[Webkit-unassigned] [Bug 37989] Webkit based browsers do not supply credentials properly with Apache basic authentication
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 23 13:17:06 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=37989
--- Comment #7 from Alexey Proskuryakov <ap at webkit.org> 2010-04-23 13:17:07 PST ---
I don't see anything wrong in the attached log. Basic credentials can be only
sent preemptively for resources in the same (or deeper) directories as
resources that were fetched with authentication before, see RFC 2617:
A client SHOULD assume that all paths at or deeper than the depth of
the last symbolic element in the path field of the Request-URI also
are within the protection space specified by the Basic realm value of
the current challenge. A client MAY preemptively send the
corresponding Authorization header with requests for resources in
that space without receipt of another challenge from the server.
In the log, there are no prior requests for /themes/graphics/nav or
/themes/graphics, so we must send a request without credentials and get a 401
challenge first.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list