From 80045583a292e6b80823d540cb1e97c27cf1381b Mon Sep 17 00:00:00 2001
From: Honza Bambas <honzab.moz@firemni.cz>
Date: Tue, 23 Oct 2012 17:37:02 +0200
Subject: [PATCH] Backout of changeset 6f1121e69ee9

---
 content/base/test/file_XHR_anon.sjs           |   3 +-
 content/base/test/test_XHR_anon.html          | 207 +++++-------------
 .../http/nsHttpChannelAuthProvider.cpp        |  32 ++-
 3 files changed, 72 insertions(+), 170 deletions(-)

diff --git a/content/base/test/file_XHR_anon.sjs b/content/base/test/file_XHR_anon.sjs
index c6f400ec9bf..cd23ebbf8c6 100644
--- a/content/base/test/file_XHR_anon.sjs
+++ b/content/base/test/file_XHR_anon.sjs
@@ -6,8 +6,7 @@ function handleRequest(request, response) {
     if (request.hasHeader("Authorization")) {
       headers["authorization"] = request.getHeader("Authorization");
     } else {
-      response.setStatusLine(null, 401, "Authentication required");
-      response.setHeader("WWW-Authenticate", "basic realm=\"testrealm\"", true);
+      response.setStatusLine(null, 500, "Server Error");
     }
   } else {
     invalidHeaders.push("Authorization");
diff --git a/content/base/test/test_XHR_anon.html b/content/base/test/test_XHR_anon.html
index e02af8619b4..fb612cec515 100644
--- a/content/base/test/test_XHR_anon.html
+++ b/content/base/test/test_XHR_anon.html
@@ -16,162 +16,71 @@
 <pre id="test">
 <script class="testbody" type="application/javascript;version=1.8">
 
-// An XHR with the anon flag set will not send cookie and auth information.
-const TEST_URL = "http://example.com/tests/content/base/test/file_XHR_anon.sjs";
-document.cookie = "foo=bar";
-
-let am = {
-  authMgr: null,
-
-  init: function() {
-    const {classes: Cc, interfaces: Ci} = SpecialPowers.wrap(Components);
-
-    this.authMgr = Cc["@mozilla.org/network/http-auth-manager;1"]
-                     .getService(Components.interfaces.nsIHttpAuthManager)
-  },
-
-  addIdentity: function() {
-    this.authMgr.setAuthIdentity("http", "example.com", -1, "basic", "testrealm",
-                                 "", "example.com", "user1", "password1");
-  },
-
-  tearDown: function() {
-    this.authMgr.clearAll();
-  },
-}
-
-var tests = [ test1, test2, test2a, test3, test3, test3, test4, test4, test4, test5, test5, test5 ];
 
 function runTests() {
-  if (!tests.length) {
-    am.tearDown();
-    SpecialPowers.removePermission("systemXHR", document);
-    SimpleTest.finish();
-    return;
+  let tearDown = (function setUp() {
+    SimpleTest.waitForExplicitFinish();
+
+    const {classes: Cc, interfaces: Ci} = SpecialPowers.wrap(SpecialPowers.Components);
+
+    let authMgr = Cc["@mozilla.org/network/http-auth-manager;1"]
+                    .getService(SpecialPowers.Ci.nsIHttpAuthManager)
+    authMgr.setAuthIdentity("http", "example.com", 80, "basic", "testrealm",
+                            "", "example.com", "user1", "password1");
+
+    SpecialPowers.addPermission("systemXHR", true, document);
+
+    return function tearDown() {
+      authMgr.clearAll();
+      SpecialPowers.removePermission("systemXHR", document);
+      SimpleTest.finish();
+    }
+  }());
+
+  // An XHR with the anon flag set will not send cookie and auth information.
+
+  const TEST_URL = "http://example.com/tests/content/base/test/file_XHR_anon.sjs";
+
+  document.cookie = "foo=bar";
+
+
+  function withoutCredentials() {
+    let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    is(xhr.mozAnon, true, "withoutCredentials: .mozAnon == true");
+    xhr.open("GET", TEST_URL);
+    xhr.onload = function onload() {
+      is(xhr.status, 200, "withoutCredentials: " + xhr.responseText);
+      withCredentials();
+    };
+    xhr.onerror = function onerror() {
+      ok(false, "Got an error event!");
+      tearDown();
+    }
+    xhr.send();
   }
 
