From f3066a7f3dc3c3a69344193b0fb50504c5760086 Mon Sep 17 00:00:00 2001 From: Robert Hogan Date: Mon, 26 Apr 2010 19:46:28 +0100 Subject: QNAM HTTP: Introduce attributes for controlling cookies and auth Introduced QNetworkRequest::CookieLoadControlAttribute, QNetworkRequest::CookieSaveControlAttribute and QNetworkRequest::AuthenticationReuseControlAttribute These are true by default. They only come into play when QtWebKit processes a cross-origin XMLHttpRequest. In such cases QtWebKit sets each of the attributes to false when it creates a QNetworkRequest where the XMLHttpRequest is cross-origin and has withCredentials set to false: var req = new XMLHttpRequest; req.open("GET", "http://host/resource.php", false); req.withCredentials = false; // actually false by default For more information: http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag The QtWebKit counterpart of this patch is tracked at: https://bugs.webkit.org/show_bug.cgi?id=32967 Merge-Request: 592 Reviewed-by: Markus Goetz --- src/network/access/qhttpnetworkconnection.cpp | 11 +++++- src/network/access/qhttpnetworkconnection_p.h | 2 + .../access/qhttpnetworkconnectionchannel.cpp | 7 +++- src/network/access/qhttpnetworkrequest.cpp | 13 ++++++- src/network/access/qhttpnetworkrequest_p.h | 4 ++ src/network/access/qnetworkaccessbackend.cpp | 5 +++ src/network/access/qnetworkaccessbackend_p.h | 1 + src/network/access/qnetworkaccesshttpbackend.cpp | 13 +++++++ src/network/access/qnetworkaccesshttpbackend_p.h | 1 + src/network/access/qnetworkaccessmanager.cpp | 27 ++++++++----- src/network/access/qnetworkreplyimpl.cpp | 8 +++- src/network/access/qnetworkrequest.cpp | 45 ++++++++++++++++++++++ src/network/access/qnetworkrequest.h | 7 ++++ 13 files changed, 128 insertions(+), 16 deletions(-) diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp index 559124f..31c64f0 100644 --- a/src/network/access/qhttpnetworkconnection.cpp +++ b/src/network/access/qhttpnetworkconnection.cpp @@ -343,9 +343,16 @@ bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket copyCredentials(i, auth, isProxy); QMetaObject::invokeMethod(q, "_q_restartAuthPendingRequests", Qt::QueuedConnection); } + } else if (priv->phase == QAuthenticatorPrivate::Start) { + // If the url's authenticator has a 'user' set we will end up here (phase is only set to 'Done' by + // parseHttpResponse above if 'user' is empty). So if credentials were supplied with the request, + // such as in the case of an XMLHttpRequest, this is our only opportunity to cache them. + emit q->cacheCredentials(reply->request(), auth, q); } - // changing values in QAuthenticator will reset the 'phase' - if (priv->phase == QAuthenticatorPrivate::Done) { + // - Changing values in QAuthenticator will reset the 'phase'. + // - If withCredentials has been set to false (e.g. by QtWebKit for a cross-origin XMLHttpRequest) then + // we need to bail out if authentication is required. + if (priv->phase == QAuthenticatorPrivate::Done || !reply->request().withCredentials()) { // authentication is cancelled, send the current contents to the user. emit channels[i].reply->headerChanged(); emit channels[i].reply->readyRead(); diff --git a/src/network/access/qhttpnetworkconnection_p.h b/src/network/access/qhttpnetworkconnection_p.h index b5bd300..51666d6 100644 --- a/src/network/access/qhttpnetworkconnection_p.h +++ b/src/network/access/qhttpnetworkconnection_p.h @@ -133,6 +133,8 @@ Q_SIGNALS: #endif void authenticationRequired(const QHttpNetworkRequest &request, QAuthenticator *authenticator, const QHttpNetworkConnection *connection = 0); + void cacheCredentials(const QHttpNetworkRequest &request, QAuthenticator *authenticator, + const QHttpNetworkConnection *connection = 0); void error(QNetworkReply::NetworkError errorCode, const QString &detail = QString()); private: diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp index 3b7bc9e..d24eb1f 100644 --- a/src/network/access/qhttpnetworkconnectionchannel.cpp +++ b/src/network/access/qhttpnetworkconnectionchannel.cpp @@ -173,7 +173,7 @@ bool QHttpNetworkConnectionChannel::sendRequest() pendingEncrypt = false; // if the url contains authentication parameters, use the new ones // both channels will use the new authentication parameters - if (!request.url().userInfo().isEmpty()) { + if (!request.url().userInfo().isEmpty() && request.withCredentials()) { QUrl url = request.url(); QAuthenticator &auth = authenticator; if (url.userName() != auth.user() @@ -187,7 +187,10 @@ bool QHttpNetworkConnectionChannel::sendRequest() url.setUserInfo(QString()); request.setUrl(url); } - connection->d_func()->createAuthorization(socket, request); + // Will only be false if QtWebKit is performing a cross-origin XMLHttpRequest + // and withCredentials has not been set to true. + if (request.withCredentials()) + connection->d_func()->createAuthorization(socket, request); #ifndef QT_NO_NETWORKPROXY QByteArray header = QHttpNetworkRequestPrivate::header(request, (connection->d_func()->networkProxy.type() != QNetworkProxy::NoProxy)); diff --git a/src/network/access/qhttpnetworkrequest.cpp b/src/network/access/qhttpnetworkrequest.cpp index 9eb2399..639025e 100644 --- a/src/network/access/qhttpnetworkrequest.cpp +++ b/src/network/access/qhttpnetworkrequest.cpp @@ -49,7 +49,7 @@ QT_BEGIN_NAMESPACE QHttpNetworkRequestPrivate::QHttpNetworkRequestPrivate(QHttpNetworkRequest::Operation op, QHttpNetworkRequest::Priority pri, const QUrl &newUrl) : QHttpNetworkHeaderPrivate(newUrl), operation(op), priority(pri), uploadByteDevice(0), - autoDecompress(false), pipeliningAllowed(false) + autoDecompress(false), pipeliningAllowed(false), withCredentials(true) { } @@ -62,6 +62,7 @@ QHttpNetworkRequestPrivate::QHttpNetworkRequestPrivate(const QHttpNetworkRequest autoDecompress = other.autoDecompress; pipeliningAllowed = other.pipeliningAllowed; customVerb = other.customVerb; + withCredentials = other.withCredentials; } QHttpNetworkRequestPrivate::~QHttpNetworkRequestPrivate() @@ -274,6 +275,16 @@ void QHttpNetworkRequest::setPipeliningAllowed(bool b) d->pipeliningAllowed = b; } +bool QHttpNetworkRequest::withCredentials() const +{ + return d->withCredentials; +} + +void QHttpNetworkRequest::setWithCredentials(bool b) +{ + d->withCredentials = b; +} + void QHttpNetworkRequest::setUploadByteDevice(QNonContiguousByteDevice *bd) { d->uploadByteDevice = bd; diff --git a/src/network/access/qhttpnetworkrequest_p.h b/src/network/access/qhttpnetworkrequest_p.h index 1b35a84..15cab73 100644 --- a/src/network/access/qhttpnetworkrequest_p.h +++ b/src/network/access/qhttpnetworkrequest_p.h @@ -113,6 +113,9 @@ public: bool isPipeliningAllowed() const; void setPipeliningAllowed(bool b); + bool withCredentials() const; + void setWithCredentials(bool b); + void setUploadByteDevice(QNonContiguousByteDevice *bd); QNonContiguousByteDevice* uploadByteDevice() const; @@ -142,6 +145,7 @@ public: mutable QNonContiguousByteDevice* uploadByteDevice; bool autoDecompress; bool pipeliningAllowed; + bool withCredentials; }; diff --git a/src/network/access/qnetworkaccessbackend.cpp b/src/network/access/qnetworkaccessbackend.cpp index f188bd5..2a02c99 100644 --- a/src/network/access/qnetworkaccessbackend.cpp +++ b/src/network/access/qnetworkaccessbackend.cpp @@ -327,6 +327,11 @@ void QNetworkAccessBackend::authenticationRequired(QAuthenticator *authenticator manager->authenticationRequired(this, authenticator); } +void QNetworkAccessBackend::cacheCredentials(QAuthenticator *authenticator) +{ + manager->addCredentials(this->reply->url, authenticator); +} + void QNetworkAccessBackend::metaDataChanged() { reply->metaDataChanged(); diff --git a/src/network/access/qnetworkaccessbackend_p.h b/src/network/access/qnetworkaccessbackend_p.h index 4ce37a6..4fe6de6 100644 --- a/src/network/access/qnetworkaccessbackend_p.h +++ b/src/network/access/qnetworkaccessbackend_p.h @@ -188,6 +188,7 @@ protected slots: void proxyAuthenticationRequired(const QNetworkProxy &proxy, QAuthenticator *auth); #endif void authenticationRequired(QAuthenticator *auth); + void cacheCredentials(QAuthenticator *auth); void metaDataChanged(); void redirectionRequested(const QUrl &destination); void