Bug 275033

*** Bug 277879 has been marked as a duplicate of this bug. ***

aparently the culprit is https://projects.kde.org/projects/kde/kdelibs/repository/revisions/3bbd4496bc8a01e80df61763bfd0347e8ba7f09a/diff/kioslave/http/http.cpp

*** Bug 286758 has been marked as a duplicate of this bug. ***

So could that commit be reverted please, untill the functionality is more fixed?

(In reply to comment #4)
> So could that commit be reverted please, untill the functionality is more
> fixed?

No, that won't be reverted. It does exactly what it is supposed to do. It is khtml that needs to be fixed not to send bogus username and password which causes this warning to be displayed. It sends to following POST request:

post: "http://undefined:undefined@66119.cmd.shutterfly.com/commands/pictures/getdetail?site=arkosifeszekrakok&"

The "undefined:undefined@" is simply bogus and results in the aforementioned warning. This does not happen in any other browser, including Konqueror + webkit engine.

The dialog does popup with konqueror, so SOMETHING is sending a misformed request. It also happens with choqok, which doesn't use khtml for anything afaik. But then that might ALSO send a misformed request.

I suppose there is a way to see those requests in the debug output? Or somehow else? because the situation is that this problem is one of those getting in the way of KDE being able to provide an acceptable/usable desktop, so it must be stoppen ASAP!!

It happens with Choqok if you set up an opendesktop.org account under account details in settings.

Created attachment 65755 [details]
screenshot of dialog launched cause of choqok

The screenshot is in danish, but you can see that the username is not "undefined".

Created attachment 65756 [details]
screenshot of dialog launced from konqueror at flickr

Here I am at flickr.com using konqueror/khtml. I edit the text of an image, and press the SAVE button. This is AJAX functionality, the text is saved witout the browser location being replaced. Of course I AM already being logged into flickr.com. The username is not shown as "undefined" here either.

If the bug is in khtml, it needs to be located and fixed, please help!

Git commit 86e07ecda06d7bfae577f186eb948d958222713c by Dawit Alemayehu.
Committed on 16/11/2011 at 20:53.
Pushed by adawit into branch 'KDE/4.7'.

Workaround brain dead clients that set the username and password of the
request URL to "undefined".

CCBUG: 275033

M  +6    -0    kioslave/http/http.cpp

http://commits.kde.org/kdelibs/86e07ecda06d7bfae577f186eb948d958222713c

Dawit, Thanks for improving this a bit!

I hope however that those clients can be fixed, to my knowledge khtml and choqok ocs plugin. Maybe individual reports are called for.

(In reply to comment #11)
> Dawit, Thanks for improving this a bit!
> 
> I hope however that those clients can be fixed, to my knowledge khtml and
> choqok ocs plugin. Maybe individual reports are called for.

I agree. We can always revert back the workaround in kio_http once the offending apps and libraries are fixed.

The attica bug 277879 had been marked as a duplicate of this one, but appearantly, attica is doing something wrong (not that I really understand what). Does bug 277879 have to be reopened for attica? If yes, can someone add a comment to that bug what needs to be changed in attica?

This is still a problem for me using KDE 4.7.4, I get that dialog from both 
choqok and from konqueror (using KHTML) when visiting flickr and several other 
sites.

Venlig hilsen,
Anders

Still happening from time to time when plasma tries to connect to api.opendesktop.org
It's really annoying.
Any news from this 9 months old bug?

This is still valid in Plasma 4.8.90 (4.9 beta 2) when I use GHNS.

Still happening in 4.9.2.

The username is "null", not "undefined". Going to http://www.open.ac.uk/, the popup says 'You are about to log in to the site "www.open.ac.uk" with the username "null", but the website does not require authentication. This may be an attempt to trick you. Is "www.open.ac.uk" the site you want to visit?'

I traced the network with Wireshark, and there is no bogus username/password being sent. There are two TCP streams:

TCP stream 1:

GET / HTTP/1.1
Host: www.open.ac.uk
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) KHTML/4.9.2 (like Gecko) Konqueror/4.9
If-None-Match: "b78384-4b18-55cf15c0"
Accept: text/html, text/*;q=0.9, image/jpeg;q=0.9, image/png;q=0.9, image/*;q=0.9, */*;q=0.8
Accept-Encoding: gzip, deflate, x-gzip, x-deflate
Accept-Charset: utf-8,*;q=0.5
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: MoodleSessionTestol=f8lXBDMPUA; MoodleSessionol=npv511samvldhgojh92qm32807; OUFULLSIZE=F

HTTP/1.1 304 Not Modified
Date: Wed, 10 Oct 2012 04:50:04 GMT
Server: Apache
nnCoection: close
ETag: "b78384-4b18-55cf15c0"

TCP stream 2:

GET /includes/ip.shtm HTTP/1.1
Host: www.open.ac.uk
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) KHTML/4.9.2 (like Gecko) Konqueror/4.9
Referer: http://www.open.ac.uk/
Accept: text/html, text/*;q=0.9, image/jpeg;q=0.9, image/png;q=0.9, image/*;q=0.9, */*;q=0.8
Accept-Encoding: gzip, deflate, x-gzip, x-deflate
Accept-Charset: utf-8,*;q=0.5
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: MoodleSessionTestol=f8lXBDMPUA; MoodleSessionol=npv511samvldhgojh92qm32807; OUFULLSIZE=F

HTTP/1.1 200 OK
Date: Wed, 10 Oct 2012 04:50:04 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 36
nnCoection: close
Content-Type: text/html

||*137.108.140.184*|*46.64.79.164*||

=== End ===

I notice the server is sending strange "nnCoection: close" headers. Is this relevant, perhaps? Possible explanation for the headers here (to do with load balancers): http://stackoverflow.com/questions/4798461/cneonction-and-nncoection-http-headers

I also traced the network without Konqueror caching. Again, there are no bogus HTTP requests (and all the requests are GETs; there are no POSTs).

