void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
{
const KURL& url = request.url();
d->m_user = url.user();
d->m_pass = url.pass();
d->m_lastHTTPMethod = request.httpMethod();
request.removeCredentials();
if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
// If the network layer carries over authentication headers from the original request
// in a cross-origin redirect, we want to clear those headers here.
request.clearHTTPAuthorization();
} else {
// Only consider applying authentication credentials if this is actually a redirect and the redirect
// URL didn't include credentials of its own.
if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
Credential credential = CredentialStorage::get(request.url());
if (!credential.isEmpty()) {
d->m_initialCredential = credential;
// FIXME: Support Digest authentication, and Proxy-Authorization.
applyBasicAuthorizationHeader(request, d->m_initialCredential);
}
}
}
#if USE(CFURLSTORAGESESSIONS)
request.setStorageSession(ResourceHandle::currentStorageSession());
#endif
client()->willSendRequest(this, request, redirectResponse);
}
void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
{
const URL& url = request.url();
d->m_user = url.user();
d->m_pass = url.pass();
d->m_lastHTTPMethod = request.httpMethod();
request.removeCredentials();
if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
// The network layer might carry over some headers from the original request that
// we want to strip here because the redirect is cross-origin.
request.clearHTTPAuthorization();
request.clearHTTPOrigin();
} else {
// Only consider applying authentication credentials if this is actually a redirect and the redirect
// URL didn't include credentials of its own.
if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
Credential credential = CredentialStorage::get(request.url());
if (!credential.isEmpty()) {
d->m_initialCredential = credential;
// FIXME: Support Digest authentication, and Proxy-Authorization.
applyBasicAuthorizationHeader(request, d->m_initialCredential);
}
}
}
Ref<ResourceHandle> protect(*this);
if (client()->usesAsyncCallbacks())
client()->willSendRequestAsync(this, request, redirectResponse);
else {
client()->willSendRequest(this, request, redirectResponse);
// Client call may not preserve the session, especially if the request is sent over IPC.
if (!request.isNull()) {
request.setStorageSession(d->m_storageSession.get());
d->m_currentRequest = request;
}
}
}
static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
{
String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
request.clearHTTPAuthorization(); // FIXME: Should addHTTPHeaderField be smart enough to not build comma-separated lists in headers like Authorization?
request.addHTTPHeaderField("Authorization", authenticationHeader);
}