Closed
Bug 217765
Opened 21 years ago
Closed 21 years ago
HTTP: does not always handle username+password from URL correctly
Categories
(Core :: Networking: HTTP, defect)
Core
Networking: HTTP
Tracking
()
RESOLVED
FIXED
mozilla1.6alpha
People
(Reporter: darin.moz, Assigned: darin.moz)
Details
Attachments
(1 file, 2 obsolete files)
|
10.58 KB,
patch
|
darin.moz
:
review+
bryner
:
superreview+
|
Details | Diff | Splinter Review |
HTTP: does not always handle username+password from URL correctly (hard to come up with a good summary for this bug.. there are really several issues) 1- if we have a username+password in the URL, and we do not have an auth entry, then we cannot send credentials to the server because we don't yet have a challenge. however, if we have an auth entry, then we can look at the challenge and use that to recompute credentials based on the username+ password found in the URL. currently, however, we don't do that. we wait for another challenge. this results in an extra round-trip that i think we can avoid. one point though: if the username in the URL matches the username in the auth cache, then it is probably wise to use the password from the auth cache since it is more likely to be correct (chances are good that it has already been tested against the server). 2- also, if we start out with no auth entry and we have a username+password in the URL, then when we receive a challenge, we should populate the auth cache with an entry that has the username+password taken from the URL. this is something we were not doing before because we did not want to replace an existing auth entry. i think we still do not want to replace an existing auth entry with username+password from the URL, but if there is no existing auth entry then we most certainly should add one to the cache. attaching a patch that fixes these issues.
|
Assignee | |
Comment 1•21 years ago
|
||
casey: this bug report is fallout from the discussion we had the other day. i did some testing based on what you told me and found some specific problems in the code. i've got a patch which should help. please test it out if you get a chance. thx!
Severity: normal → minor
Target Milestone: --- → mozilla1.6alpha
|
|
Assignee | |
Comment 2•21 years ago
|
||
|
|
Assignee | |
Comment 3•21 years ago
|
||
this patch doesn't fix all of the problems related to username+password in URL, but it does help with the issues i described above.
|
||
Comment 4•21 years ago
|
||
This should be blocking 1.5 ... rationale: This a regression from 1.4. Username and password from the URL were handled in 1.4 (even if it did not allow for a changed username and/or password from the URL).
Flags: blocking1.5+
|
||
Comment 5•21 years ago
|
||
Please don't set flags if you don't know what they mean.
Flags: blocking1.5+
|
||
Comment 6•21 years ago
|
||
This is an updated version of the previous patch. It properly changes the cached credentials to the URI specified credentials so that subsequent links are authenticated with the new credentials. Updated comments to match rationale.
|
|
||
Updated•21 years ago
|
Attachment #130972 -
Flags: review?(darin)
|
|
Assignee | |
Comment 7•21 years ago
|
||
slightly revised patch. fixed up some indentation and comments.
Attachment #130608 -
Attachment is obsolete: true
Attachment #130972 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 8•21 years ago
|
||
Comment on attachment 132090 [details] [diff] [review] v2.1 patch r=darin
Attachment #132090 -
Flags: superreview?(bryner)
Attachment #132090 -
Flags: review+
|
||
Updated•21 years ago
|
Attachment #132090 -
Flags: superreview?(bryner) → superreview+
|
|
Assignee | |
Comment 9•21 years ago
|
||
ok, fixed-on-trunk
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
||
Updated•21 years ago
|
Attachment #130972 -
Flags: review?(darin)
You need to log in
before you can comment on or make changes to this bug.
Description
•