diff options
-rw-r--r-- | src/network/access/qhttpnetworkconnection.cpp | 11 | ||||
-rw-r--r-- | src/network/access/qhttpnetworkconnectionchannel.cpp | 1 |
2 files changed, 6 insertions, 6 deletions
diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp index ccdbb20..54a7548 100644 --- a/src/network/access/qhttpnetworkconnection.cpp +++ b/src/network/access/qhttpnetworkconnection.cpp @@ -338,13 +338,9 @@ bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket copyCredentials(i, auth, isProxy); QMetaObject::invokeMethod(q, "_q_restartAuthPendingRequests", Qt::QueuedConnection); } - } else if (priv->phase == QAuthenticatorPrivate::Start) { - // If the url's authenticator has a 'user' set we will end up here (phase is only set to 'Done' by - // parseHttpResponse above if 'user' is empty). So if credentials were supplied with the request, - // such as in the case of an XMLHttpRequest, this is our only opportunity to cache them. - emit q->cacheCredentials(reply->request(), auth, q); } - // - Changing values in QAuthenticator will reset the 'phase'. + // - Changing values in QAuthenticator will reset the 'phase'. Therefore if it is still "Done" + // then nothing was filled in by the user or the cache // - If withCredentials has been set to false (e.g. by QtWebKit for a cross-origin XMLHttpRequest) then // we need to bail out if authentication is required. if (priv->phase == QAuthenticatorPrivate::Done || !reply->request().withCredentials()) { @@ -380,6 +376,7 @@ void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket, int i = indexOf(socket); + // Send "Authorization" header, but not if it's NTLM and the socket is already authenticated. if (channels[i].authMehtod != QAuthenticatorPrivate::None) { if (!(channels[i].authMehtod == QAuthenticatorPrivate::Ntlm && channels[i].lastStatus != 401)) { QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(channels[i].authenticator); @@ -389,6 +386,8 @@ void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket, } } } + + // Send "Proxy-Authorization" header, but not if it's NTLM and the socket is already authenticated. if (channels[i].proxyAuthMehtod != QAuthenticatorPrivate::None) { if (!(channels[i].proxyAuthMehtod == QAuthenticatorPrivate::Ntlm && channels[i].lastStatus != 407)) { QAuthenticatorPrivate *priv = QAuthenticatorPrivate::getPrivate(channels[i].proxyAuthenticator); diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp index d10f951..f83e7c1 100644 --- a/src/network/access/qhttpnetworkconnectionchannel.cpp +++ b/src/network/access/qhttpnetworkconnectionchannel.cpp @@ -190,6 +190,7 @@ bool QHttpNetworkConnectionChannel::sendRequest() || (!url.password().isEmpty() && url.password() != auth.password())) { auth.setUser(url.userName()); auth.setPassword(url.password()); + emit connection->cacheCredentials(request, &auth, connection); connection->d_func()->copyCredentials(connection->d_func()->indexOf(socket), &auth, false); } // clear the userinfo, since we use the same request for resending |