Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ea08c513 authored by Steve Block's avatar Steve Block
Browse files

Fixes XHR requests to use the username and password supplied from JavaScript 

Currently, the browser does not use the credentials supplied from JavaScript.
If a request returns a 401 Unauthorized, the browser always prompts the user.
This violates http://www.w3.org/TR/XMLHttpRequest/#the-send-method

Bug: 2533522
Change-Id: I8e72c1a0be187d193c4ad6b2ca8a624c7ae06fa1
parent 4d492346

core/java/android/webkit/BrowserFrame.java

+4 −2
Original line number Diff line number Diff line
@@ -592,7 +592,9 @@ class BrowserFrame extends Handler { 
                                              int cacheMode,

                                              boolean mainResource,

                                              boolean userGesture,

                                              boolean synchronous) {

                                              boolean synchronous,

                                              String username,

                                              String password) {

        PerfChecker checker = new PerfChecker();



        if (mSettings.getCacheMode() != WebSettings.LOAD_DEFAULT) {
@@ -665,7 +667,7 @@ class BrowserFrame extends Handler { 
        // Create a LoadListener

        LoadListener loadListener = LoadListener.getLoadListener(mContext,

                this, url, loaderHandle, synchronous, isMainFramePage,

                mainResource, userGesture, postDataIdentifier);

                mainResource, userGesture, postDataIdentifier, username, password);



        mCallbackProxy.onLoadResource(url);

core/java/android/webkit/LoadListener.java

+49 −35
Original line number Diff line number Diff line
@@ -127,6 +127,9 @@ class LoadListener extends Handler implements EventHandler { 


    private Headers mHeaders;



    private final String mUsername;

    private final String mPassword;



    // =========================================================================

    // Public functions

    // =========================================================================
@@ -134,11 +137,13 @@ class LoadListener extends Handler implements EventHandler { 
    public static LoadListener getLoadListener(Context context,

            BrowserFrame frame, String url, int nativeLoader,

            boolean synchronous, boolean isMainPageLoader,

            boolean isMainResource, boolean userGesture, long postIdentifier) {

            boolean isMainResource, boolean userGesture, long postIdentifier,

            String username, String password) {



        sNativeLoaderCount += 1;

        return new LoadListener(context, frame, url, nativeLoader, synchronous,

                isMainPageLoader, isMainResource, userGesture, postIdentifier);

                isMainPageLoader, isMainResource, userGesture, postIdentifier,

                username, password);

    }



    public static int getNativeLoaderCount() {
@@ -147,7 +152,8 @@ class LoadListener extends Handler implements EventHandler { 


    LoadListener(Context context, BrowserFrame frame, String url,

            int nativeLoader, boolean synchronous, boolean isMainPageLoader,

            boolean isMainResource, boolean userGesture, long postIdentifier) {

            boolean isMainResource, boolean userGesture, long postIdentifier,

            String username, String password) {

        if (DebugFlags.LOAD_LISTENER) {

            Log.v(LOGTAG, "LoadListener constructor url=" + url);

        }
@@ -163,6 +169,8 @@ class LoadListener extends Handler implements EventHandler { 
        mIsMainResourceLoader = isMainResource;

        mUserGesture = userGesture;

        mPostIdentifier = postIdentifier;

        mUsername = username;

        mPassword = password;

    }



    /**
@@ -402,7 +410,7 @@ class LoadListener extends Handler implements EventHandler { 


        // if we tried to authenticate ourselves last time

        if (mAuthHeader != null) {

            // we failed, if we must to authenticate again now and

            // we failed, if we must authenticate again now and

            // we have a proxy-ness match

            mAuthFailed = (mustAuthenticate &&

                    isProxyAuthRequest == mAuthHeader.isProxy());
@@ -652,7 +660,13 @@ class LoadListener extends Handler implements EventHandler { 
                if (mAuthHeader != null &&

                        (Network.getInstance(mContext).isValidProxySet() ||

                         !mAuthHeader.isProxy())) {

                    // If this is the first attempt to authenticate, try again with the username and

                    // password supplied in the URL, if present.

                    if (!mAuthFailed && mUsername != null && mPassword != null) {

                        makeAuthResponse(mUsername, mPassword);

                    } else {

                        Network.getInstance(mContext).handleAuthRequest(this);

                    }

                    return;

                }

                break;  // use default
@@ -844,10 +858,20 @@ class LoadListener extends Handler implements EventHandler { 
                    + " username: " + username

                    + " password: " + password);

        }



        // create and queue an authentication-response

        if (username != null && password != null) {

            if (mAuthHeader != null && mRequestHandle != null) {

            makeAuthResponse(username, password);

        } else {

            // Commit whatever data we have and tear down the loader.

            commitLoad();

            tearDown();

        }

    }



    void makeAuthResponse(String username, String password) {

        if (mAuthHeader == null || mRequestHandle == null) {

            return;

        }



        mAuthHeader.setUsername(username);

        mAuthHeader.setPassword(password);
@@ -856,10 +880,8 @@ class LoadListener extends Handler implements EventHandler { 
            // create a basic response

            boolean isProxy = mAuthHeader.isProxy();



                    mRequestHandle.setupBasicAuthResponse(isProxy,

                            username, password);

                } else {

                    if (scheme == HttpAuthHeader.DIGEST) {

            mRequestHandle.setupBasicAuthResponse(isProxy, username, password);

        } else if (scheme == HttpAuthHeader.DIGEST) {

            // create a digest response

            boolean isProxy = mAuthHeader.isProxy();
@@ -869,16 +891,8 @@ class LoadListener extends Handler implements EventHandler { 
            String algorithm = mAuthHeader.getAlgorithm();

            String opaque    = mAuthHeader.getOpaque();



                        mRequestHandle.setupDigestAuthResponse

                                (isProxy, username, password, realm,

                                 nonce, qop, algorithm, opaque);

                    }

                }

            }

        } else {

            // Commit whatever data we have and tear down the loader.

            commitLoad();

            tearDown();

            mRequestHandle.setupDigestAuthResponse(isProxy, username, password,

                    realm, nonce, qop, algorithm, opaque);

        }

    }