wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 761479 - XMLHttpRequest with mozAnon=true should still send explicitly passed username + password, r=cbiesinger

Browse Source
This commit is contained in:
Honza Bambas 2012-10-24 16:05:13 +02:00
parent 7cfe0306d0
commit 88f5982042
3 changed files with 170 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/base/test/file_XHR_anon.sjs
View File

@ -6,7 +6,8 @@ function handleRequest(request, response) {
if (request.hasHeader("Authorization")) {
headers["authorization"] = request.getHeader("Authorization");
} else {
response.setStatusLine(null, 500, "Server Error");
response.setStatusLine(null, 401, "Authentication required");
response.setHeader("WWW-Authenticate", "basic realm=\"testrealm\"", true);
}
} else {
invalidHeaders.push("Authorization");

207
content/base/test/test_XHR_anon.html
View File

@ -16,71 +16,162 @@
<pre id="test">
<script class="testbody" type="application/javascript;version=1.8">
// An XHR with the anon flag set will not send cookie and auth information.
const TEST_URL = "http://example.com/tests/content/base/test/file_XHR_anon.sjs";
document.cookie = "foo=bar";
function runTests() {
let tearDown = (function setUp() {
SimpleTest.waitForExplicitFinish();
let am = {
authMgr: null,
const {classes: Cc, interfaces: Ci} = SpecialPowers.wrap(SpecialPowers.Components);
init: function() {
const {classes: Cc, interfaces: Ci} = SpecialPowers.wrap(Components);
let authMgr = Cc["@mozilla.org/network/http-auth-manager;1"]
.getService(SpecialPowers.Ci.nsIHttpAuthManager)
authMgr.setAuthIdentity("http", "example.com", 80, "basic", "testrealm",
"", "example.com", "user1", "password1");
this.authMgr = Cc["@mozilla.org/network/http-auth-manager;1"]
.getService(Components.interfaces.nsIHttpAuthManager)
},
SpecialPowers.addPermission("systemXHR", true, document);
addIdentity: function() {
this.authMgr.setAuthIdentity("http", "example.com", -1, "basic", "testrealm",
"", "example.com", "user1", "password1");
},
return function tearDown() {
authMgr.clearAll();
SpecialPowers.removePermission("systemXHR", document);
SimpleTest.finish();
}
}());
// An XHR with the anon flag set will not send cookie and auth information.
const TEST_URL = "http://example.com/tests/content/base/test/file_XHR_anon.sjs";
document.cookie = "foo=bar";
function withoutCredentials() {
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "withoutCredentials: .mozAnon == true");
xhr.open("GET", TEST_URL);
xhr.onload = function onload() {
is(xhr.status, 200, "withoutCredentials: " + xhr.responseText);
withCredentials();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
tearDown();
}
xhr.send();
}
function withCredentials() {
// TODO: this currently does not work as expected, see bug 761479
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "withCredentials: .mozAnon == true");
xhr.open("GET", TEST_URL + "?expectAuth=true", true,
"user2name", "pass2word");
xhr.onload = function onload() {
todo_is(xhr.status, 200, "withCredentials: " + xhr.responseText);
let response = JSON.parse(xhr.responseText);
todo_is(response.authorization, "Basic dXNlcjJuYW1lOnBhc3Myd29yZA==");
tearDown();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
tearDown();
}
xhr.send();
}
withoutCredentials();
tearDown: function() {
this.authMgr.clearAll();
},
}
var tests = [ test1, test2, test2a, test3, test3, test3, test4, test4, test4, test5, test5, test5 ];
function runTests() {
if (!tests.length) {
am.tearDown();
SpecialPowers.removePermission("systemXHR", document);
SimpleTest.finish();
return;
}
var test = tests.shift();
test();
}
function test1() {
am.addIdentity();
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "test1: .mozAnon == true");
xhr.open("GET", TEST_URL);
xhr.onload = function onload() {
is(xhr.status, 200, "test1: " + xhr.responseText);
am.tearDown();
runTests();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
am.tearDown();
runTests();
}
xhr.send();
}
function test2() {
am.addIdentity();
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "test2: .mozAnon == true");
xhr.open("GET", TEST_URL + "?expectAuth=true", true,
"user2name", "pass2word");
xhr.onload = function onload() {
is(xhr.status, 200, "test2: " + xhr.responseText);
let response = JSON.parse(xhr.responseText);
is(response.authorization, "Basic dXNlcjJuYW1lOnBhc3Myd29yZA==");
am.tearDown();
runTests();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
am.tearDown();
runTests();
}
xhr.send();
}
function test2a() {
am.addIdentity();
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "test2: .mozAnon == true");
xhr.open("GET", TEST_URL + "?expectAuth=true", true,
"user1", "pass2word");
xhr.onload = function onload() {
is(xhr.status, 200, "test2: " + xhr.responseText);
let response = JSON.parse(xhr.responseText);
is(response.authorization, "Basic dXNlcjE6cGFzczJ3b3Jk");
am.tearDown();
runTests();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
am.tearDown();
runTests();
}
xhr.send();
}
function test3() {
am.addIdentity();
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "test3: .mozAnon == true");
xhr.open("GET", TEST_URL + "?expectAuth=true", true);
xhr.onload = function onload() {
is(xhr.status, 401, "test3: " + xhr.responseText);
am.tearDown();
runTests();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
am.tearDown();
runTests();
}
xhr.send();
}
function test4() {
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "test4: .mozAnon == true");
xhr.open("GET", TEST_URL + "?expectAuth=true", true);
xhr.onload = function onload() {
is(xhr.status, 401, "test4: " + xhr.responseText);
runTests();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
runTests();
}
xhr.send();
}
function test5() {
let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
is(xhr.mozAnon, true, "test5: .mozAnon == true");
xhr.open("GET", TEST_URL + "?expectAuth=true", true,
"user2name", "pass2word");
xhr.onload = function onload() {
is(xhr.status, 200, "test5: " + xhr.responseText);
let response = JSON.parse(xhr.responseText);
is(response.authorization, "Basic dXNlcjJuYW1lOnBhc3Myd29yZA==");
runTests();
};
xhr.onerror = function onerror() {
ok(false, "Got an error event!");
runTests();
}
xhr.send();
}
am.init();
SpecialPowers.addPermission("systemXHR", true, document);
SimpleTest.waitForExplicitFinish();
</script>
</pre>
</body>

