[webkit-reviews] review denied: [Bug 66354] Regression: On Lion, redirects lose HTTP authentication headers : [Attachment 104129] Patch v1 - Apply any known credentials inside willSendRequest for same origin redirects.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 16 17:51:57 PDT 2011
Alexey Proskuryakov <ap at webkit.org> has denied Brady Eidson
<beidson at apple.com>'s request for review:
Bug 66354: Regression: On Lion, redirects lose HTTP authentication headers
https://bugs.webkit.org/show_bug.cgi?id=66354
Attachment 104129: Patch v1 - Apply any known credentials inside
willSendRequest for same origin redirects.
https://bugs.webkit.org/attachment.cgi?id=104129&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=104129&action=review
Looks good to me, but the fix needs a test and a ResourceHandleCFNet.cpp
counterpart.
> Source/WebCore/platform/network/mac/ResourceHandleMac.mm:503
> + Credential credential = CredentialStorage::get(request.url());
Stored credentials probably shouldn't be applied if the redirect had
credentials in its Location header (Location: http://user:pass@new.host/path).
Also, perhaps there should be some kind of comment explaining that the above
request.clearHTTPAuthorization() call is not needed on Lion. Right now, the
code looks a bit confusing unless you know that we try to work regardless of
whether CFNetwork has removed credentials.
More information about the webkit-reviews
mailing list