<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[196034] trunk/Source/WebKit2</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/196034">196034</a></dd>
<dt>Author</dt> <dd>achristensen@apple.com</dd>
<dt>Date</dt> <dd>2016-02-02 15:42:40 -0800 (Tue, 02 Feb 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fix authentication with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=153779
Reviewed by Brady Eidson.
This fixes many tests, including http/tests/xmlhttprequest/cross-origin-authorization.html.
* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::NetworkLoad):
NetworkingContexts are not used with NetworkSession. NetworkSession is used instead.
Pass allowStoredCredentials to the NetworkLoad so it knows whether to use a session with credential storage or not.
(WebKit::NetworkLoad::didReceiveChallenge):
Always call continueCanAuthenticateAgainstProtectionSpace because we might need credentials for synchronous requests.
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
Reject the protection space if we cannot authenticate against this protection space.
If the protection space is not password-based (such as ServerTrustEvaluationRequested) and we can authenticate against this protection space,
then perform default handling instead of asking the UI process for a password, which wouldn't mean anything.
* NetworkProcess/NetworkLoad.h:
* NetworkProcess/NetworkSession.h:
Use a NSURLSession with configuration.URLCredentialStorage = nil but with the same cookie storage for requests without credentials.
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::NetworkSession::NetworkSession):
(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::dataTaskForIdentifier):
(WebKit::NetworkSession::takeDownloadID):
(WebKit::NetworkDataTask::NetworkDataTask):
* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace):
Always send a reply message so we can always do the callbacks of NSURLSession delegates.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkLoadcpp">trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkLoadh">trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkSessionh">trunk/Source/WebKit2/NetworkProcess/NetworkSession.h</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcesscocoaNetworkSessionCocoamm">trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm</a></li>
<li><a href="#trunkSourceWebKit2WebProcessNetworkWebResourceLoadercpp">trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (196033 => 196034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/ChangeLog 2016-02-02 23:42:40 UTC (rev 196034)
</span><span class="lines">@@ -1,3 +1,35 @@
</span><ins>+2016-02-02 Alex Christensen <achristensen@webkit.org>
+
+ Fix authentication with NetworkSession
+ https://bugs.webkit.org/show_bug.cgi?id=153779
+
+ Reviewed by Brady Eidson.
+
+ This fixes many tests, including http/tests/xmlhttprequest/cross-origin-authorization.html.
+
+ * NetworkProcess/NetworkLoad.cpp:
+ (WebKit::NetworkLoad::NetworkLoad):
+ NetworkingContexts are not used with NetworkSession. NetworkSession is used instead.
+ Pass allowStoredCredentials to the NetworkLoad so it knows whether to use a session with credential storage or not.
+ (WebKit::NetworkLoad::didReceiveChallenge):
+ Always call continueCanAuthenticateAgainstProtectionSpace because we might need credentials for synchronous requests.
+ (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+ Reject the protection space if we cannot authenticate against this protection space.
+ If the protection space is not password-based (such as ServerTrustEvaluationRequested) and we can authenticate against this protection space,
+ then perform default handling instead of asking the UI process for a password, which wouldn't mean anything.
+ * NetworkProcess/NetworkLoad.h:
+ * NetworkProcess/NetworkSession.h:
+ Use a NSURLSession with configuration.URLCredentialStorage = nil but with the same cookie storage for requests without credentials.
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (WebKit::NetworkSession::NetworkSession):
+ (WebKit::NetworkSession::~NetworkSession):
+ (WebKit::NetworkSession::dataTaskForIdentifier):
+ (WebKit::NetworkSession::takeDownloadID):
+ (WebKit::NetworkDataTask::NetworkDataTask):
+ * WebProcess/Network/WebResourceLoader.cpp:
+ (WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace):
+ Always send a reply message so we can always do the callbacks of NSURLSession delegates.
+
</ins><span class="cx"> 2016-02-01 Dave Hyatt <hyatt@apple.com>
</span><span class="cx">
</span><span class="cx"> Add a line grid pagination SPI to WebKit.
