[webkit-reviews] review granted: [Bug 185522] NetworkCORSPreflightChecker should proceed when having a ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenge : [Attachment 340114] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 10 16:02:39 PDT 2018
Brent Fulgham <bfulgham at webkit.org> has granted youenn fablet
<youennf at gmail.com>'s request for review:
Bug 185522: NetworkCORSPreflightChecker should proceed when having a
ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenge
https://bugs.webkit.org/show_bug.cgi?id=185522
Attachment 340114: Patch
https://bugs.webkit.org/attachment.cgi?id=340114&action=review
--- Comment #4 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 340114
--> https://bugs.webkit.org/attachment.cgi?id=340114
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=340114&action=review
This looks correct to me. r=me.
> Source/WebKit/ChangeLog:10
> + Previously, we were failing right away which is not right in case
preflight is the request triggering the connection.
If the issue is that preflight doesn't use credentials, couldn't this be an
issue with any of the authentication scheme's needing credentials (e.g.,
ProtectionSpaceAuthenticationSchemeClientCertificateRequested)? Or is it
something special about the behavior of
ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested?
Looking through the rest of the code, it seems like ServerTrust is handled
specially and rejects as you propose here in similar cases.
More information about the webkit-reviews
mailing list