<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[187691] trunk/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/187691">187691</a></dd>
<dt>Author</dt> <dd>cdumez@apple.com</dd>
<dt>Date</dt> <dd>2015-07-31 16:56:00 -0700 (Fri, 31 Jul 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Source/WebCore:
Coalesce authentication credential requests
https://bugs.webkit.org/show_bug.cgi?id=128006
<rdar://problem/16839069>
Reviewed by Alexey Proskuryakov.
Export symbol for ProtectionSpace::compare() so it can be called from
WebKit2.
* platform/network/ProtectionSpaceBase.h:
Source/WebKit2:
Coalesce concurrent authentication challenges for the same ProtectionSpace
https://bugs.webkit.org/show_bug.cgi?id=147496
<rdar://problem/16839069>
Reviewed by Alexey Proskuryakov.
Coalesce concurrent authentication challenges for the same ProtectionSpace.
Ideally, this would be done in the network layer but short term, this will
make sure the user no longer gets repeating authentication dialogs for the
same protection space.
This gets rid of a long-standing bug in WebKit / Safari where visiting a
site using HTTP authentication would pop up one authentication dialog for
each subresource being loaded from the network (especially when the main
resource is loaded from the cache).
* Shared/Authentication/AuthenticationManager.cpp:
(WebKit::canCoalesceChallenge):
(WebKit::AuthenticationManager::addChallengeToChallengeMap):
(WebKit::AuthenticationManager::shouldCoalesceChallenge):
(WebKit::AuthenticationManager::coalesceChallengesMatching):
(WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):
(WebKit::AuthenticationManager::useCredentialForChallenge):
(WebKit::AuthenticationManager::useCredentialForSingleChallenge):
(WebKit::AuthenticationManager::continueWithoutCredentialForChallenge):
(WebKit::AuthenticationManager::continueWithoutCredentialForSingleChallenge):
(WebKit::AuthenticationManager::cancelChallenge):
(WebKit::AuthenticationManager::cancelSingleChallenge):
(WebKit::AuthenticationManager::performDefaultHandling):
(WebKit::AuthenticationManager::performDefaultHandlingForSingleChallenge):
(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinue):
(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge):
(WebKit::AuthenticationManager::AuthenticationManager): Deleted.
* Shared/Authentication/AuthenticationManager.h:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkProtectionSpaceBaseh">trunk/Source/WebCore/platform/network/ProtectionSpaceBase.h</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2SharedAuthenticationAuthenticationManagercpp">trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp</a></li>
<li><a href="#trunkSourceWebKit2SharedAuthenticationAuthenticationManagerh">trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (187690 => 187691)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-07-31 23:50:01 UTC (rev 187690)
+++ trunk/Source/WebCore/ChangeLog 2015-07-31 23:56:00 UTC (rev 187691)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2015-07-31 Chris Dumez <cdumez@apple.com>
+
+ Coalesce authentication credential requests
+ https://bugs.webkit.org/show_bug.cgi?id=128006
+ <rdar://problem/16839069>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Export symbol for ProtectionSpace::compare() so it can be called from
+ WebKit2.
+
+ * platform/network/ProtectionSpaceBase.h:
+
</ins><span class="cx"> 2015-07-31 Eric Carlson <eric.carlson@apple.com>
</span><span class="cx">
</span><span class="cx"> [iOS] use a media-specific user gesture check
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkProtectionSpaceBaseh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/ProtectionSpaceBase.h (187690 => 187691)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/ProtectionSpaceBase.h 2015-07-31 23:50:01 UTC (rev 187690)
+++ trunk/Source/WebCore/platform/network/ProtectionSpaceBase.h 2015-07-31 23:56:00 UTC (rev 187691)
</span><span class="lines">@@ -72,7 +72,7 @@
</span><span class="cx">
</span><span class="cx"> bool encodingRequiresPlatformData() const { return false; }
</span><span class="cx">
</span><del>- static bool compare(const ProtectionSpace& a, const ProtectionSpace& b);
</del><ins>+ WEBCORE_EXPORT static bool compare(const ProtectionSpace&, const ProtectionSpace&);
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> WEBCORE_EXPORT ProtectionSpaceBase();
</span></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (187690 => 187691)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2015-07-31 23:50:01 UTC (rev 187690)
+++ trunk/Source/WebKit2/ChangeLog 2015-07-31 23:56:00 UTC (rev 187691)
</span><span class="lines">@@ -1,3 +1,40 @@
</span><ins>+2015-07-31 Chris Dumez <cdumez@apple.com>
+
+ Coalesce concurrent authentication challenges for the same ProtectionSpace
+ https://bugs.webkit.org/show_bug.cgi?id=147496
+ <rdar://problem/16839069>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Coalesce concurrent authentication challenges for the same ProtectionSpace.
