[Webkit-unassigned] [Bug 70686] New: WebKit fails to prompt for basic authentication when the realm is an unquoted URL
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 22 16:05:36 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=70686
Summary: WebKit fails to prompt for basic authentication when
the realm is an unquoted URL
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://www.ennaranja.com
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: guillermo.jano.bugzilla at gmail.com
When Safari/WebKit finds an HTTP header like the following:
WWW-Authenticate: Basic realm=http://www.ennaranja.com
it fails to parse the realm and thus doesn't prompt for an username/password but directly present the Authorization Required page to the user. I know this header syntax is invalid, as the parameter 'realm' is defined to only use 'quoted-string' syntax, however some other browsers as Internet Explorer or Mozilla Firefox or even the WebKit-based Google Chrome accept this unquoted form and still present the user with the prompt.
I have found a study about how several browsers parse the WWW-Authenticate in different situations [ http://greenbytes.de/tech/tc/httpauth/ ] and this issue is similar to test case 'simplebasictok', which Safari passes, however I guess the non-alphanumeric characters (':', '/') in the URL make the difference in this case.
This issue also affects MobileSafari in iOS 5.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list