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkLoadcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (196033 => 196034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-02-02 23:42:40 UTC (rev 196034)
</span><span class="lines">@@ -46,12 +46,14 @@
</span><span class="cx"> NetworkLoad::NetworkLoad(NetworkLoadClient& client, const NetworkLoadParameters& parameters)
</span><span class="cx"> : m_client(client)
</span><span class="cx"> , m_parameters(parameters)
</span><ins>+#if !USE(NETWORK_SESSION)
</ins><span class="cx"> , m_networkingContext(RemoteNetworkingContext::create(parameters.sessionID, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect))
</span><ins>+#endif
</ins><span class="cx"> , m_currentRequest(parameters.request)
</span><span class="cx"> {
</span><span class="cx"> #if USE(NETWORK_SESSION)
</span><span class="cx"> if (auto* networkSession = SessionTracker::networkSession(parameters.sessionID)) {
</span><del>- m_task = std::make_unique<NetworkDataTask>(*networkSession, *this, parameters.request);
</del><ins>+ m_task = std::make_unique<NetworkDataTask>(*networkSession, *this, parameters.request, parameters.allowStoredCredentials);
</ins><span class="cx"> if (!parameters.defersLoading)
</span><span class="cx"> m_task->resume();
</span><span class="cx"> } else
</span><span class="lines">@@ -193,21 +195,21 @@
</span><span class="cx"> // Handle server trust evaluation at platform-level if requested, for performance reasons.
</span><span class="cx"> if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested
</span><span class="cx"> && !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
</span><del>- completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
</del><ins>+ completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, Credential());
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ m_challengeCompletionHandler = completionHandler;
+ m_challenge = challenge;
+
</ins><span class="cx"> if (m_client.isSynchronous()) {
</span><span class="cx"> // FIXME: We should ask the WebProcess like the asynchronous case below does.
</span><span class="cx"> // This is currently impossible as the WebProcess is blocked waiting on this synchronous load.
</span><span class="cx"> // It's possible that we can jump straight to the UI process to resolve this.
</span><del>- completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
</del><ins>+ continueCanAuthenticateAgainstProtectionSpace(true);
</ins><span class="cx"> return;
</span><del>- }
-
- m_challengeCompletionHandler = completionHandler;
- m_challenge = challenge;
- m_client.canAuthenticateAgainstProtectionSpaceAsync(challenge.protectionSpace());
</del><ins>+ } else
+ m_client.canAuthenticateAgainstProtectionSpaceAsync(challenge.protectionSpace());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void NetworkLoad::didReceiveResponse(const ResourceResponse& response, ResponseCompletionHandler completionHandler)
</span><span class="lines">@@ -322,6 +324,11 @@
</span><span class="cx"> ASSERT(m_challengeCompletionHandler);
</span><span class="cx"> auto completionHandler = WTFMove(m_challengeCompletionHandler);
</span><span class="cx"> if (!result) {
</span><ins>+ completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, Credential());
+ return;
+ }
+
+ if (!m_challenge.protectionSpace().isPasswordBased()) {
</ins><span class="cx"> completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
</span><span class="cx"> return;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkLoadh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h (196033 => 196034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h 2016-02-02 23:42:40 UTC (rev 196034)
</span><span class="lines">@@ -122,7 +122,6 @@
</span><span class="cx">
</span><span class="cx"> NetworkLoadClient& m_client;
</span><span class="cx"> const NetworkLoadParameters m_parameters;
</span><del>- RefPtr<RemoteNetworkingContext> m_networkingContext;
</del><span class="cx"> #if USE(NETWORK_SESSION)
</span><span class="cx"> std::unique_ptr<NetworkDataTask> m_task;
</span><span class="cx"> WebCore::AuthenticationChallenge m_challenge;
</span><span class="lines">@@ -130,6 +129,7 @@
</span><span class="cx"> ResponseCompletionHandler m_responseCompletionHandler;
</span><span class="cx"> RedirectCompletionHandler m_redirectCompletionHandler;
</span><span class="cx"> #else
</span><ins>+ RefPtr<RemoteNetworkingContext> m_networkingContext;
</ins><span class="cx"> RefPtr<WebCore::ResourceHandle> m_handle;
</span><span class="cx"> #endif
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkSessionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkSession.h (196033 => 196034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkSession.h 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkSession.h 2016-02-02 23:42:40 UTC (rev 196034)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx">
</span><span class="cx"> #include "DownloadID.h"
</span><span class="cx"> #include <WebCore/FrameLoaderTypes.h>
</span><ins>+#include <WebCore/ResourceHandleTypes.h>
