2009-03-26 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
authorkov@webkit.org <kov@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Mar 2009 11:43:09 +0000 (11:43 +0000)
committerkov@webkit.org <kov@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Mar 2009 11:43:09 +0000 (11:43 +0000)
        Reviewed by Holger Freyther.

        https://bugs.webkit.org/show_bug.cgi?id=24804
        [GTK] 401 responses cause rogue content to be loaded

        Our soup code handles 401 responses itself, so we should not feed
        the headers and data of those responses to the loader.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::gotHeadersCallback):
        (WebCore::gotChunkCallback):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@42001 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/platform/network/soup/ResourceHandleSoup.cpp

index 866e0d6..981e7c2 100644 (file)
@@ -1,3 +1,17 @@
+2009-03-26  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Reviewed by Holger Freyther.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24804
+        [GTK] 401 responses cause rogue content to be loaded
+
+        Our soup code handles 401 responses itself, so we should not feed
+        the headers and data of those responses to the loader.
+
+        * platform/network/soup/ResourceHandleSoup.cpp:
+        (WebCore::gotHeadersCallback):
+        (WebCore::gotChunkCallback):
+
 2009-03-25  Geoffrey Garen  <ggaren@apple.com>
 
         Reviewed by Oliver Hunt and Darin Adler.
index b723c4b..1b91e32 100644 (file)
@@ -234,6 +234,18 @@ static void restartedCallback(SoupMessage* msg, gpointer data)
 
 static void gotHeadersCallback(SoupMessage* msg, gpointer data)
 {
+    // For 401, we will accumulate the resource body, and only use it
+    // in case authentication with the soup feature doesn't happen
+    if (msg->status_code == SOUP_STATUS_UNAUTHORIZED) {
+        soup_message_body_set_accumulate(msg->response_body, TRUE);
+        return;
+    }
+
+    // For all the other responses, we handle each chunk ourselves,
+    // and we don't need msg->response_body to contain all of the data
+    // we got, when we finish downloading.
+    soup_message_body_set_accumulate(msg->response_body, FALSE);
+
     // The 304 status code (SOUP_STATUS_NOT_MODIFIED) needs to be fed
     // into WebCore, as opposed to other kinds of redirections, which
     // are handled by soup directly, so we special-case it here and in
@@ -268,7 +280,8 @@ static void gotHeadersCallback(SoupMessage* msg, gpointer data)
 static void gotChunkCallback(SoupMessage* msg, SoupBuffer* chunk, gpointer data)
 {
     if (SOUP_STATUS_IS_TRANSPORT_ERROR(msg->status_code)
-        || (SOUP_STATUS_IS_REDIRECTION(msg->status_code) && (msg->status_code != SOUP_STATUS_NOT_MODIFIED)))
+        || (SOUP_STATUS_IS_REDIRECTION(msg->status_code) && (msg->status_code != SOUP_STATUS_NOT_MODIFIED))
+        || (msg->status_code == SOUP_STATUS_UNAUTHORIZED))
         return;
 
     ResourceHandle* handle = static_cast<ResourceHandle*>(data);
@@ -321,6 +334,18 @@ static void finishedCallback(SoupSession *session, SoupMessage* msg, gpointer da
         return;
     }
 
+    if (msg->status_code == SOUP_STATUS_UNAUTHORIZED) {
+        fillResponseFromMessage(msg, &d->m_response);
+        client->didReceiveResponse(handle.get(), d->m_response);
+
+        // WebCore might have cancelled the job in the while
+        if (d->m_cancelled)
+            return;
+
+        if (msg->response_body->data)
+            client->didReceiveData(handle.get(), msg->response_body->data, msg->response_body->length, true);
+    }
+
     client->didFinishLoading(handle.get());
 }
 
@@ -507,9 +532,6 @@ bool ResourceHandle::startHttp(String urlString)
     // balanced by a deref() in finishedCallback, which should always run
     ref();
 
-    // We handle each chunk ourselves, and we don't need msg->response_body
-    // to contain all of the data we got, when we finish downloading.
-    soup_message_body_set_accumulate(msg->response_body, FALSE);
     soup_session_queue_message(session, d->m_msg, finishedCallback, this);
 
     return true;