Bug 297954

Summary: rekonq/konqueror do not send http basic auth header on synchronous AJAX requests
Product: [Unmaintained] kdelibs Reporter: nine
Component: kdewebkitAssignee: webkit-devel
Status: RESOLVED FIXED    
Severity: normal CC: adawit
Priority: NOR    
Version: 4.8   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
URL: http://niner.name/rekonq_ajax_basic_auth_bug/
Latest Commit: http://commits.kde.org/kdelibs/2cf247f4ebdee44d0620e57f9cd17fa963b36b73 Version Fixed In: 4.8.4
Sentry Crash Report:

Description nine 2012-04-12 09:29:14 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) rekonq Safari/534.34
Build Identifier: 

When setting the third parameter of XMLHttpRequest.send to false to make the request synchronous, rekonq and konqueror with webkit engine do not send the  "Authorization" HTTP header to the server thereby failing to authenticate the request. It does work as expected for the default asynchronous requests.

Reproducible: Always

Steps to Reproduce:
1. go to http://niner.name/rekonq_ajax_basic_auth_bug/
2. login with user name "test" and password "test"
3. press the "sync request" button
Actual Results:  
an alert pops up with a "Fail: 401 Authorization Required" message

Expected Results:  
an alert pops up with a "Win" message like it does when pressing the "async request" button
Comment 1 Dawit Alemayehu 2012-04-19 03:40:06 UTC 
This is a known issue. Unfortunately, there is no easy fix for it. Earlier attempt to fix bug# 231932, which would also solve this bug, resulted in the crash reported in bug# 287778. Hopefully, we can figure out how to address this problem without causing new regressions.

(In reply to comment #0)
> User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.34 (KHTML,
> like Gecko) rekonq Safari/534.34
> Build Identifier: 
> 
> When setting the third parameter of XMLHttpRequest.send to false to make the
> request synchronous, rekonq and konqueror with webkit engine do not send the
> "Authorization" HTTP header to the server thereby failing to authenticate
> the request. It does work as expected for the default asynchronous requests.
> 
> Reproducible: Always
> 
> Steps to Reproduce:
> 1. go to http://niner.name/rekonq_ajax_basic_auth_bug/
> 2. login with user name "test" and password "test"
> 3. press the "sync request" button
> Actual Results:  
> an alert pops up with a "Fail: 401 Authorization Required" message
> 
> Expected Results:  
> an alert pops up with a "Win" message like it does when pressing the "async
> request" button
Comment 2 Dawit Alemayehu 2012-05-11 20:05:18 UTC 
Git commit 2cf247f4ebdee44d0620e57f9cd17fa963b36b73 by Dawit Alemayehu.
Committed on 11/05/2012 at 19:35.
Pushed by adawit into branch 'KDE/4.8'.

Revert commit 462a06ea as it causes many regressions. Use KIO::synchronousRun
to fulfill synchrounous XmlHttpRequest instead.

Unofrtunately this means that the fix for the crash reported in bug# 287778
is reverted until we can find a solution for the side effects of using nested
event loops.
Related: bug 299590, bug 299710, bug 287778
FIXED-IN: 4.8.4

M  +63   -37   kio/kio/accessmanager.cpp
M  +1    -0    kio/kio/accessmanager.h
M  +126  -81   kio/kio/accessmanagerreply_p.cpp
M  +22   -8    kio/kio/accessmanagerreply_p.h

http://commits.kde.org/kdelibs/2cf247f4ebdee44d0620e57f9cd17fa963b36b73