Handle credentials in modify_request_headers

Handle credentials and set the apropriate header in
`modify_request_headers`.
This commit is contained in:
Daniel Robertson 2016-02-15 05:00:57 +00:00
parent 10e7af50fe
commit 4d15b02dde
2 changed files with 20 additions and 20 deletions

View file

@ -14,6 +14,7 @@ use hsts::{HSTSEntry, HSTSList, secure_url};
use hyper::Error as HttpError;
use hyper::client::{Pool, Request, Response};
use hyper::header::{Accept, AcceptEncoding, ContentLength, ContentType, Host};
use hyper::header::{Authorization, Basic};
use hyper::header::{ContentEncoding, Encoding, Header, Headers, Quality, QualityItem};
use hyper::header::{Location, SetCookie, StrictTransportSecurity, UserAgent, qitem};
use hyper::http::RawStatus;
@ -529,6 +530,25 @@ pub fn modify_request_headers(headers: &mut Headers,
// https://fetch.spec.whatwg.org/#concept-http-network-or-cache-fetch step 11
if load_data.credentials_flag {
set_request_cookies(doc_url.clone(), headers, cookie_jar);
// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch step 12
if !headers.has::<Authorization<Basic>>() {
if let Some(auth) = auth_from_url(doc_url) {
headers.set(auth);
}
}
}
}
fn auth_from_url(doc_url: &Url) -> Option<Authorization<Basic>> {
match doc_url.username() {
Some(username) if username != "" => {
Some(Authorization(Basic {
username: username.to_owned(),
password: Some(doc_url.password().unwrap_or("").to_owned())
}))
},
_ => None
}
}

View file

@ -1,20 +0,0 @@
[send-authentication-competing-names-passwords.htm]
type: testharness
[XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options user/pass in open() call]
expected: FAIL
[XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options another user/pass in open() call - must override cached credentials from previous test]
expected: FAIL
[XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options user/pass both in URL userinfo AND open() call - expexted that open() wins]
expected: FAIL
[XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options user/pass *only* in URL userinfo]
expected: FAIL
[XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options user name in URL userinfo, password in open() call: user name wins and password is thrown away]
expected: FAIL
[XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options user name and password in URL userinfo, only user name in open() call: user name in open() wins]
expected: FAIL