Authorization headers set using XHR with ChromeFrame were stripped in the outgoing HTTP

requests sent via the host network stack. Fix is to remove the authorization header from the list of filtered headers. Added a unit test for this. Fixes bug http://code.google.com/p/chromium/issues/detail?id=23103 Bug=23103 Test=Covered by unit test. Review URL: http://codereview.chromium.org/519013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35319 0039d316-1c4b-4281-b951-d872f2087c98
author: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-28 23:29:19 +0000
committer: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-28 23:29:19 +0000
commit: a36d06b727f8ebc8f60e515d0c6f855513c88272 (patch)
tree: 41448b61c64c331afefee02c3de0e4ecb332395e
parent: 23a7574cee63f96e83bbd8af774c70780a00f985 (diff)
download: chromium_src-a36d06b727f8ebc8f60e515d0c6f855513c88272.zip
chromium_src-a36d06b727f8ebc8f60e515d0c6f855513c88272.tar.gz
chromium_src-a36d06b727f8ebc8f60e515d0c6f855513c88272.tar.bz2
4 files changed, 70 insertions, 2 deletions
diff --git a/chrome/browser/automation/url_request_automation_job.cc b/chrome/browser/automation/url_request_automation_job.cc
index f1a1f29..5433ca7 100644
--- a/chrome/browser/automation/url_request_automation_job.cc
+++ b/chrome/browser/automation/url_request_automation_job.cc
@@ -24,7 +24,6 @@ using base::TimeDelta;
 // StartAsync(). These must be lower case.
 static const char* kFilteredHeaderStrings[] = {
   "accept",
-  "authorization",
   "cache-control",
   "connection",
   "cookie",
diff --git a/chrome_frame/test/chrome_frame_unittests.cc b/chrome_frame/test/chrome_frame_unittests.cc
index 0aab3f2..21b9063 100644
--- a/chrome_frame/test/chrome_frame_unittests.cc
+++ b/chrome_frame/test/chrome_frame_unittests.cc
@@ -1731,3 +1731,20 @@ TEST_F(ChromeFrameTestWithWebServer,
                     L"WidgetMode_MultipleInstancesTest");
 }
 
+const wchar_t kChromeFrameFullTabModeXMLHttpRequestAuthHeaderTestUrl[] =
+    L"files/xmlhttprequest_authorization_header_test.html";
+
+TEST_F(ChromeFrameTestWithWebServer,
+       FullTabModeIE_ChromeFrameXHRAuthHeaderTest) {
+  chrome_frame_test::TimedMsgLoop loop;
+
+  ASSERT_TRUE(
+      LaunchBrowser(IE,
+                    kChromeFrameFullTabModeXMLHttpRequestAuthHeaderTestUrl));
+
+  loop.RunFor(kChromeFrameLongNavigationTimeoutInSeconds);
+
+  chrome_frame_test::CloseAllIEWindows();
+  ASSERT_TRUE(
+      CheckResultFile(L"FullTab_XMLHttpRequestAuthorizationHeaderTest", "OK"));
+}
diff --git a/chrome_frame/test/data/xmlhttprequest_authorization_header_test.html b/chrome_frame/test/data/xmlhttprequest_authorization_header_test.html
new file mode 100644
index 0000000..361f9f9d
--- /dev/null
+++ b/chrome_frame/test/data/xmlhttprequest_authorization_header_test.html
@@ -0,0 +1,52 @@
+<html>
+  <head>
+    <meta http-equiv="x-ua-compatible" content="chrome=1" />
+    <title>ChromeFrame keyevent test</title>
+    <script type="text/javascript"
+        src="chrome_frame_tester_helpers.js"></script>
+
+    <script type="text/javascript">
+      function ValidateUserAgent() {
+        if (isRunningInMSIE()) {
+          onFailure("FullTab_XMLHttpRequestAuthorizationHeaderTest", 1,
+                    "Failed");
+        }
+
+        SendXHRRequest();
+      }
+
+      function SendXHRRequest() {
+        var xhr = getXHRObject();
+        if (!xhr) {
+          onFailure("FullTab_XMLHttpRequestAuthorizationHeaderTest", 1,
+                    "Failed to get XHR object");
+        }
+
+        xhr.open("GET", "http://localhost:1337/echoheader?Authorization", false);
+        xhr.setRequestHeader('Authorization', 'Basic');
+
+        try {
+          xhr.send(null);
+          var pos = xhr.responseText.indexOf("Basic");
+          if (pos >= 0) {
+            appendStatus("Received authorization header: " + xhr.responseText);
+            onSuccess("FullTab_XMLHttpRequestAuthorizationHeaderTest", 1);
+          } else {
+          onFailure("FullTab_XMLHttpRequestAuthorizationHeaderTest", 1,
+                      "Failed to find authorization header in response.");
+          }
+        } catch (e) {
+          appendStatus("XHR send failed. Error: " + e.description);
+          onFailure("FullTab_XMLHttpRequestAuthorizationHeaderTest", 1,
+                    "Failed to send XHR request");
+        }
+      }
+    </script>
+  </head>
+
+  <body onLoad="setTimeout(ValidateUserAgent, 100);">
+    ChromeFrame full tab mode XMLHttpRequest authorization header test.
+    Verifies that authorization headers set by XML HTTP requests make it via
+    the host network stack.
+  </body>
+</html>
diff --git a/chrome_frame/test/data/xmlhttprequest_test.html b/chrome_frame/test/data/xmlhttprequest_test.html
index 0672779..09a7759 100644
--- a/chrome_frame/test/data/xmlhttprequest_test.html
+++ b/chrome_frame/test/data/xmlhttprequest_test.html
@@ -41,7 +41,7 @@
     </script>
   </head>
 
-  <body onLoad="setTimeout(ValidateUserAgent, 100);" onkeypress="OnKeyPress()">
+  <body onLoad="setTimeout(ValidateUserAgent, 100);">
     ChromeFrame full tab mode XMLHttpRequest test. Verifies that
     XMLHttpRequests use the host network stack.
   </body>
author	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-28 23:29:19 +0000
committer	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-28 23:29:19 +0000
commit	a36d06b727f8ebc8f60e515d0c6f855513c88272 (patch)
tree	41448b61c64c331afefee02c3de0e4ecb332395e
parent	23a7574cee63f96e83bbd8af774c70780a00f985 (diff)
download	chromium_src-a36d06b727f8ebc8f60e515d0c6f855513c88272.zip chromium_src-a36d06b727f8ebc8f60e515d0c6f855513c88272.tar.gz chromium_src-a36d06b727f8ebc8f60e515d0c6f855513c88272.tar.bz2