+ Ideally, this would be done in the network layer but short term, this will
+ make sure the user no longer gets repeating authentication dialogs for the
+ same protection space.
+
+ This gets rid of a long-standing bug in WebKit / Safari where visiting a
+ site using HTTP authentication would pop up one authentication dialog for
+ each subresource being loaded from the network (especially when the main
+ resource is loaded from the cache).
+
+ * Shared/Authentication/AuthenticationManager.cpp:
+ (WebKit::canCoalesceChallenge):
+ (WebKit::AuthenticationManager::addChallengeToChallengeMap):
+ (WebKit::AuthenticationManager::shouldCoalesceChallenge):
+ (WebKit::AuthenticationManager::coalesceChallengesMatching):
+ (WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):
+ (WebKit::AuthenticationManager::useCredentialForChallenge):
+ (WebKit::AuthenticationManager::useCredentialForSingleChallenge):
+ (WebKit::AuthenticationManager::continueWithoutCredentialForChallenge):
+ (WebKit::AuthenticationManager::continueWithoutCredentialForSingleChallenge):
+ (WebKit::AuthenticationManager::cancelChallenge):
+ (WebKit::AuthenticationManager::cancelSingleChallenge):
+ (WebKit::AuthenticationManager::performDefaultHandling):
+ (WebKit::AuthenticationManager::performDefaultHandlingForSingleChallenge):
+ (WebKit::AuthenticationManager::rejectProtectionSpaceAndContinue):
+ (WebKit::AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge):
+ (WebKit::AuthenticationManager::AuthenticationManager): Deleted.
+ * Shared/Authentication/AuthenticationManager.h:
+
</ins><span class="cx"> 2015-07-31 Joseph Pecoraro <pecoraro@apple.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed parameter name typo fix.
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedAuthenticationAuthenticationManagercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp (187690 => 187691)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp 2015-07-31 23:50:01 UTC (rev 187690)
+++ trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp 2015-07-31 23:56:00 UTC (rev 187691)
</span><span class="lines">@@ -53,6 +53,12 @@
</span><span class="cx"> return ++uniqueAuthenticationChallengeID;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static bool canCoalesceChallenge(const WebCore::AuthenticationChallenge& challenge)
+{
+ // Do not coalesce server trust evaluation requests because ProtectionSpace comparison does not evaluate server trust (e.g. certificate).
