[Webkit-unassigned] [Bug 130963] New: [SOUP] Libsoup internal credential setting should be controlled by loader decision
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 31 03:14:42 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=130963
Summary: [SOUP] Libsoup internal credential setting should be
controlled by loader decision
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: youennf at gmail.com
The soup backend sends any credential previously gathered from past interactions.
This seems to cause http/tests/xmlhttprequest/cross-origin-no-authorization.html failure.
For instance:
- A first same-origin XHR request is sent with explicit credentials.
- A second cross-origin XHR request is sent without setting withCredentials to true.
It is expected that the second HTTP request will not contain any credential.
The soup backend is currently implicitly setting credentials for the second request using the ones from the first request.
This seems to apply to user auth and cookies.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list