-  var test = tests.shift();
-  test();
-}
-
-function test1() {
-  am.addIdentity();
-
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(xhr.mozAnon, true, "test1: .mozAnon == true");
-  xhr.open("GET", TEST_URL);
-  xhr.onload = function onload() {
-    is(xhr.status, 200, "test1: " + xhr.responseText);
-    am.tearDown();
-    runTests();
-  };
-  xhr.onerror = function onerror() {
-    ok(false, "Got an error event!");
-    am.tearDown();
-    runTests();
+  function withCredentials() {
+    // TODO: this currently does not work as expected, see bug 761479
+    let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    is(xhr.mozAnon, true, "withCredentials: .mozAnon == true");
+    xhr.open("GET", TEST_URL + "?expectAuth=true", true,
+             "user2name", "pass2word");
+    xhr.onload = function onload() {
+      todo_is(xhr.status, 200, "withCredentials: " + xhr.responseText);
+      let response = JSON.parse(xhr.responseText);
+      todo_is(response.authorization, "Basic dXNlcjJuYW1lOnBhc3Myd29yZA==");
+      tearDown();
+    };
+    xhr.onerror = function onerror() {
+      ok(false, "Got an error event!");
+      tearDown();
+    }
+    xhr.send();
   }
-  xhr.send();
+
+  withoutCredentials();
 }
 
-function test2() {
-  am.addIdentity();
-
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(xhr.mozAnon, true, "test2: .mozAnon == true");
-  xhr.open("GET", TEST_URL + "?expectAuth=true", true,
-           "user2name", "pass2word");
-  xhr.onload = function onload() {
-    is(xhr.status, 200, "test2: " + xhr.responseText);
-    let response = JSON.parse(xhr.responseText);
-    is(response.authorization, "Basic dXNlcjJuYW1lOnBhc3Myd29yZA==");
-    am.tearDown();
-    runTests();
-  };
-  xhr.onerror = function onerror() {
-    ok(false, "Got an error event!");
-    am.tearDown();
-    runTests();
-  }
-  xhr.send();
-}
-
-function test2a() {
-  am.addIdentity();
-
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(xhr.mozAnon, true, "test2: .mozAnon == true");
-  xhr.open("GET", TEST_URL + "?expectAuth=true", true,
-           "user1", "pass2word");
-  xhr.onload = function onload() {
-    is(xhr.status, 200, "test2: " + xhr.responseText);
-    let response = JSON.parse(xhr.responseText);
-    is(response.authorization, "Basic dXNlcjE6cGFzczJ3b3Jk");
-    am.tearDown();
-    runTests();
-  };
-  xhr.onerror = function onerror() {
-    ok(false, "Got an error event!");
-    am.tearDown();
-    runTests();
-  }
-  xhr.send();
-}
-
-function test3() {
-  am.addIdentity();
-
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(xhr.mozAnon, true, "test3: .mozAnon == true");
-  xhr.open("GET", TEST_URL + "?expectAuth=true", true);
-  xhr.onload = function onload() {
-    is(xhr.status, 401, "test3: " + xhr.responseText);
-    am.tearDown();
-    runTests();
-  };
-  xhr.onerror = function onerror() {
-    ok(false, "Got an error event!");
-    am.tearDown();
-    runTests();
-  }
-  xhr.send();
-}
-
-function test4() {
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(xhr.mozAnon, true, "test4: .mozAnon == true");
-  xhr.open("GET", TEST_URL + "?expectAuth=true", true);
-  xhr.onload = function onload() {
-    is(xhr.status, 401, "test4: " + xhr.responseText);
-    runTests();
-  };
-  xhr.onerror = function onerror() {
-    ok(false, "Got an error event!");
-    runTests();
-  }
-  xhr.send();
-}
-
-function test5() {
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(xhr.mozAnon, true, "test5: .mozAnon == true");
-  xhr.open("GET", TEST_URL + "?expectAuth=true", true,
-           "user2name", "pass2word");
-  xhr.onload = function onload() {
-    is(xhr.status, 200, "test5: " + xhr.responseText);
-    let response = JSON.parse(xhr.responseText);
-    is(response.authorization, "Basic dXNlcjJuYW1lOnBhc3Myd29yZA==");
-    runTests();
-  };
-  xhr.onerror = function onerror() {
-    ok(false, "Got an error event!");
-    runTests();
-  }
-  xhr.send();
-}
-
-am.init();
-SpecialPowers.addPermission("systemXHR", true, document);
-SimpleTest.waitForExplicitFinish();
 </script>
 </pre>
 </body>
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
index 728bef2c3e0..4a5afed3aea 100644
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -92,9 +92,20 @@ nsHttpChannelAuthProvider::ProcessAuthentication(uint32_t httpStatus,
         if (!mProxyInfo) return NS_ERROR_NO_INTERFACE;
     }
 
