REGRESSION: We see authentication challenge sheets for favicon requests.
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 29 Apr 2013 19:07:44 +0000 (19:07 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 29 Apr 2013 19:07:44 +0000 (19:07 +0000)
<rdar://problem/13753470> and https://bugs.webkit.org/show_bug.cgi?id=115288

Reviewed by Alexey Proskuryakov.

Source/WebCore:

No new tests (Not in a tested config, might fix existing test).

Rename ClientCrossOriginCredentialPolicy to ClientCredentialPolicy, make it be three options.
and move it to ResourceHandleTypes where it belongs:
* loader/ResourceLoaderOptions.h:
* platform/network/ResourceHandleTypes.h:

Expose the ClientCredentialPolicy the ResourceLoader was created with:
* loader/ResourceLoader.h:
(WebCore::ResourceLoader::clientCredentialPolicy):

Rework the “should ask client” clause for the new values of ClientCredentialPolicy:
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didReceiveAuthenticationChallenge):

Rework loadResourceSynchronously() to include a ClientCredentialPolicy argument:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadResourceSynchronously):
* loader/FrameLoader.h:
* loader/LoaderStrategy.cpp:
(WebCore::LoaderStrategy::loadResourceSynchronously):
* loader/LoaderStrategy.h:

Never ask the client for credentials for icon loads:
* loader/icon/IconLoader.cpp:
(WebCore::IconLoader::startLoading):

Update all other users of ClientCredentialPolicy to the appropriate new value,
and update all users of loadResourceSynchronously to the new function signature:
* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::loadResourceSynchronously):
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::startLoadingMainResource):
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadResourceSynchronously):
* loader/FrameLoader.h:
(FrameLoader):
* loader/LoaderStrategy.cpp:
(WebCore::LoaderStrategy::loadResourceSynchronously):
* loader/LoaderStrategy.h:
(LoaderStrategy):
* loader/NetscapePlugInStreamLoader.cpp:
(WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
(WebCore::CachedResourceLoader::defaultCachedResourceOptions):
* xml/XSLTProcessorLibxslt.cpp:
(WebCore::docLoaderFunc):
* xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::openFunc):

* WebCore.exp.in:

Source/WebKit2:

Have NetworkResourceLoadParameters remember the ClientCredentialPolicy:
* Shared/Network/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::NetworkResourceLoadParameters):
(WebKit::NetworkResourceLoadParameters::encode):
(WebKit::NetworkResourceLoadParameters::decode):
* Shared/Network/NetworkResourceLoadParameters.h:

Pass along the ClientCredentialPolicy to the NetworkProcess:
* WebProcess/Network/WebResourceLoadScheduler.cpp:
(WebKit::WebResourceLoadScheduler::scheduleLoad):
* WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
(WebKit::WebPlatformStrategies::loadResourceSynchronously):
* WebProcess/WebCoreSupport/WebPlatformStrategies.h:

Have the SchedulableLoader remember the ClientCredentialPolicy:
* NetworkProcess/SchedulableLoader.cpp:
(WebKit::SchedulableLoader::SchedulableLoader):
* NetworkProcess/SchedulableLoader.h:
(WebKit::SchedulableLoader::clientCredentialPolicy):

Don’t message for credentials if the ClientCredentialPolicy forbids it:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didReceiveAuthenticationChallenge):
* NetworkProcess/NetworkResourceLoader.h:

Update for the new loadResourceSynchronously signature (which is still a no-op on the NetworkProcess side):
* NetworkProcess/NetworkProcessPlatformStrategies.cpp:
(WebKit::NetworkProcessPlatformStrategies::loadResourceSynchronously):
* NetworkProcess/NetworkProcessPlatformStrategies.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@149303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

