Closed Bug 176051 Opened 22 years ago Closed 22 years ago

XMLHttpRequest POST fails to send body when authentication required

Categories

(Core :: XML, defect)

Product:
Core
Component:
XML
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: rainking, Assigned: keeda)

References

(
URL
)

Details

Attachments

(1 file)

use a seekable stream for the postdata
1.47 KB, patch
hjtoi-bugzilla
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021016 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021016 The XMLHttpRequest object is not acting properly when used with Basic HTTP Authentication. Essentially, when authentication is required, it is popping up the dialog box for name and password correctly. However, when it goes to retransmit the POST request, it provides the correct authentication information in the header, but *does not* ever send the body of the POST. Thus, the receiving server is left waiting for the body, and nothing happens. To display this problem, we have created a test URL that receives POST requests. It is actually a validator for an XML-derived language, but the important detail is that it requires Basic HTTP Authentication. It is located at 'http://rhaptos.ece.rice.edu/postTest' where we've set up a test account with Username: test Password: test To demonstrate the problem, go to the url http://rhaptos.ece.rice.edu/developers/rainking/javascript/postTest/postTest.html If you click on the button at the bottom of the screen, it will attempt to post a small bit of text to the test validator mentioned above. Provide the username 'test' and password 'test' when the dialog box asks for them. Now, nothing will happen. A tcpdump reveals that the following packets are being sent: xmlhttprequest sends: POST /postTest HTTP/1.1 Host: rhaptos.ece.rice.edu User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021021 Phoenix/0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1 Accept-Language: en-us, en;q=0.50 Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66 Keep-Alive: 300 Connection: keep-alive Content-Type: text/plain Content-Length: 45 I am the body of the POST that we are sending to which server responds: HTTP/1.1 401 Unauthorized Server: Zope/(Zope 2.4.4 (source release, python 2.1, linux2), python 2.1.3, linux2) ZServer/1.1b1 Date: Tue, 22 Oct 2002 18:14:24 GMT WWW-Authenticate: basic realm="Zope" Bobo-Exception-File: /usr/local/lib/zope/lib/python/ZPublisher/HTTPResponse.py Bobo-Exception-Type: Unauthorized Content-Type: text/html Bobo-Exception-Value: <strong>You are not authorized to access this resource.</strong> Etag: Content-Length: 1301 Bobo-Exception-Line: 592 <TABLE BORDER="0" WIDTH="100%"> <TR VALIGN="TOP"> <TD WIDTH="10%" ALIGN="CENTER"> &nbsp; </TD> <TD WIDTH="90%"> <H2>Site Error</H2> <P>An error was encountered while publishing this resource. </P> <P><STRONG>Unauthorized</STRONG></P> <strong>You are not authorized to access this resource.</strong> <!-- Traceback (innermost last): File /usr/local/lib/zope/lib/python/ZPublisher/Publish.py, line 223, in publish_module File /usr/local/lib/zope/lib/python/ZPublisher/Publish.py, line 187, in publish File /usr/local/lib/zope/lib/python/ZPublisher/Publish.py, line 162, in publish File /usr/local/lib/zope/lib/python/ZPublisher/BaseRequest.py, line 466, in traverse File /usr/local/lib/zope/lib/python/ZPublisher/HTTPResponse.py, line 592, in unauthorized Unauthorized: (see above) --> <HR NOSHADE> <P>Troubleshooting Suggestions</P> <UL> <LI>The URL may be incorrect.</LI> <LI>The parameters passed to this resource may be incorrect.</LI> <LI>A resource that this resource relies on may be encountering an error.</LI> </UL> <P>For more detailed information about the error, please refer to the HTML source for this page. </P> <P>If the error persists please contact the site maintainer. Thank you for your patience. </P> </TD></TR> </TABLE> then, after you enter the username and password in the dialog, the XMLHttpRequest sends: POST /postTest HTTP/1.1 Host: rhaptos.ece.rice.edu User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021021 Phoenix/0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1 Accept-Language: en-us, en;q=0.50 Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66 Keep-Alive: 300 Connection: keep-alive Content-Type: text/plain Content-Length: 45 Authorization: Basic dGVzdDp0ZXN0 ...and that's it. No body gets sent, and the server sits and waits for the content that never comes. Additionally, if you now *leave* the postTest.html page for another page, and then return to postTest.html, you will still be logged in from before. Thus, when you press the button this time, you will see the results displayed. So the problem only happens when you're not yet authenticated. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Confirmed on Windows using NS 7.0 (this code hasn't changed since then I think).
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
We have here a similar problem. I set up an example at http://trash.chregu.tv/xmlreq/ (username:test passwort: test) If i POST into the same folder (to /xmlreq/post.php), it just works fine. If I post to /xmlreq/auth/post.php , which needs another authentication (user: auth, pass: auth), then mozilla stops after sending the second POST headers and never asks for username/password in my case (Moz 1.1 on linux). The TCP Dump is similar to the one posted by Doug. Thanks to heikki for making it an OSCOM bug :) Without this functionality, it's quite complicated to save to http-auth folders (in other words, we have to ask for u/p by ourself and then submit that as parameters in send().
QA Contact: petersen → rakeshmishra
This happens because the POST data upload stream that is given to necko by XMLHttpRequest is not seekable. Refer nsHttpChannel::ProcessAuthentication() http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpChannel.cpp#1731 Using an input stream that implements nsISeekableStream, Such as "string-input-stream" makes this work as expected. Are there any string encoding issues with using the string stream?
Attachment #110691 - Flags: superreview?(darin)
Attachment #110691 - Flags: review?(heikki)
Comment on attachment 110691 [details] [diff] [review] use a seekable stream for the postdata sr=darin
Attachment #110691 - Flags: superreview?(darin) → superreview+
Comment on attachment 110691 [details] [diff] [review] use a seekable stream for the postdata We can safely convert from PRUnichar strings to UTF-8 string without a dataloss. r=heikki Thanks!
Attachment #110691 - Flags: review?(heikki) → review+
Taking bug.
Assignee: heikki → keeda
Checked in. /cvsroot/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp,v <-- nsXMLHttpRequest.cpp new revision: 1.74; previous revision: 1.73 done
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: