[Webkit-unassigned] [Bug 213177] [GTK][WPE] Add API to allow applications to handle the HTTP authentication credential storage
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 15 00:34:03 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=213177
--- Comment #2 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to Michael Catanzaro from comment #1)
> Sounds good to me.
>
> > With this approach the the auhentication request would still have the
> > proposed credential read from persistent storage by libsecret. Apps might
> > decide to always ignore the proposed credentials when using custom storage.
>
> I think if apps will write to custom storage, they probably also want to
> read from custom storage and ignore any credentials managed by WebKit...
> right?
Exactly, the thing is that with API to auth request, the decision is made too late and the credentials have already been read by WebKit using libsecret. It's not a problem, because apps handling storage can just ignore the proposed credentials.
> > Another alternative would be to add a setting to the WebContext to globally
> > disable the persistent storage using libsecret, then we wouldn't need to the
> > webkit_authentication_request_set_use_custom_credential_storage().
>
> Hm, either way seems fine to me... keeping everything in
> WebKitAuthenticationRequest seems nice, to keep related APIs in one place.
> On the other hand, it probably does make more sense as a global setting
> rather than a per-request setting. I doubt any app would want to sometimes
> use WebKit storage for some requests and sometimes use custom storage for
> other requests.
Right, that's a good point.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200615/0fc0a330/attachment-0001.htm>
More information about the webkit-unassigned
mailing list