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
(WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
(WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.
Source/WebKit/efl:
* WebCoreSupport/FrameLoaderClientEfl.cpp:
(WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true
LayoutTests:
* platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
* platform/gtk/TestExpectations: Ditto.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsplatformeflTestExpectations">trunk/LayoutTests/platform/efl/TestExpectations</a></li>
<li><a href="#trunkLayoutTestsplatformgtkTestExpectations">trunk/LayoutTests/platform/gtk/TestExpectations</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkResourceHandleInternalh">trunk/Source/WebCore/platform/network/ResourceHandleInternal.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworksoupResourceHandleSoupcpp">trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp</a></li>
<li><a href="#trunkSourceWebKiteflChangeLog">trunk/Source/WebKit/efl/ChangeLog</a></li>
<li><a href="#trunkSourceWebKiteflWebCoreSupportFrameLoaderClientEflcpp">trunk/Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/LayoutTests/ChangeLog 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2014-04-12 Youenn Fablet <youenn.fablet@crf.canon.fr>
+
+ [SOUP] Libsoup internal credential setting should be controlled by loader decision
+ https://bugs.webkit.org/show_bug.cgi?id=130963
+
+ Reviewed by Darin Adler.
+
+ * platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
+ * platform/gtk/TestExpectations: Ditto.
+
</ins><span class="cx"> 2014-04-12 Tibor Meszaros <tmeszaros.u-szeged@partner.samsung.com>
</span><span class="cx">
</span><span class="cx"> (before-mar-1-1000) In correct date creation prior to 1 Mar 1000
</span></span></pre></div>
<a id="trunkLayoutTestsplatformeflTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/efl/TestExpectations (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/efl/TestExpectations 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/LayoutTests/platform/efl/TestExpectations 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -237,7 +237,6 @@
</span><span class="cx"> http/tests/security/xss-DENIED-xsl-document-redirect.xml
</span><span class="cx"> http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
</span><span class="cx"> http/tests/xmlhttprequest/access-control-basic-whitelist-request-headers.html
</span><del>-http/tests/xmlhttprequest/cross-origin-no-authorization.html
</del><span class="cx"> http/tests/xmlhttprequest/logout.html
</span><span class="cx"> http/tests/xmlhttprequest/redirect-cross-origin-tripmine.html
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestsplatformgtkTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/gtk/TestExpectations (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/gtk/TestExpectations 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -1246,8 +1246,6 @@
</span><span class="cx">
</span><span class="cx"> Bug(GTK) http/tests/xmlhttprequest/logout.html [ Failure ]
</span><span class="cx">
</span><del>-Bug(GTK) http/tests/xmlhttprequest/cross-origin-no-authorization.html [ Failure ]
-
</del><span class="cx"> Bug(GTK) media/video-size-intrinsic-scale.html [ Failure ]
</span><span class="cx">
</span><span class="cx"> # eventSender.keyDown call does not get executed from the TestNetscapePlugin
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/Source/WebCore/ChangeLog 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2014-04-12 Youenn Fablet <youenn.fablet@crf.canon.fr>
+
+ [SOUP] Libsoup internal credential setting should be controlled by loader decision
+ https://bugs.webkit.org/show_bug.cgi?id=130963
+
+ Reviewed by Darin Adler.
+
+ Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
+ Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
+ Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.
+
+ * platform/network/ResourceHandleInternal.h:
+ (WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.
+ * platform/network/soup/ResourceHandleSoup.cpp:
+ (WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
+ (WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
+ (WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
+ (WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
+ (WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.
+
</ins><span class="cx"> 2014-04-11 Darin Adler <darin@apple.com>
</span><span class="cx">
</span><span class="cx"> Some small loader refinements and refactoring
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkResourceHandleInternalh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/ResourceHandleInternal.h (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/ResourceHandleInternal.h 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/Source/WebCore/platform/network/ResourceHandleInternal.h 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -110,6 +110,7 @@
</span><span class="cx"> , m_bodyDataSent(0)
</span><span class="cx"> , m_redirectCount(0)
</span><span class="cx"> , m_previousPosition(0)
</span><ins>+ , m_useAuthenticationManager(true)
</ins><span class="cx"> #endif
</span><span class="cx"> #if PLATFORM(COCOA)
</span><span class="cx"> , m_startWhenScheduled(false)
</span><span class="lines">@@ -202,6 +203,7 @@
</span><span class="cx"> SoupSession* soupSession();
</span><span class="cx"> int m_redirectCount;
</span><span class="cx"> size_t m_previousPosition;
</span><ins>+ bool m_useAuthenticationManager;
</ins><span class="cx"> #endif
</span><span class="cx"> #if PLATFORM(GTK)
</span><span class="cx"> struct {
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworksoupResourceHandleSoupcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -82,12 +82,14 @@
</span><span class="cx"> WTF_MAKE_NONCOPYABLE(WebCoreSynchronousLoader);
