[Webkit-unassigned] [Bug 32916] XMLHttpRequest with failed authentication should not show login prompt if credentials are provided
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 7 21:44:16 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=32916
Victor Andrée <victor.andree at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |victor.andree at gmail.com
--- Comment #2 from Victor Andrée <victor.andree at gmail.com> 2010-06-07 21:44:16 PST ---
This bug is still around and is causing me trouble. I'll provide some specifics and a live test case.
Check out https://mail.google.com/mail/feed/atom (I was trying to put together an extension). Depending on how whether you try to auth with an existing account or not, the server will return different headers if you fail to authenticate (identical headers removed):
Non-existing account:
$ curl -u victor.andreez -v https://mail.google.com/mail/feed/atom
< HTTP/1.1 401 Unauthorized
Existing account:
$ curl -u victor.andree -v https://mail.google.com/mail/feed/atom
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: BASIC realm="New mail feed"
If you attempt the same requests with XMLHttpRequest, only the latter will display a login sheet (since there won't be an account to "login" to otherwise, I presume the Google engineers thought). According to the specs, the sheet should never be displayed.
Reproducing with XMLHttpRequest:
xhr = new XMLHttpRequest();
// No account
xhr.open("GET", "https://mail.google.com/mail/feed/atom", true, "victor.andreez", "hunter2");
xhr.send();
// --> Failed to load resource: the server responded with a status of 401 (Unauthorized)
// Existing account
xhr.open("GET", "https://mail.google.com/mail/feed/atom", true, "victor.andree", "hunter2");
xhr.send();
// --> Failed to load resource: cancelled
// + a stinking sheet!
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list