[Webkit-unassigned] [Bug 16141] New: Webkit ignores authentication cookie while downloading PDFs through ezproxies

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 26 02:35:30 PST 2007


http://bugs.webkit.org/show_bug.cgi?id=16141

           Summary: Webkit ignores authentication cookie while downloading
                    PDFs through ezproxies
           Product: WebKit
           Version: 523.x (Safari 3)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: PDF
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mekentosj at gmail.com


Bug filed as radar Bug ID# 5612474

Summary: 
Many scientists use an ezproxy setup to browse subscription based scientific
journals and download articles in the form of PDFs. While this worked fine on
tiger/safari2 it no longer works in leopard/safari3. EZproxies work by
forwarding all webtraffic through an address like
http://ezproxy.lib.unimelb.edu.au/login?url=%@ where the %@ is replaced by the
url of the journal (for instance http://nature.com). The first time a user uses
such a url it will have to authenticate. The ezproxy server sets a cookie for
the authenticated session and the user can browse the journal pages. When he
clicks a link he no longer has to authenticate again because of the cookie.
However if he downloads a PDF the system is now broken on Leopard/safari3.
NSURLDownload in contrast to the regular webkit browsing doesn't seem to take
the cookie into account and instead of downloading the PDF it downloads the
html (!) page that asks the user to authenticate again. This affects many users
in the scientific field.

Steps to Reproduce:
- use safari 3 to browse to nature.com over an ezproxy:
http://ezproxy.lib.unimelb.edu.au/login?url=http://www.nature.com
- mail me (mekentosj at gmail.com) to get a password/username to authenticate on
the page you arrive
- once authenticated browse the journals homepage (this will be fine).
- go to the following page:
http://ezproxy.lib.unimelb.edu.au/login?url=http://www.nature.com/nature/journal/v450/n7169/index.html
- if you click on a pdf link the pdf will open fine inside safari
- however, if you go back and right-click the same link and select "Download
linked file" Safari will not download the linked PDF file but instead an html
file that if you open it will show that it is again the authentication page.

Expected Results:
I expect that the PDF file should be downloaded when you use the download
linked file option, the cookie that was set before when you authenticated the
first time should still be valid to grant the NSURLDownload of the PDF file.

Actual Results:
What actually happens when you click on the PDF link is that you will get the
application/pdf mimetype from webkit, if you then use NSURLDownload to download
that file you will actually download the authentication html (!) page.

Regression:
This worked fine on Tiger in combination with Safari 2, it no longer works on
leopard with safari 3

Notes:
Please contact me (mekentosj at gmail.com) to get authentication credentials for
the ezproxy system.

Sample code:
A sample project illustrating the problem can be downloaded from:
http://mekentosj.com/temporary/ezproxytester.zip
See .m file for instructions


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list