30 files changed:
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/inspector/InspectorFrontendHost.cpp
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/DocumentThreadableLoader.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/loader/FrameLoader.h
Source/WebCore/loader/LoaderStrategy.cpp
Source/WebCore/loader/LoaderStrategy.h
Source/WebCore/loader/NetscapePlugInStreamLoader.cpp
Source/WebCore/loader/ResourceLoader.cpp
Source/WebCore/loader/ResourceLoader.h
Source/WebCore/loader/ResourceLoaderOptions.h
Source/WebCore/loader/cache/CachedResourceLoader.cpp
Source/WebCore/loader/icon/IconLoader.cpp
Source/WebCore/platform/network/ResourceHandleTypes.h
Source/WebCore/xml/XSLTProcessorLibxslt.cpp
Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/NetworkProcessPlatformStrategies.cpp
Source/WebKit2/NetworkProcess/NetworkProcessPlatformStrategies.h
Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit2/NetworkProcess/NetworkResourceLoader.h
Source/WebKit2/NetworkProcess/SchedulableLoader.cpp
Source/WebKit2/NetworkProcess/SchedulableLoader.h
Source/WebKit2/Shared/Network/NetworkResourceLoadParameters.cpp
Source/WebKit2/Shared/Network/NetworkResourceLoadParameters.h
Source/WebKit2/WebProcess/Network/WebResourceLoadScheduler.cpp
Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp
Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.h

index 8b7c552..774e20b 100644 (file)
@@ -1,3 +1,65 @@
+2013-04-29  Brady Eidson  <beidson@apple.com>
+
+        REGRESSION: We see authentication challenge sheets for favicon requests.
+        <rdar://problem/13753470> and https://bugs.webkit.org/show_bug.cgi?id=115288
+
+        Reviewed by Alexey Proskuryakov.
+
+        No new tests (Not in a tested config, might fix existing test).
+
+        Rename ClientCrossOriginCredentialPolicy to ClientCredentialPolicy, make it be three options.
+        and move it to ResourceHandleTypes where it belongs:
+        * loader/ResourceLoaderOptions.h:
+        * platform/network/ResourceHandleTypes.h:
+
+        Expose the ClientCredentialPolicy the ResourceLoader was created with:
+        * loader/ResourceLoader.h:
+        (WebCore::ResourceLoader::clientCredentialPolicy):
+
+        Rework the “should ask client” clause for the new values of ClientCredentialPolicy:
+        * loader/ResourceLoader.cpp:
+        (WebCore::ResourceLoader::didReceiveAuthenticationChallenge):
+
+        Rework loadResourceSynchronously() to include a ClientCredentialPolicy argument:
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadResourceSynchronously):
+        * loader/FrameLoader.h:
+        * loader/LoaderStrategy.cpp:
+        (WebCore::LoaderStrategy::loadResourceSynchronously):
+        * loader/LoaderStrategy.h:
+
+        Never ask the client for credentials for icon loads:
+        * loader/icon/IconLoader.cpp:
+        (WebCore::IconLoader::startLoading):
+
+        Update all other users of ClientCredentialPolicy to the appropriate new value,
+        and update all users of loadResourceSynchronously to the new function signature:
+        * inspector/InspectorFrontendHost.cpp:
+        (WebCore::InspectorFrontendHost::loadResourceSynchronously):
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::startLoadingMainResource):
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::loadRequest):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadResourceSynchronously):
+        * loader/FrameLoader.h:
+        (FrameLoader):
+        * loader/LoaderStrategy.cpp:
+        (WebCore::LoaderStrategy::loadResourceSynchronously):
+        * loader/LoaderStrategy.h:
+        (LoaderStrategy):
+        * loader/NetscapePlugInStreamLoader.cpp:
+        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
+        (WebCore::CachedResourceLoader::defaultCachedResourceOptions):
+        * xml/XSLTProcessorLibxslt.cpp:
+        (WebCore::docLoaderFunc):
+        * xml/parser/XMLDocumentParserLibxml2.cpp:
+        (WebCore::openFunc):
+
+        * WebCore.exp.in:
+
 2013-04-29  Anders Carlsson  <andersca@apple.com>
 