+    uint32_t loadFlags;
+    rv = mAuthChannel->GetLoadFlags(&loadFlags);
+    if (NS_FAILED(rv)) return rv;
+
     nsAutoCString challenges;
     mProxyAuth = (httpStatus == 407);
 
+    // Do proxy auth even if we're LOAD_ANONYMOUS
+    if ((loadFlags & nsIRequest::LOAD_ANONYMOUS) &&
+        (!mProxyAuth || !UsingHttpProxy())) {
+        LOG(("Skipping authentication for anonymous non-proxy request\n"));
+        return NS_ERROR_NOT_AVAILABLE;
+    }
+
     rv = PrepareForAuthentication(mProxyAuth);
     if (NS_FAILED(rv))
         return rv;
@@ -665,10 +676,6 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
                                  path, ident, continuationState);
     if (NS_FAILED(rv)) return rv;
 
-    uint32_t loadFlags;
-    rv = mAuthChannel->GetLoadFlags(&loadFlags);
-    if (NS_FAILED(rv)) return rv;
-
     if (!proxyAuth) {
         // if this is the first challenge, then try using the identity
         // specified in the URL.
@@ -676,18 +683,6 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
             GetIdentityFromURI(authFlags, mIdent);
             identFromURI = !mIdent.IsEmpty();
         }
-
-        if ((loadFlags & nsIRequest::LOAD_ANONYMOUS) && !identFromURI) {
-            LOG(("Skipping authentication for anonymous non-proxy request\n"));
-            return NS_ERROR_NOT_AVAILABLE;
-        }
-
-        // Let explicit URL credentials pass
-        // regardless of the LOAD_ANONYMOUS flag
-    }
-    else if ((loadFlags & nsIRequest::LOAD_ANONYMOUS) && !UsingHttpProxy()) {
-        LOG(("Skipping authentication for anonymous non-proxy request\n"));
-        return NS_ERROR_NOT_AVAILABLE;
     }
 
     //
@@ -734,9 +729,8 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
                 }
             }
             else if (!identFromURI ||
-                     (nsCRT::strcmp(ident->User(),
-                                    entry->Identity().User()) == 0 &&
-                     !(loadFlags && nsIChannel::LOAD_ANONYMOUS))) {
+                     nsCRT::strcmp(ident->User(),
+                                   entry->Identity().User()) == 0) {
                 LOG(("  taking identity from auth cache\n"));
                 // the password from the auth cache is more likely to be
                 // correct than the one in the URL.  at least, we know that it