[Webkit-unassigned] [Bug 41090] Synchronous XMLHttpRequest retries incorrect credentials indefinitely

Thu Jun 24 09:03:23 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=41090

Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|XMLHttpRequest not using    |Synchronous XMLHttpRequest
                   |correct Authentication      |retries incorrect
                   |Scheme in response for      |credentials indefinitely
                   |Safari                      |
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1

--- Comment #10 from Alexey Proskuryakov <ap at webkit.org>  2010-06-24 09:03:23 PST ---
Here is what happens here:
1. The server responds with a list of supported authentication schemes:
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="My Realm"
2. Safari chooses Negotiate, since it's the first one.
3. Authorization fails, since it goes to IIS own Negotiate handler which rejects the credentials you supply.

It looks like a Safari bug that we retry with failed credentials indefinitely, I'm not yet sure if it's in WebKit or below. But the actual failure is a server side issue.

Could you please verify that this only happens with sync XHR?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.