         Add a StorageSyncManager::dispatch helper function
index da94c48..9ba41ca 100644 (file)
@@ -327,7 +327,7 @@ __ZN7WebCore14FrameSelection6modifyENS0_11EAlterationENS_18SelectionDirectionENS
 __ZN7WebCore14FrameSelection9selectAllEv
 __ZN7WebCore14FrameSelectionC1EPNS_5FrameE
 __ZN7WebCore14LoaderStrategy21resourceLoadSchedulerEv
-__ZN7WebCore14LoaderStrategy25loadResourceSynchronouslyEPNS_17NetworkingContextEmRKNS_15ResourceRequestENS_17StoredCredentialsERNS_13ResourceErrorERNS_16ResourceResponseERN3WTF6VectorIcLm0ENSB_15CrashOnOverflowEEE
+__ZN7WebCore14LoaderStrategy25loadResourceSynchronouslyEPNS_17NetworkingContextEmRKNS_15ResourceRequestENS_17StoredCredentialsENS_22ClientCredentialPolicyERNS_13ResourceErrorERNS_16ResourceResponseERN3WTF6VectorIcLm0ENSC_15CrashOnOverflowEEE
 __ZN7WebCore14PluginDocument10pluginNodeEv
 __ZNK7WebCore5Frame25trackedRepaintRectsAsTextEv
 __ZN7WebCore9FrameView13setNodeToDrawEPNS_4NodeE
index 6ed7a88..17b9132 100644 (file)
@@ -286,7 +286,7 @@ String InspectorFrontendHost::loadResourceSynchronously(const String& url)
     Vector<char> data;
     ResourceError error;
     ResourceResponse response;
-    m_frontendPage->mainFrame()->loader()->loadResourceSynchronously(request, DoNotAllowStoredCredentials, error, response, data);
+    m_frontendPage->mainFrame()->loader()->loadResourceSynchronously(request, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
     return String(data.data(), data.size());
 }
 
index 01aba69..3124d32 100644 (file)
@@ -1364,7 +1364,7 @@ void DocumentLoader::startLoadingMainResource()
 
     ResourceRequest request(m_request);
     DEFINE_STATIC_LOCAL(ResourceLoaderOptions, mainResourceLoadOptions,
-        (SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
+        (SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck));
     CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
     m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
     if (!m_mainResource) {
index 9b5f00f..c76c328 100644 (file)
@@ -368,7 +368,7 @@ void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, Secur
 
     if (m_async) {
         ThreadableLoaderOptions options = m_options;
-        options.crossOriginCredentialPolicy = DoNotAskClientForCrossOriginCredentials;
+        options.clientCredentialPolicy = DoNotAskClientForCrossOriginCredentials;
         if (m_actualRequest) {
             // Don't sniff content or send load callbacks for the preflight request.
             options.sendLoadCallbacks = DoNotSendCallbacks;
@@ -401,7 +401,7 @@ void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, Secur
     ResourceResponse response;
     unsigned long identifier = std::numeric_limits<unsigned long>::max();
     if (m_document->frame())
-        identifier = m_document->frame()->loader()->loadResourceSynchronously(request, m_options.allowCredentials, error, response, data);
+        identifier = m_document->frame()->loader()->loadResourceSynchronously(request, m_options.allowCredentials, m_options.clientCredentialPolicy, error, response, data);
 
     InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient(m_document, identifier, m_client);
 
index 6aa9319..703bcdb 100644 (file)
@@ -2553,7 +2553,7 @@ void FrameLoader::loadPostRequest(const ResourceRequest& inRequest, const String
     }
 }
 
-unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& request, StoredCredentials storedCredentials, ClientCredentialPolicy clientCredentialPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
     ASSERT(m_frame->document());
     String referrer = SecurityPolicy::generateReferrerHeader(m_frame->document()->referrerPolicy(), request.url(), outgoingReferrer());
@@ -2579,7 +2579,7 @@ unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& requ
         
