[webkit-reviews] review denied: [Bug 29160] Safari 4 unable to change settings on Linksys Routers : [Attachment 39469] Updated fix + DRT enhancements + Layout Test

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 11 18:29:53 PDT 2009 

Alexey Proskuryakov <ap at webkit.org> has denied Brady Eidson
<beidson at apple.com>'s request for review:
Bug 29160: Safari 4 unable to change settings on Linksys Routers
https://bugs.webkit.org/show_bug.cgi?id=29160

Attachment 39469: Updated fix + DRT enhancements + Layout Test
https://bugs.webkit.org/attachment.cgi?id=39469&action=review

------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
This only changes the behavior for Basic authentication scheme. I think that's
worth mentioning in ChangeLog.

+static OriginToDefaultCredentialMap& originToDefaultCredentialMap()

Maybe it's also worth adding "Basic" somewhere in this name, or in a comment
next to it.

+#include "Credential.h"
+#include "CString.h"

This is not properly sorted, we use case-sensitive sort for headers.

 #include "CookieStorageWin.h"
+#include "CredentialStorage.h"
 #include "CString.h"

Same issue (pre-existing).

+	     // This case should never happen, as all URL paths should start
with a leading /

All _HTTP_ paths? There are protocolInHTTPFamily() checks at call sites, seems
worth adding an assertion in the function itself.

+	 // <rdar://problem/7174050> - For URLs that match the paths of those
previously challenged for HTTP Basic authentication, 
+	 // we need to try and reuse the credential preemptively, as allowed by
RFC 2617.

Two times in a row, I read this as a FIXME comment. Maybe it's just me, or
maybe it needs to be more assertive than "we need to" :)

+	 CString encoded = unencoded.utf8().base64Encode();

We should ideally check if it's UTF-8 is what other browsers use - it may also
be page encoding. But I'm not sure if credentials encoding is something we do
correctly now.

     if (!challenge.previousFailureCount() && (!client() ||
client()->shouldUseCredentialStorage(this))) {
-	 NSURLCredential *credential =
WebCoreCredentialStorage::get([mac(challenge) protectionSpace]);
-	 if (credential) {
-	     [challenge.sender() useCredential:credential
forAuthenticationChallenge:mac(challenge)];
+	 Credential credential =
CredentialStorage::get(challenge.protectionSpace());
+	 if (!credential.isEmpty()) {
+	     [challenge.sender() useCredential:mac(credential)
forAuthenticationChallenge:mac(challenge)];
	     return;
	 }

If default credentials are incorrect, are we going to send them again on 401,
and only then ask the user?

A separate question - aren't we going to store proxy credentials as default
credentials for an URL after handling a 407 response?

This patch looks really good to me, both code changes and the fact that it
greatly improves DRT capabilities. I have to say r- since 407 looks like an
important issue, even though I'm not 100% sure that it's real.

More information about the webkit-reviews mailing list