+ return challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
+}
+
</ins><span class="cx"> const char* AuthenticationManager::supplementName()
</span><span class="cx"> {
</span><span class="cx"> return "AuthenticationManager";
</span><span class="lines">@@ -64,7 +70,7 @@
</span><span class="cx"> m_process->addMessageReceiver(Messages::AuthenticationManager::messageReceiverName(), *this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-uint64_t AuthenticationManager::establishIdentifierForChallenge(const WebCore::AuthenticationChallenge& authenticationChallenge)
</del><ins>+uint64_t AuthenticationManager::addChallengeToChallengeMap(const WebCore::AuthenticationChallenge& authenticationChallenge)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(RunLoop::isMain());
</span><span class="cx">
</span><span class="lines">@@ -73,12 +79,51 @@
</span><span class="cx"> return challengeID;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool AuthenticationManager::shouldCoalesceChallenge(uint64_t challengeID, const AuthenticationChallenge& challenge) const
+{
+ if (!canCoalesceChallenge(challenge))
+ return false;
+
+ auto end = m_challenges.end();
+ for (auto it = m_challenges.begin(); it != end; ++it) {
+ if (it->key != challengeID && ProtectionSpace::compare(challenge.protectionSpace(), it->value.protectionSpace()))
+ return true;
+ }
+ return false;
+}
+
+Vector<uint64_t> AuthenticationManager::coalesceChallengesMatching(uint64_t challengeID) const
+{
+ AuthenticationChallenge challenge = m_challenges.get(challengeID);
+ ASSERT(!challenge.isNull());
+
+ Vector<uint64_t> challengesToCoalesce;
+ challengesToCoalesce.append(challengeID);
+
+ if (!canCoalesceChallenge(challenge))
+ return challengesToCoalesce;
+
+ auto end = m_challenges.end();
+ for (auto it = m_challenges.begin(); it != end; ++it) {
+ if (it->key != challengeID && ProtectionSpace::compare(challenge.protectionSpace(), it->value.protectionSpace()))
+ challengesToCoalesce.append(it->key);
+ }
+
+ return challengesToCoalesce;
+}
+
</ins><span class="cx"> void AuthenticationManager::didReceiveAuthenticationChallenge(WebFrame* frame, const AuthenticationChallenge& authenticationChallenge)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(frame);
</span><span class="cx"> ASSERT(frame->page());
</span><ins>+
+ uint64_t challengeID = addChallengeToChallengeMap(authenticationChallenge);
+
+ // Coalesce challenges in the same protection space.
+ if (shouldCoalesceChallenge(challengeID, authenticationChallenge))
+ return;
</ins><span class="cx">
</span><del>- m_process->send(Messages::WebPageProxy::DidReceiveAuthenticationChallenge(frame->frameID(), authenticationChallenge, establishIdentifierForChallenge(authenticationChallenge)), frame->page()->pageID());
</del><ins>+ m_process->send(Messages::WebPageProxy::DidReceiveAuthenticationChallenge(frame->frameID(), authenticationChallenge, challengeID), frame->page()->pageID());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #if ENABLE(NETWORK_PROCESS)
</span><span class="lines">@@ -86,14 +131,22 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(pageID);
</span><span class="cx"> ASSERT(frameID);
</span><ins>+
+ uint64_t challengeID = addChallengeToChallengeMap(authenticationChallenge);
+ if (shouldCoalesceChallenge(challengeID, authenticationChallenge))
+ return;
</ins><span class="cx">
</span><del>- m_process->send(Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge(pageID, frameID, authenticationChallenge, establishIdentifierForChallenge(authenticationChallenge)));
</del><ins>+ m_process->send(Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge(pageID, frameID, authenticationChallenge, addChallengeToChallengeMap(authenticationChallenge)));
</ins><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> void AuthenticationManager::didReceiveAuthenticationChallenge(Download* download, const AuthenticationChallenge& authenticationChallenge)
</span><span class="cx"> {
</span><del>- download->send(Messages::DownloadProxy::DidReceiveAuthenticationChallenge(authenticationChallenge, establishIdentifierForChallenge(authenticationChallenge)));
</del><ins>+ uint64_t challengeID = addChallengeToChallengeMap(authenticationChallenge);
+ if (shouldCoalesceChallenge(challengeID, authenticationChallenge))
+ return;
+
+ download->send(Messages::DownloadProxy::DidReceiveAuthenticationChallenge(authenticationChallenge, addChallengeToChallengeMap(authenticationChallenge)));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Currently, only Mac knows how to respond to authentication challenges with certificate info.