         if (!documentLoader()->applicationCacheHost()->maybeLoadSynchronously(newRequest, error, response, data)) {
 #if USE(PLATFORM_STRATEGIES)
-            platformStrategies()->loaderStrategy()->loadResourceSynchronously(networkingContext(), identifier, newRequest, storedCredentials, error, response, data);
+            platformStrategies()->loaderStrategy()->loadResourceSynchronously(networkingContext(), identifier, newRequest, storedCredentials, clientCredentialPolicy, error, response, data);
 #else
             ResourceHandle::loadResourceSynchronously(networkingContext(), newRequest, storedCredentials, error, response, data);
 #endif
index 9165fac..7adc7e5 100644 (file)
@@ -110,7 +110,7 @@ public:
 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
     void loadArchive(PassRefPtr<Archive>);
 #endif
-    unsigned long loadResourceSynchronously(const ResourceRequest&, StoredCredentials, ResourceError&, ResourceResponse&, Vector<char>& data);
+    unsigned long loadResourceSynchronously(const ResourceRequest&, StoredCredentials, ClientCredentialPolicy, ResourceError&, ResourceResponse&, Vector<char>& data);
 
     void changeLocation(SecurityOrigin*, const KURL&, const String& referrer, bool lockHistory = true, bool lockBackForwardList = true, bool refresh = false);
     void urlSelected(const KURL&, const String& target, PassRefPtr<Event>, bool lockHistory, bool lockBackForwardList, ShouldSendReferrer);
index fd02c17..c337940 100644 (file)
@@ -39,7 +39,7 @@ ResourceLoadScheduler* LoaderStrategy::resourceLoadScheduler()
     return WebCore::resourceLoadScheduler();
 }
 
-void LoaderStrategy::loadResourceSynchronously(NetworkingContext* context, unsigned long, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+void LoaderStrategy::loadResourceSynchronously(NetworkingContext* context, unsigned long, const ResourceRequest& request, StoredCredentials storedCredentials, ClientCredentialPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
     ResourceHandle::loadResourceSynchronously(context, request, storedCredentials, error, response, data);
 }
index 2089177..ca594c5 100644 (file)
@@ -44,7 +44,7 @@ class LoaderStrategy {
 public:
     virtual ResourceLoadScheduler* resourceLoadScheduler();
 
-    virtual void loadResourceSynchronously(NetworkingContext*, unsigned long identifier, const ResourceRequest&, StoredCredentials, ResourceError&, ResourceResponse&, Vector<char>& data);
+    virtual void loadResourceSynchronously(NetworkingContext*, unsigned long identifier, const ResourceRequest&, StoredCredentials, ClientCredentialPolicy, ResourceError&, ResourceResponse&, Vector<char>& data);
 
 #if ENABLE(BLOB)
     virtual BlobRegistry* createBlobRegistry();
index 7ddc1a6..a78e807 100644 (file)
@@ -36,7 +36,7 @@
 namespace WebCore {
 
 NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame* frame, NetscapePlugInStreamLoaderClient* client)
-    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck))
+    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck))
     , m_client(client)
 {
 }
index b44f8df..e9ec69b 100644 (file)
@@ -535,7 +535,7 @@ void ResourceLoader::didReceiveAuthenticationChallenge(const AuthenticationChall
     RefPtr<ResourceLoader> protector(this);
 
     if (m_options.allowCredentials == AllowStoredCredentials) {
-        if (m_options.crossOriginCredentialPolicy == AskClientForCrossOriginCredentials || m_frame->document()->securityOrigin()->canRequest(originalRequest().url())) {
+        if (m_options.clientCredentialPolicy == AskClientForAllCredentials || (m_options.clientCredentialPolicy == DoNotAskClientForCrossOriginCredentials && m_frame->document()->securityOrigin()->canRequest(originalRequest().url()))) {
             frameLoader()->notifier()->didReceiveAuthenticationChallenge(this, challenge);
             return;
         }
index 36da05e..86cdb4e 100644 (file)
@@ -137,6 +137,7 @@ public:
     bool shouldSendResourceLoadCallbacks() const { return m_options.sendLoadCallbacks == SendCallbacks; }
     void setSendCallbackPolicy(SendCallbackPolicy sendLoadCallbacks) { m_options.sendLoadCallbacks = sendLoadCallbacks; }
     bool shouldSniffContent() const { return m_options.sniffContent == SniffContent; }
+    ClientCredentialPolicy clientCredentialPolicy() const { return m_options.clientCredentialPolicy; }
 
     bool reachedTerminalState() const { return m_reachedTerminalState; }
 
index 58d61bb..d1b907b 100644 (file)
@@ -50,24 +50,19 @@ enum DataBufferingPolicy {
     DoNotBufferData
 };
 