</span><span class="cx"> public:
</span><span class="cx">
</span><del>- WebCoreSynchronousLoader(ResourceError& error, ResourceResponse& response, SoupSession* session, Vector<char>& data)
</del><ins>+ WebCoreSynchronousLoader(ResourceError& error, ResourceResponse& response, SoupSession* session, Vector<char>& data, StoredCredentials storedCredentials)
</ins><span class="cx"> : m_error(error)
</span><span class="cx"> , m_response(response)
</span><span class="cx"> , m_session(session)
</span><span class="cx"> , m_data(data)
</span><span class="cx"> , m_finished(false)
</span><ins>+ , m_storedCredentials(storedCredentials)
+
</ins><span class="cx"> {
</span><span class="cx"> // We don't want any timers to fire while we are doing our synchronous load
</span><span class="cx"> // so we replace the thread default main context. The main loop iterations
</span><span class="lines">@@ -173,6 +175,11 @@
</span><span class="cx"> challenge.authenticationClient()->receivedRequestToContinueWithoutCredential(challenge);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ virtual bool shouldUseCredentialStorage(ResourceHandle*)
+ {
+ return m_storedCredentials == AllowStoredCredentials;
+ }
+
</ins><span class="cx"> void run()
</span><span class="cx"> {
</span><span class="cx"> if (!m_finished)
</span><span class="lines">@@ -186,6 +193,7 @@
</span><span class="cx"> Vector<char>& m_data;
</span><span class="cx"> bool m_finished;
</span><span class="cx"> GRefPtr<GMainLoop> m_mainLoop;
</span><ins>+ StoredCredentials m_storedCredentials;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> class HostTLSCertificateSet {
</span><span class="lines">@@ -355,8 +363,12 @@
</span><span class="cx"> password = d->m_initialCredential.password();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (user.isEmpty() && password.isEmpty())
</del><ins>+ if (user.isEmpty() && password.isEmpty()) {
+ // In case credential is not available from the handle and credential storage should not to be used,
+ // disable authentication manager so that credentials stored in libsoup are not used.
+ d->m_useAuthenticationManager = handle->shouldUseCredentialStorage();
</ins><span class="cx"> return;
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> // We always put the credentials into the URL. In the CFNetwork-port HTTP family credentials are applied in
</span><span class="cx"> // the didReceiveAuthenticationChallenge callback, but libsoup requires us to use this method to override
</span><span class="lines">@@ -936,6 +948,8 @@
</span><span class="cx"> g_object_set_data(G_OBJECT(soupMessage), "handle", handle);
</span><span class="cx"> if (!handle->shouldContentSniff())
</span><span class="cx"> soup_message_disable_feature(soupMessage, SOUP_TYPE_CONTENT_SNIFFER);
</span><ins>+ if (!d->m_useAuthenticationManager)
+ soup_message_disable_feature(soupMessage, SOUP_TYPE_AUTH_MANAGER);
</ins><span class="cx">
</span><span class="cx"> FormData* httpBody = request.httpBody();
</span><span class="cx"> CString contentType = request.httpContentType().utf8().data();
</span><span class="lines">@@ -1270,13 +1284,13 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials /*storedCredentials*/, ResourceError& error, ResourceResponse& response, Vector<char>& data)
</del><ins>+void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!loadingSynchronousRequest);
</span><span class="cx"> if (loadingSynchronousRequest) // In practice this cannot happen, but if for some reason it does,
</span><span class="cx"> return; // we want to avoid accidentally going into an infinite loop of requests.
</span><span class="cx">
</span><del>- WebCoreSynchronousLoader syncLoader(error, response, sessionFromContext(context), data);
</del><ins>+ WebCoreSynchronousLoader syncLoader(error, response, sessionFromContext(context), data, storedCredentials);
</ins><span class="cx"> RefPtr<ResourceHandle> handle = create(context, request, &syncLoader, false /*defersLoading*/, false /*shouldContentSniff*/);
</span><span class="cx"> if (!handle)
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceWebKiteflChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/efl/ChangeLog (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/efl/ChangeLog 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/Source/WebKit/efl/ChangeLog 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2014-04-12 Youenn Fablet <youenn.fablet@crf.canon.fr>
+
+ [SOUP] Libsoup internal credential setting should be controlled by loader decision
+ https://bugs.webkit.org/show_bug.cgi?id=130963
+
+ Reviewed by Darin Adler.
+
+ * WebCoreSupport/FrameLoaderClientEfl.cpp:
+ (WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true
+
</ins><span class="cx"> 2014-04-08 Ryuan Choi <ryuan.choi@samsung.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed EFL build fix attempt since r166956
</span></span></pre></div>
<a id="trunkSourceWebKiteflWebCoreSupportFrameLoaderClientEflcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp (167184 => 167185)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp 2014-04-12 19:34:04 UTC (rev 167184)
+++ trunk/Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp 2014-04-12 20:01:45 UTC (rev 167185)
</span><span class="lines">@@ -221,8 +221,7 @@
</span><span class="cx">
</span><span class="cx"> bool FrameLoaderClientEfl::shouldUseCredentialStorage(DocumentLoader*, unsigned long)
</span><span class="cx"> {
</span><del>- notImplemented();
- return false;
</del><ins>+ return true;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void FrameLoaderClientEfl::assignIdentifierToInitialRequest(unsigned long identifier, DocumentLoader* loader, const ResourceRequest& coreRequest)
</span></span></pre>
</div>
</div>
</body>
</html>