Confirmed by debugging kio_http that Konqueror is not sending a spurious username/password to kio_http.

It showed up in kio_http_debug, though (see 3rd line):

kio_http(15623)/kio_http_debug HTTPProtocol::setHost: Hostname is now: "www.open.ac.uk" ( "www.open.ac.uk" )
kio_http(15623)/kio_http_debug HTTPProtocol::get: "http://null:null@www.open.ac.uk/includes/ip.shtm"
kio_http(15623)/kio_http_debug HTTPProtocol::maybeSetRequestUrl: "http://null:null@www.open.ac.uk/includes/ip.shtm"
kio_http(15623)/kio_http_debug HTTPProtocol::resetSessionSettings: Window Id = ""
kio_http(15623)/kio_http_debug HTTPProtocol::resetSessionSettings: ssl_was_in_use = ""
kio_http(15623)/kio_http_debug HTTPProtocol::proceedUntilResponseContent:
kio_http(15623)/kio_http_debug HTTPProtocol::proceedUntilResponseHeader:
kio_http(15623)/kio_http_debug HTTPProtocol::sendQuery:
kio_http(15623)/kio_http_debug HTTPProtocol::httpShouldCloseConnection:
kio_http(15623)/kio_http_debug HTTPProtocol::satisfyRequestFromCache:
kio_http(15623) HTTPProtocol::sendQuery: ============ Sending Header:
kio_http(15623) HTTPProtocol::sendQuery: "GET /includes/ip.shtm HTTP/1.1"
kio_http(15623) HTTPProtocol::sendQuery: "Host: www.open.ac.uk"
kio_http(15623) HTTPProtocol::sendQuery: "Connection: keep-alive"
kio_http(15623) HTTPProtocol::sendQuery: "User-Agent: Mozilla/5.0 (X11; Linux x86_64) KHTML/4.9.2 (like Gecko) Konqueror/4.9"
kio_http(15623) HTTPProtocol::sendQuery: "Referer: http://www.open.ac.uk/"
kio_http(15623) HTTPProtocol::sendQuery: "Pragma: no-cache"
kio_http(15623) HTTPProtocol::sendQuery: "Cache-control: no-cache"
kio_http(15623) HTTPProtocol::sendQuery: "Accept: text/html, text/*;q=0.9, image/jpeg;q=0.9, image/png;q=0.9, image/*;q=0.9, */*;q=0.8"
kio_http(15623) HTTPProtocol::sendQuery: "Accept-Encoding: gzip, deflate, x-gzip, x-deflate"
kio_http(15623) HTTPProtocol::sendQuery: "Accept-Charset: utf-8,*;q=0.5"
kio_http(15623) HTTPProtocol::sendQuery: "Accept-Language: en-GB,en-US;q=0.9,en;q=0.8"
kio_http(15623)/kio_http_debug HTTPProtocol::sendQuery: sent it!
kio_http(15623)/kio_http_debug HTTPProtocol::readResponseHeader:
kio_http(15621) HTTPProtocol::readResponseHeader: ============ Received Status Response:
kio_http(15621) HTTPProtocol::readResponseHeader: "HTTP/1.1 200 OK"

(In reply to comment #8)
> Created attachment 65755 [details]
> screenshot of dialog launched cause of choqok
> 
> The screenshot is in danish, but you can see that the username is not
> "undefined".

I was about to open a new bug report for this situation, as this has been happening long before this bug had surfaced. It also occurs when a remote WebDAV resource is configured in remote:/, and when one has an OpenDesktop account configured then goes to a Get Hot New Stuff dialogue.

I believe these two issues are unrelated.

Git commit 32f16e261596445a04282f13303e8dbc35ce7a23 by Andrea Iacovitti.
Committed on 18/12/2012 at 22:43.
Pushed by aiacovitti into branch 'KDE/4.9'.

Fix setting url userinfo in xmlhttprequest.
FIXED-IN: 4.9.5

M  +10   -7    khtml/ecma/xmlhttprequest.cpp

http://commits.kde.org/kdelibs/32f16e261596445a04282f13303e8dbc35ce7a23

Git commit 7dc7d647cb17b3feabd4a00abaca1a678398835a by Andrea Iacovitti.
Committed on 24/12/2012 at 21:56.
Pushed by aiacovitti into branch 'KDE/4.9'.

Remove the workaround for bug 275033 now that khtml has been fixed
(This revert kdelibs commit 86e07ecd)

M  +0    -6    kioslave/http/http.cpp

http://commits.kde.org/kdelibs/7dc7d647cb17b3feabd4a00abaca1a678398835a