32
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
View File

@ -92,20 +92,9 @@ nsHttpChannelAuthProvider::ProcessAuthentication(uint32_t httpStatus,
if (!mProxyInfo) return NS_ERROR_NO_INTERFACE;
}
uint32_t loadFlags;
rv = mAuthChannel->GetLoadFlags(&loadFlags);
if (NS_FAILED(rv)) return rv;
nsAutoCString challenges;
mProxyAuth = (httpStatus == 407);
// Do proxy auth even if we're LOAD_ANONYMOUS
if ((loadFlags & nsIRequest::LOAD_ANONYMOUS) &&
(!mProxyAuth || !UsingHttpProxy())) {
LOG(("Skipping authentication for anonymous non-proxy request\n"));
return NS_ERROR_NOT_AVAILABLE;
}
rv = PrepareForAuthentication(mProxyAuth);
if (NS_FAILED(rv))
return rv;
@ -676,6 +665,10 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
path, ident, continuationState);
if (NS_FAILED(rv)) return rv;
uint32_t loadFlags;
rv = mAuthChannel->GetLoadFlags(&loadFlags);
if (NS_FAILED(rv)) return rv;
if (!proxyAuth) {
// if this is the first challenge, then try using the identity
// specified in the URL.
@ -683,6 +676,18 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
GetIdentityFromURI(authFlags, mIdent);
identFromURI = !mIdent.IsEmpty();
}
if ((loadFlags & nsIRequest::LOAD_ANONYMOUS) && !identFromURI) {
LOG(("Skipping authentication for anonymous non-proxy request\n"));
return NS_ERROR_NOT_AVAILABLE;
}
// Let explicit URL credentials pass
// regardless of the LOAD_ANONYMOUS flag
}
else if ((loadFlags & nsIRequest::LOAD_ANONYMOUS) && !UsingHttpProxy()) {
LOG(("Skipping authentication for anonymous non-proxy request\n"));
return NS_ERROR_NOT_AVAILABLE;
}
//
@ -729,8 +734,9 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
}
}
else if (!identFromURI ||
nsCRT::strcmp(ident->User(),
entry->Identity().User()) == 0) {
(nsCRT::strcmp(ident->User(),
entry->Identity().User()) == 0 &&
!(loadFlags & nsIChannel::LOAD_ANONYMOUS))) {
LOG((" taking identity from auth cache\n"));
// the password from the auth cache is more likely to be
// correct than the one in the URL. at least, we know that it