sslErrors(const QList &errors); diff --git a/src/network/access/qnetworkaccesshttpbackend.cpp b/src/network/access/qnetworkaccesshttpbackend.cpp index 3154ed6..a6c5c02 100644 --- a/src/network/access/qnetworkaccesshttpbackend.cpp +++ b/src/network/access/qnetworkaccesshttpbackend.cpp @@ -346,6 +346,8 @@ void QNetworkAccessHttpBackend::setupConnection() #endif connect(http, SIGNAL(authenticationRequired(QHttpNetworkRequest,QAuthenticator*)), SLOT(httpAuthenticationRequired(QHttpNetworkRequest,QAuthenticator*))); + connect(http, SIGNAL(cacheCredentials(QHttpNetworkRequest,QAuthenticator*)), + SLOT(httpCacheCredentials(QHttpNetworkRequest,QAuthenticator*))); connect(http, SIGNAL(error(QNetworkReply::NetworkError,QString)), SLOT(httpError(QNetworkReply::NetworkError,QString))); #ifndef QT_NO_OPENSSL @@ -578,6 +580,11 @@ void QNetworkAccessHttpBackend::postRequest() if (request().attribute(QNetworkRequest::HttpPipeliningAllowedAttribute).toBool() == true) httpRequest.setPipeliningAllowed(true); + if (static_cast + (request().attribute(QNetworkRequest::AuthenticationReuseAttribute, + QNetworkRequest::Automatic).toInt()) == QNetworkRequest::Manual) + httpRequest.setWithCredentials(false); + httpReply = http->sendRequest(httpRequest); httpReply->setParent(this); #ifndef QT_NO_OPENSSL @@ -861,6 +868,12 @@ void QNetworkAccessHttpBackend::httpAuthenticationRequired(const QHttpNetworkReq authenticationRequired(auth); } +void QNetworkAccessHttpBackend::httpCacheCredentials(const QHttpNetworkRequest &, + QAuthenticator *auth) +{ + cacheCredentials(auth); +} + void QNetworkAccessHttpBackend::httpError(QNetworkReply::NetworkError errorCode, const QString &errorString) { diff --git a/src/network/access/qnetworkaccesshttpbackend_p.h b/src/network/access/qnetworkaccesshttpbackend_p.h index e5cc0ab..254907f 100644 --- a/src/network/access/qnetworkaccesshttpbackend_p.h +++ b/src/network/access/qnetworkaccesshttpbackend_p.h @@ -107,6 +107,7 @@ private slots: void replyFinished(); void replyHeaderChanged(); void httpAuthenticationRequired(const QHttpNetworkRequest &request, QAuthenticator *auth); + void httpCacheCredentials(const QHttpNetworkRequest &request, QAuthenticator *auth); void httpError(QNetworkReply::NetworkError error, const QString &errorString); bool sendCacheContents(const QNetworkCacheMetaData &metaData); void finished(); // override diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp index feb9d99..1c7661d 100644 --- a/src/network/access/qnetworkaccessmanager.cpp +++ b/src/network/access/qnetworkaccessmanager.cpp @@ -948,10 +948,15 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera // but the data that is outgoing is random-access request.setHeader(QNetworkRequest::ContentLengthHeader, outgoingData->size()); } - if (d->cookieJar) { - QList cookies = d->cookieJar->cookiesForUrl(request.url()); - if (!cookies.isEmpty()) - request.setHeader(QNetworkRequest::CookieHeader, qVariantFromValue(cookies)); + + if (static_cast + (request.attribute(QNetworkRequest::CookieLoadControlAttribute, + QNetworkRequest::Automatic).toInt()) == QNetworkRequest::Automatic) { + if (d->cookieJar) { + QList cookies = d->cookieJar->cookiesForUrl(request.url()); + if (!cookies.isEmpty()) + request.setHeader(QNetworkRequest::CookieHeader, qVariantFromValue(cookies)); + } } // first step: create the reply @@ -967,11 +972,15 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera priv->manager = this; // second step: fetch cached credentials - QNetworkAuthenticationCredential *cred = d->fetchCachedCredentials(url); - if (cred) { - url.setUserName(cred->user); - url.setPassword(cred->password); - priv->urlForLastAuthentication = url; + if (static_cast + (request.attribute(QNetworkRequest::AuthenticationReuseAttribute, + QNetworkRequest::Automatic).toInt()) == QNetworkRequest::Automatic) { + QNetworkAuthenticationCredential *cred = d->fetchCachedCredentials(url); + if (cred) { + url.setUserName(cred->user); + url.setPassword(cred->password); + priv->urlForLastAuthentication = url; + } } // third step: find a backend diff --git