-enum ClientCrossOriginCredentialPolicy {
-    AskClientForCrossOriginCredentials,
-    DoNotAskClientForCrossOriginCredentials
-};
-
 enum SecurityCheckPolicy {
     SkipSecurityCheck,
     DoSecurityCheck
 };
 
 struct ResourceLoaderOptions {
-    ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAllowStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials), securityCheck(DoSecurityCheck) { }
-    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy, SecurityCheckPolicy securityCheck)
+    ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAllowStoredCredentials), clientCredentialPolicy(DoNotAskClientForAnyCredentials), securityCheck(DoSecurityCheck) { }
+    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck)
         : sendLoadCallbacks(sendLoadCallbacks)
         , sniffContent(sniffContent)
         , dataBufferingPolicy(dataBufferingPolicy)
         , allowCredentials(allowCredentials)
-        , crossOriginCredentialPolicy(crossOriginCredentialPolicy)
+        , clientCredentialPolicy(credentialPolicy)
         , securityCheck(securityCheck)
     {
     }
@@ -75,7 +70,7 @@ struct ResourceLoaderOptions {
     ContentSniffingPolicy sniffContent;
     DataBufferingPolicy dataBufferingPolicy;
     StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
-    ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
+    ClientCredentialPolicy clientCredentialPolicy; // When we should ask the client for credentials (if we allow credentials at all).
     SecurityCheckPolicy securityCheck;
 };
 
index 2452795..b6d6090 100644 (file)
@@ -216,7 +216,7 @@ CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt
     memoryCache()->add(userSheet.get());
     // FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
 
-    userSheet->load(this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
+    userSheet->load(this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck));
     
     return userSheet;
 }
@@ -985,7 +985,7 @@ void CachedResourceLoader::printPreloadStats()
 
 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
 {
-    static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck);
+    static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck);
     return options;
 }
 
index bc700fb..1855854 100644 (file)
@@ -62,7 +62,7 @@ void IconLoader::startLoading()
     if (m_resource || !m_frame->document())
         return;
 
-    CachedResourceRequest request(ResourceRequest(m_frame->loader()->icon()->url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck));
+    CachedResourceRequest request(ResourceRequest(m_frame->loader()->icon()->url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck));
 
 #if PLATFORM(BLACKBERRY)
     request.mutableResourceRequest().setTargetType(ResourceRequest::TargetIsFavicon);
index 870e795..0c31f92 100644 (file)
@@ -33,6 +33,12 @@ enum StoredCredentials {
     DoNotAllowStoredCredentials
 };
 
+enum ClientCredentialPolicy {
+    AskClientForAllCredentials,
+    DoNotAskClientForCrossOriginCredentials,
+    DoNotAskClientForAnyCredentials
+};
+
 } // namespace WebCore
 
 #endif // ResourceHandleTypes_h
index 633716c..14cdab9 100644 (file)
@@ -129,7 +129,7 @@ static xmlDocPtr docLoaderFunc(const xmlChar* uri,
 
         bool requestAllowed = globalCachedResourceLoader->frame() && globalCachedResourceLoader->document()->securityOrigin()->canRequest(url);
         if (requestAllowed) {
-            globalCachedResourceLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, error, response, data);
+            globalCachedResourceLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
             requestAllowed = globalCachedResourceLoader->document()->securityOrigin()->canRequest(response.url());
         }
         if (!requestAllowed) {
index 51c5a2f..12e18e3 100644 (file)
@@ -444,7 +444,7 @@ static void* openFunc(const char* uri)
         // FIXME: We should restore the original global error handler as well.
 
         if (cachedResourceLoader->frame())
-            cachedResourceLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, error, response, data);
+            cachedResourceLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
     }
 
