diff options
| author | Robert Hogan <robert@webkit.org> | 2010-04-26 18:46:28 (GMT) |
|---|---|---|
| committer | Markus Goetz <Markus.Goetz@nokia.com> | 2010-05-04 08:52:21 (GMT) |
| commit | f3066a7f3dc3c3a69344193b0fb50504c5760086 (patch) | |
| tree | fa02ca7074a996cb30e0980ba7120f7d3a6eef27 /src/network/access/qhttpnetworkconnection.cpp | |
| parent | bff118db81c617fb2460c8341f779adb4d4ec28d (diff) | |
| download | Qt-f3066a7f3dc3c3a69344193b0fb50504c5760086.zip Qt-f3066a7f3dc3c3a69344193b0fb50504c5760086.tar.gz Qt-f3066a7f3dc3c3a69344193b0fb50504c5760086.tar.bz2 | |
QNAM HTTP: Introduce attributes for controlling cookies and auth
Introduced QNetworkRequest::CookieLoadControlAttribute,
QNetworkRequest::CookieSaveControlAttribute and
QNetworkRequest::AuthenticationReuseControlAttribute
These are true by default. They only come into play when QtWebKit
processes a cross-origin XMLHttpRequest. In such cases QtWebKit sets
each of the attributes to false when it creates a QNetworkRequest
where the XMLHttpRequest is cross-origin and has withCredentials
set to false:
var req = new XMLHttpRequest;
req.open("GET", "http://host/resource.php", false);
req.withCredentials = false; // actually false by default
For more information:
http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag
The QtWebKit counterpart of this patch is tracked at:
https://bugs.webkit.org/show_bug.cgi?id=32967
Merge-Request: 592
Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network/access/qhttpnetworkconnection.cpp')
| -rw-r--r-- | src/network/access/qhttpnetworkconnection.cpp | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp index 559124f..31c64f0 100644 --- a/src/network/access/qhttpnetworkconnection.cpp +++ b/src/network/access/qhttpnetworkconnection.cpp @@ -343,9 +343,16 @@ bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket copyCredentials(i, auth, isProxy); QMetaObject::invokeMethod(q, "_q_restartAuthPendingRequests", Qt::QueuedConnection); } + } else if (priv->phase == QAuthenticatorPrivate::Start) { + // If the url's authenticator has a 'user' set we will end up here (phase is only set to 'Done' by + // parseHttpResponse above if 'user' is empty). So if credentials were supplied with the request, + // such as in the case of an XMLHttpRequest, this is our only opportunity to cache them. + emit q->cacheCredentials(reply->request(), auth, q); } - // changing values in QAuthenticator will reset the 'phase' - if (priv->phase == QAuthenticatorPrivate::Done) { + // - Changing values in QAuthenticator will reset the 'phase'. + // - If withCredentials has been set to false (e.g. by QtWebKit for a cross-origin XMLHttpRequest) then + // we need to bail out if authentication is required. + if (priv->phase == QAuthenticatorPrivate::Done || !reply->request().withCredentials()) { // authentication is cancelled, send the current contents to the user. emit channels[i].reply->headerChanged(); emit channels[i].reply->readyRead(); |