a/src/network/access/qnetworkreplyimpl.cpp b/src/network/access/qnetworkreplyimpl.cpp index 128d18f..31ee2a4 100644 --- a/src/network/access/qnetworkreplyimpl.cpp +++ b/src/network/access/qnetworkreplyimpl.cpp @@ -673,8 +673,12 @@ void QNetworkReplyImplPrivate::error(QNetworkReplyImpl::NetworkError code, const void QNetworkReplyImplPrivate::metaDataChanged() { Q_Q(QNetworkReplyImpl); - // do we have cookies? - if (cookedHeaders.contains(QNetworkRequest::SetCookieHeader) && !manager.isNull()) { + // 1. do we have cookies? + // 2. are we allowed to set them? + if (cookedHeaders.contains(QNetworkRequest::SetCookieHeader) && !manager.isNull() + && (static_cast + (request.attribute(QNetworkRequest::CookieSaveControlAttribute, + QNetworkRequest::Automatic).toInt()) == QNetworkRequest::Automatic)) { QList cookies = qvariant_cast >(cookedHeaders.value(QNetworkRequest::SetCookieHeader)); QNetworkCookieJar *jar = manager->cookieJar(); diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp index 61c116d..79f169f 100644 --- a/src/network/access/qnetworkrequest.cpp +++ b/src/network/access/qnetworkrequest.cpp @@ -190,6 +190,40 @@ QT_BEGIN_NAMESPACE of other verbs than GET, POST, PUT and DELETE). This verb is set when calling QNetworkAccessManager::sendCustomRequest(). + \value CookieLoadControlAttribute + Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic) + Indicates whether to send 'Cookie' headers in the request. + + This attribute is set to false by QtWebKit when creating a cross-origin + XMLHttpRequest where withCredentials has not been set explicitly to true by the + Javascript that created the request. + + See http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag for more information. + + \value CookieSaveControlAttribute + Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic) + Indicates whether to save 'Cookie' headers received from the server in reply + to the request. + + This attribute is set to false by QtWebKit when creating a cross-origin + XMLHttpRequest where withCredentials has not been set explicitly to true by the + Javascript that created the request. + + See http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag for more information. + + \value AuthenticationReuseControlAttribute + Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic) + Indicates whether to use cached authorization credentials in the request, + if available. If this is set to QNetworkRequest::Manual and the authentication + mechanism is 'Basic' or 'Digest', Qt will not send an an 'Authorization' HTTP + header with any cached credentials it may have for the request's URL. + + This attribute is set to QNetworkRequest::Manual by QtWebKit when creating a cross-origin + XMLHttpRequest where withCredentials has not been set explicitly to true by the + Javascript that created the request. + + See http://www.w3.org/TR/XMLHttpRequest2/#credentials-flag for more information. + \value User Special type. Additional information can be passed in QVariants with types ranging from User to UserMax. The default @@ -222,6 +256,17 @@ QT_BEGIN_NAMESPACE if the item was not cached (i.e., off-line mode) */ +/*! + \enum QNetworkRequest::LoadControl + + Indicates if an aspect of the request's loading mechanism has been + manually overridden, e.g. by QtWebKit. + + \value Automatic default value: indicates default behaviour. + + \value Manual indicates behaviour has been manually overridden. +*/ + class QNetworkRequestPrivate: public QSharedData, public QNetworkHeadersPrivate { public: diff --git a/src/network/access/qnetworkrequest.h b/src/network/access/qnetworkrequest.h index a0ef1a6..d2945c4 100644 --- a/src/network/access/qnetworkrequest.h +++ b/src/network/access/qnetworkrequest.h @@ -79,6 +79,9 @@ public: HttpPipeliningAllowedAttribute, HttpPipeliningWasUsedAttribute, CustomVerbAttribute, + CookieLoadControlAttribute, + AuthenticationReuseAttribute, + CookieSaveControlAttribute, User = 1000, UserMax = 32767 @@ -89,6 +92,10 @@ public: PreferCache, AlwaysCache }; + enum LoadControl { + Automatic = 0, + Manual + }; enum Priority { HighPriority = 1, -- cgit v0.12