</ins><span class="cx"> #include <WebCore/SessionID.h>
</span><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/Ref.h>
</span><span class="lines">@@ -84,7 +85,7 @@
</span><span class="cx"> class NetworkDataTask {
</span><span class="cx"> friend class NetworkSession;
</span><span class="cx"> public:
</span><del>- explicit NetworkDataTask(NetworkSession&, NetworkSessionTaskClient&, const WebCore::ResourceRequest&);
</del><ins>+ explicit NetworkDataTask(NetworkSession&, NetworkSessionTaskClient&, const WebCore::ResourceRequest&, WebCore::StoredCredentials);
</ins><span class="cx">
</span><span class="cx"> void suspend();
</span><span class="cx"> void cancel();
</span><span class="lines">@@ -146,7 +147,8 @@
</span><span class="cx"> HashMap<NetworkDataTask::TaskIdentifier, NetworkDataTask*> m_dataTaskMap;
</span><span class="cx"> HashMap<NetworkDataTask::TaskIdentifier, DownloadID> m_downloadMap;
</span><span class="cx"> #if PLATFORM(COCOA)
</span><del>- RetainPtr<NSURLSession> m_session;
</del><ins>+ RetainPtr<NSURLSession> m_sessionWithCredentialStorage;
+ RetainPtr<NSURLSession> m_sessionWithoutCredentialStorage;
</ins><span class="cx"> RetainPtr<WKNetworkSessionDelegate> m_sessionDelegate;
</span><span class="cx"> #endif
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcesscocoaNetworkSessionCocoamm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm (196033 => 196034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2016-02-02 23:42:40 UTC (rev 196034)
</span><span class="lines">@@ -233,12 +233,15 @@
</span><span class="cx"> if (CFHTTPCookieStorageRef storage = storageSession->cookieStorage().get())
</span><span class="cx"> configuration.HTTPCookieStorage = [[[NSHTTPCookieStorage alloc] _initWithCFHTTPCookieStorage:storage] autorelease];
</span><span class="cx"> }
</span><del>- m_session = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
</del><ins>+ m_sessionWithCredentialStorage = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
+ configuration.URLCredentialStorage = nil;
+ m_sessionWithoutCredentialStorage = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> NetworkSession::~NetworkSession()
</span><span class="cx"> {
</span><del>- [m_session invalidateAndCancel];
</del><ins>+ [m_sessionWithCredentialStorage invalidateAndCancel];
+ [m_sessionWithoutCredentialStorage invalidateAndCancel];
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> NetworkDataTask* NetworkSession::dataTaskForIdentifier(NetworkDataTask::TaskIdentifier taskIdentifier)
</span><span class="lines">@@ -270,7 +273,7 @@
</span><span class="cx"> return downloadID;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-NetworkDataTask::NetworkDataTask(NetworkSession& session, NetworkSessionTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials)
</del><ins>+NetworkDataTask::NetworkDataTask(NetworkSession& session, NetworkSessionTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, WebCore::StoredCredentials storedCredentials)
</ins><span class="cx"> : m_session(session)
</span><span class="cx"> , m_client(client)
</span><span class="cx"> {
</span><span class="lines">@@ -280,9 +283,12 @@
</span><span class="cx"> m_user = request.url().user();
</span><span class="cx"> m_password = request.url().pass();
</span><span class="cx"> request.removeCredentials();
</span><ins>+
+ if (storedCredentials == WebCore::AllowStoredCredentials)
+ m_task = [m_session.m_sessionWithCredentialStorage dataTaskWithRequest:request.nsURLRequest(WebCore::UpdateHTTPBody)];
+ else
+ m_task = [m_session.m_sessionWithoutCredentialStorage dataTaskWithRequest:request.nsURLRequest(WebCore::UpdateHTTPBody)];
</ins><span class="cx">
</span><del>- m_task = [m_session.m_session dataTaskWithRequest:request.nsURLRequest(WebCore::UpdateHTTPBody)];
-
</del><span class="cx"> ASSERT(!m_session.m_dataTaskMap.contains(taskIdentifier()));
</span><span class="cx"> m_session.m_dataTaskMap.add(taskIdentifier(), this);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessNetworkWebResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp (196033 => 196034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2016-02-02 23:26:08 UTC (rev 196033)
+++ trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2016-02-02 23:42:40 UTC (rev 196034)
</span><span class="lines">@@ -207,11 +207,8 @@
</span><span class="cx"> #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
</span><span class="cx"> void WebResourceLoader::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
</span><span class="cx"> {
</span><del>- if (!m_coreLoader)
- return;
</del><ins>+ bool result = m_coreLoader ? m_coreLoader->canAuthenticateAgainstProtectionSpace(protectionSpace) : false;
</ins><span class="cx">
</span><del>- bool result = m_coreLoader->canAuthenticateAgainstProtectionSpace(protectionSpace);
-
</del><span class="cx"> send(Messages::NetworkResourceLoader::ContinueCanAuthenticateAgainstProtectionSpace(result));
</span><span class="cx"> }
</span><span class="cx"> #endif
</span></span></pre>
</div>
</div>
</body>
</html>