[Webkit-unassigned] [Bug 35390] New: behavior with http auth and xmlhttprequest
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 25 09:13:43 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35390
Summary: behavior with http auth and xmlhttprequest
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: danw at gnome.org
http://www.vsecurity.com/download/tools/fbha-poc_0.1.zip
is a proof of concept of using xmlhttprequest to allow html form-based auth but
using http auth underneath instead of cookies. On Firefox, IE, Safari, and
Chrome, it uses http auth, but does not pop up any browser password dialog
boxes. In Epiphany though, both the login and logout pages pop up a dialog.
(To run the test server, download the zip file, unzip it, and just run the
python script, giving it a port number.)
Haven't looked in detail, but it seems like the difference might be that the
other browsers never prompt for passwords on xmlhttprequest requests? (or at
least, on xmlhttprequest requests that contain password arguments)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list