     // We have to check the URL again after the load to catch redirects.
index 191d060..4eb8329 100644 (file)
@@ -1,3 +1,40 @@
+2013-04-29  Brady Eidson  <beidson@apple.com>
+
+        REGRESSION: We see authentication challenge sheets for favicon requests.
+        <rdar://problem/13753470> and https://bugs.webkit.org/show_bug.cgi?id=115288
+
+        Reviewed by Alexey Proskuryakov.
+
+        Have NetworkResourceLoadParameters remember the ClientCredentialPolicy:
+        * Shared/Network/NetworkResourceLoadParameters.cpp:
+        (WebKit::NetworkResourceLoadParameters::NetworkResourceLoadParameters):
+        (WebKit::NetworkResourceLoadParameters::encode):
+        (WebKit::NetworkResourceLoadParameters::decode):
+        * Shared/Network/NetworkResourceLoadParameters.h:
+
+        Pass along the ClientCredentialPolicy to the NetworkProcess:
+        * WebProcess/Network/WebResourceLoadScheduler.cpp:
+        (WebKit::WebResourceLoadScheduler::scheduleLoad):
+        * WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
+        (WebKit::WebPlatformStrategies::loadResourceSynchronously):
+        * WebProcess/WebCoreSupport/WebPlatformStrategies.h:
+
+        Have the SchedulableLoader remember the ClientCredentialPolicy:
+        * NetworkProcess/SchedulableLoader.cpp:
+        (WebKit::SchedulableLoader::SchedulableLoader):
+        * NetworkProcess/SchedulableLoader.h:
+        (WebKit::SchedulableLoader::clientCredentialPolicy):
+
+        Don’t message for credentials if the ClientCredentialPolicy forbids it:
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::didReceiveAuthenticationChallenge):
+        * NetworkProcess/NetworkResourceLoader.h:
+
+        Update for the new loadResourceSynchronously signature (which is still a no-op on the NetworkProcess side):
+        * NetworkProcess/NetworkProcessPlatformStrategies.cpp:
+        (WebKit::NetworkProcessPlatformStrategies::loadResourceSynchronously):
+        * NetworkProcess/NetworkProcessPlatformStrategies.h:
+
 2013-04-29  Jer Noble  <jer.noble@apple.com>
 
         Unreviewed build fix. Point the Network process towards its own version of SecItemShim.dyld.
index 6907309..dcf7588 100644 (file)
@@ -84,7 +84,7 @@ ResourceLoadScheduler* NetworkProcessPlatformStrategies::resourceLoadScheduler()
     return 0;
 }
 
-void NetworkProcessPlatformStrategies::loadResourceSynchronously(NetworkingContext*, unsigned long resourceLoadIdentifier, const ResourceRequest&, StoredCredentials, ResourceError&, ResourceResponse&, Vector<char>& data)
+void NetworkProcessPlatformStrategies::loadResourceSynchronously(NetworkingContext*, unsigned long resourceLoadIdentifier, const ResourceRequest&, StoredCredentials, ClientCredentialPolicy, ResourceError&, ResourceResponse&, Vector<char>& data)
 {
     ASSERT_NOT_REACHED();
 }
index 066e79d..818cceb 100644 (file)
@@ -48,7 +48,7 @@ private:
 
     // WebCore::LoaderStrategy
     virtual WebCore::ResourceLoadScheduler* resourceLoadScheduler() OVERRIDE;
-    virtual void loadResourceSynchronously(WebCore::NetworkingContext*, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentials, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) OVERRIDE;
+    virtual void loadResourceSynchronously(WebCore::NetworkingContext*, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentials, WebCore::ClientCredentialPolicy, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) OVERRIDE;
 #if ENABLE(BLOB)
     virtual WebCore::BlobRegistry* createBlobRegistry() OVERRIDE;
 #endif
index 075b35c..45ff769 100644 (file)
@@ -298,6 +298,14 @@ void NetworkResourceLoader::didReceiveAuthenticationChallenge(ResourceHandle* ha
 {
     ASSERT_UNUSED(handle, handle == m_handle);
 