</span><span class="lines">@@ -108,6 +161,12 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(RunLoop::isMain());
</span><span class="cx">
</span><ins>+ for (auto& coalescedChallengeID : coalesceChallengesMatching(challengeID))
+ useCredentialForSingleChallenge(coalescedChallengeID, credential, certificateInfo);
+}
+
+void AuthenticationManager::useCredentialForSingleChallenge(uint64_t challengeID, const Credential& credential, const CertificateInfo& certificateInfo)
+{
</ins><span class="cx"> AuthenticationChallenge challenge = m_challenges.take(challengeID);
</span><span class="cx"> ASSERT(!challenge.isNull());
</span><span class="cx">
</span><span class="lines">@@ -129,6 +188,12 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(RunLoop::isMain());
</span><span class="cx">
</span><ins>+ for (auto& coalescedChallengeID : coalesceChallengesMatching(challengeID))
+ continueWithoutCredentialForSingleChallenge(coalescedChallengeID);
+}
+
+void AuthenticationManager::continueWithoutCredentialForSingleChallenge(uint64_t challengeID)
+{
</ins><span class="cx"> AuthenticationChallenge challenge = m_challenges.take(challengeID);
</span><span class="cx"> ASSERT(!challenge.isNull());
</span><span class="cx"> AuthenticationClient* coreClient = challenge.authenticationClient();
</span><span class="lines">@@ -146,6 +211,12 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(RunLoop::isMain());
</span><span class="cx">
</span><ins>+ for (auto& coalescedChallengeID : coalesceChallengesMatching(challengeID))
+ cancelSingleChallenge(coalescedChallengeID);
+}
+
+void AuthenticationManager::cancelSingleChallenge(uint64_t challengeID)
+{
</ins><span class="cx"> AuthenticationChallenge challenge = m_challenges.take(challengeID);
</span><span class="cx"> ASSERT(!challenge.isNull());
</span><span class="cx"> AuthenticationClient* coreClient = challenge.authenticationClient();
</span><span class="lines">@@ -163,6 +234,12 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(RunLoop::isMain());
</span><span class="cx">
</span><ins>+ for (auto& coalescedChallengeID : coalesceChallengesMatching(challengeID))
+ performDefaultHandlingForSingleChallenge(coalescedChallengeID);
+}
+
+void AuthenticationManager::performDefaultHandlingForSingleChallenge(uint64_t challengeID)
+{
</ins><span class="cx"> AuthenticationChallenge challenge = m_challenges.take(challengeID);
</span><span class="cx"> ASSERT(!challenge.isNull());
</span><span class="cx"> AuthenticationClient* coreClient = challenge.authenticationClient();
</span><span class="lines">@@ -180,6 +257,12 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(RunLoop::isMain());
</span><span class="cx">
</span><ins>+ for (auto& coalescedChallengeID : coalesceChallengesMatching(challengeID))
+ rejectProtectionSpaceAndContinueForSingleChallenge(coalescedChallengeID);
+}
+
+void AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge(uint64_t challengeID)
+{
</ins><span class="cx"> AuthenticationChallenge challenge = m_challenges.take(challengeID);
</span><span class="cx"> ASSERT(!challenge.isNull());
</span><span class="cx"> AuthenticationClient* coreClient = challenge.authenticationClient();
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedAuthenticationAuthenticationManagerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.h (187690 => 187691)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.h 2015-07-31 23:50:01 UTC (rev 187690)
+++ trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.h 2015-07-31 23:56:00 UTC (rev 187691)
</span><span class="lines">@@ -73,8 +73,17 @@
</span><span class="cx">
</span><span class="cx"> bool tryUseCertificateInfoForChallenge(const WebCore::AuthenticationChallenge&, const WebCore::CertificateInfo&);
</span><span class="cx">
</span><del>- uint64_t establishIdentifierForChallenge(const WebCore::AuthenticationChallenge&);
</del><ins>+ uint64_t addChallengeToChallengeMap(const WebCore::AuthenticationChallenge&);
+ bool shouldCoalesceChallenge(uint64_t challengeID, const WebCore::AuthenticationChallenge&) const;
</ins><span class="cx">
</span><ins>+ void useCredentialForSingleChallenge(uint64_t challengeID, const WebCore::Credential&, const WebCore::CertificateInfo&);
+ void continueWithoutCredentialForSingleChallenge(uint64_t challengeID);
+ void cancelSingleChallenge(uint64_t challengeID);
+ void performDefaultHandlingForSingleChallenge(uint64_t challengeID);
+ void rejectProtectionSpaceAndContinueForSingleChallenge(uint64_t challengeID);
+
+ Vector<uint64_t> coalesceChallengesMatching(uint64_t challengeID) const;
+
</ins><span class="cx"> ChildProcess* m_process;
</span><span class="cx">
</span><span class="cx"> typedef HashMap<uint64_t, WebCore::AuthenticationChallenge> AuthenticationChallengeMap;
</span></span></pre>
</div>
</div>
</body>
</html>