[Webkit-unassigned] [Bug 107298] New: XMLHttpRequest re-issued if server returns 401
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 18 09:54:46 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=107298
Summary: XMLHttpRequest re-issued if server returns 401
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://jsbin.com/ohehon/1/
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: costan at gmail.com
Created an attachment (id=183491)
--> (https://bugs.webkit.org/attachment.cgi?id=183491&action=review)
Test case (also in JSBin)
When Safari issues an XMLHttpRequest and the server returns a 401, Safari seems to repeat the request.
If the server uses OAuth, repeating the request triggers an OAuth error, because the nonce is reused. The server returns a 403, which is reported by the XMLHttpRequest. Both Chrome and Firefox report the 401 response from the XMLHttpRequest.
The link is to a JSBin that demonstrates this issue with the Dropbox API server, but the bug is applicable to any other OAuth API. To reproduce the issue, click through the pop-up authentication (sign into Dropbox if necessary) and look at the console. Safari shows a 403 error, Chrome and Firefox show a 401 error.
I used the Charles proxy to confirm my suspicion that Safari sends a second request to the API server. Any intercepting SSL proxy should do the trick.
Please let me know if there is anything else I can do to help investigate this issue.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list