+    // FIXME (http://webkit.org/b/115291): Since we go straight to the UI process for authentication we don't get WebCore's
+    // cross-origin check before asking the client for credentials.
+    // Therefore we are too permissive in the case where the ClientCredentialPolicy is DoNotAskClientForCrossOriginCredentials.
+    if (clientCredentialPolicy() == DoNotAskClientForAnyCredentials) {
+        challenge.authenticationClient()->receivedRequestToContinueWithoutCredential(challenge);
+        return;
+    }
+
     NetworkProcess::shared().authenticationManager().didReceiveAuthenticationChallenge(webPageID(), webFrameID(), challenge);
 }
 
index 82e1555..f99068f 100644 (file)
@@ -32,7 +32,6 @@
 #include "SchedulableLoader.h"
 #include "ShareableResource.h"
 #include <WebCore/ResourceHandleClient.h>
-#include <WebCore/ResourceLoaderOptions.h>
 #include <WebCore/RunLoop.h>
 
 typedef const struct _CFCachedURLResponse* CFCachedURLResponseRef;
index 55b0a91..9d46f74 100644 (file)
@@ -45,6 +45,7 @@ SchedulableLoader::SchedulableLoader(const NetworkResourceLoadParameters& parame
     , m_priority(parameters.priority)
     , m_contentSniffingPolicy(parameters.contentSniffingPolicy)
     , m_allowStoredCredentials(parameters.allowStoredCredentials)
+    , m_clientCredentialPolicy(parameters.clientCredentialPolicy)
     , m_inPrivateBrowsingMode(parameters.inPrivateBrowsingMode)
     , m_shouldClearReferrerOnHTTPSToHTTPRedirect(parameters.shouldClearReferrerOnHTTPSToHTTPRedirect)
     , m_isLoadingMainResource(parameters.isMainResource)
index 7b243e0..18e9fa4 100644 (file)
@@ -51,6 +51,7 @@ public:
     WebCore::ResourceLoadPriority priority() const { return m_priority; }
     WebCore::ContentSniffingPolicy contentSniffingPolicy() const { return m_contentSniffingPolicy; }
     WebCore::StoredCredentials allowStoredCredentials() const { return m_allowStoredCredentials; }
+    WebCore::ClientCredentialPolicy clientCredentialPolicy() const { return m_clientCredentialPolicy; }
     bool inPrivateBrowsingMode() const { return m_inPrivateBrowsingMode; }
     bool isLoadingMainResource() const { return m_isLoadingMainResource; }
 
