[Webkit-unassigned] [Bug 122952] [GTK][WPE] Support NTLM authentication
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 9 06:42:20 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=122952
--- Comment #24 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Carlos Garcia Campos from comment #23)
> It works for me with MiniBrowser.
Hm, yes, works in MiniBrowser for me too. Well, this is a one-liner to fix in WebKit, then, unless we want all the plumbing to keep in disabled by default. I'll ask Dan Winship to comment. His opinion was previously that we should not enable NTLM by default, but it's clear that Firefox does, so ?????.
Anyway, if I remove Epiphany's authenticate_cb (ephy-web-view.c), then it works in Ephy too. The difference is that MiniBrowser doesn't implement the authenticate signal. Epiphany returns TRUE to handle the authentication event, then does a password manager lookup. If it has a stored username/password, then it uses that; otherwise, it calls webkit_authentication_request_authenticate() with an empty credential:
webkit_credential_new (" ", "", WEBKIT_CREDENTIAL_PERSISTENCE_NONE);
That normally triggers a retry, so the user gets the default auth prompt. But with NTLM, it just results in an error. I guess we are actually authenticating to the peer with empty username/password each time we display a dialog for which we don't have username/password saved already. So, that's not great. Ideally we would have some function to allow us to display WebKit's default authentication prompt after the authenticate callback without actually having to send credentials to the server.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200909/511a590a/attachment-0001.htm>
More information about the webkit-unassigned
mailing list