@@ -80,6 +81,7 @@ private:
     WebCore::ResourceLoadPriority m_priority;
     WebCore::ContentSniffingPolicy m_contentSniffingPolicy;
     WebCore::StoredCredentials m_allowStoredCredentials;
+    WebCore::ClientCredentialPolicy m_clientCredentialPolicy;
     bool m_inPrivateBrowsingMode;
     bool m_shouldClearReferrerOnHTTPSToHTTPRedirect;
     bool m_isLoadingMainResource;
index e4aad99..99d1d46 100644 (file)
@@ -44,6 +44,7 @@ NetworkResourceLoadParameters::NetworkResourceLoadParameters()
     , priority(ResourceLoadPriorityVeryLow)
     , contentSniffingPolicy(SniffContent)
     , allowStoredCredentials(DoNotAllowStoredCredentials)
+    , clientCredentialPolicy(DoNotAskClientForAnyCredentials)
     , inPrivateBrowsingMode(false)
     , shouldClearReferrerOnHTTPSToHTTPRedirect(true)
     , isMainResource(false)
@@ -92,6 +93,7 @@ void NetworkResourceLoadParameters::encode(CoreIPC::ArgumentEncoder& encoder) co
     encoder.encodeEnum(priority);
     encoder.encodeEnum(contentSniffingPolicy);
     encoder.encodeEnum(allowStoredCredentials);
+    encoder.encodeEnum(clientCredentialPolicy);
     encoder << inPrivateBrowsingMode;
     encoder << shouldClearReferrerOnHTTPSToHTTPRedirect;
     encoder << isMainResource;
@@ -137,6 +139,8 @@ bool NetworkResourceLoadParameters::decode(CoreIPC::ArgumentDecoder& decoder, Ne
         return false;
     if (!decoder.decodeEnum(result.allowStoredCredentials))
         return false;
+    if (!decoder.decodeEnum(result.clientCredentialPolicy))
+        return false;
     if (!decoder.decode(result.inPrivateBrowsingMode))
         return false;
     if (!decoder.decode(result.shouldClearReferrerOnHTTPSToHTTPRedirect))
index e83d2ec..f26bb1d 100644 (file)
@@ -58,6 +58,7 @@ public:
     WebCore::ResourceLoadPriority priority;
     WebCore::ContentSniffingPolicy contentSniffingPolicy;
     WebCore::StoredCredentials allowStoredCredentials;
+    WebCore::ClientCredentialPolicy clientCredentialPolicy;
     bool inPrivateBrowsingMode;
     bool shouldClearReferrerOnHTTPSToHTTPRedirect;
     bool isMainResource;
index e3a9983..7a0f6df 100644 (file)
@@ -116,6 +116,7 @@ void WebResourceLoadScheduler::scheduleLoad(ResourceLoader* resourceLoader, Cach
     loadParameters.priority = priority;
     loadParameters.contentSniffingPolicy = contentSniffingPolicy;
     loadParameters.allowStoredCredentials = allowStoredCredentials;
+    loadParameters.clientCredentialPolicy = resourceLoader->clientCredentialPolicy();
     loadParameters.inPrivateBrowsingMode = privateBrowsingEnabled;
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect;
     loadParameters.isMainResource = resource && resource->type() == CachedResource::MainResource;
index fb75fbd..9078e26 100644 (file)
@@ -226,10 +226,10 @@ ResourceLoadScheduler* WebPlatformStrategies::resourceLoadScheduler()
     return scheduler;
 }
 
-void WebPlatformStrategies::loadResourceSynchronously(NetworkingContext* context, unsigned long resourceLoadIdentifier, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+void WebPlatformStrategies::loadResourceSynchronously(NetworkingContext* context, unsigned long resourceLoadIdentifier, const ResourceRequest& request, StoredCredentials storedCredentials, ClientCredentialPolicy clientCredentialPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
     if (!WebProcess::shared().usesNetworkProcess()) {
-        LoaderStrategy::loadResourceSynchronously(context, resourceLoadIdentifier, request, storedCredentials, error, response, data);
+        LoaderStrategy::loadResourceSynchronously(context, resourceLoadIdentifier, request, storedCredentials, clientCredentialPolicy, error, response, data);
         return;
     }
 
@@ -241,6 +241,7 @@ void WebPlatformStrategies::loadResourceSynchronously(NetworkingContext* context
     loadParameters.priority = ResourceLoadPriorityHighest;
     loadParameters.contentSniffingPolicy = SniffContent;
     loadParameters.allowStoredCredentials = storedCredentials;
+    loadParameters.clientCredentialPolicy = clientCredentialPolicy;
     loadParameters.inPrivateBrowsingMode = context->storageSession().isPrivateBrowsingSession();
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = context->shouldClearReferrerOnHTTPSToHTTPRedirect();
 
index 4d1a92b..92bc03d 100644 (file)
@@ -73,7 +73,7 @@ private:
     // WebCore::LoaderStrategy
 #if ENABLE(NETWORK_PROCESS)
     virtual WebCore::ResourceLoadScheduler* resourceLoadScheduler() OVERRIDE;
-    virtual void loadResourceSynchronously(WebCore::NetworkingContext*, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentials, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) OVERRIDE;
+    virtual void loadResourceSynchronously(WebCore::NetworkingContext*, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentials, WebCore::ClientCredentialPolicy, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) OVERRIDE;
 #if ENABLE(BLOB)
     virtual WebCore::BlobRegistry* createBlobRegistry() OVERRIDE;
 #endif