Allow the realm in BASIC and DIGEST challenges to not be specified.

This goes against RFC 2617 which states they are required parameters, but apparently there are servers which do this, and other browsers are less strict.

Also allow the empty string as a valid realm value (previously this was being disallowed as an implementation bug to check if it was not specified).

BUG=12565,20984

Review URL: http://codereview.chromium.org/211040

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26723 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 2 deletions

diff --git a/net/http/http_auth_handler_basic.cc b/net/http/http_auth_handler_basic.cc
index 698b0ab..0052dbf 100644
--- a/net/http/http_auth_handler_basic.cc
+++ b/net/http/http_auth_handler_basic.cc
@@ -10,6 +10,14 @@
 
 namespace net {
 
+// Note that if a realm was not specified, we will default it to "";
+// so specifying 'Basic realm=""' is equivalent to 'Basic'.
+//
+// This is more generous than RFC 2617, which is pretty clear in the
+// production of challenge that realm is required.
+//
+// We allow it to be compatibility with certain embedded webservers that don't
+// include a realm (see http://crbug.com/20984.)
 bool HttpAuthHandlerBasic::Init(std::string::const_iterator challenge_begin,
                                 std::string::const_iterator challenge_end) {
   scheme_ = "basic";
@@ -22,13 +30,13 @@ bool HttpAuthHandlerBasic::Init(std::string::const_iterator challenge_begin,
       !LowerCaseEqualsASCII(challenge_tok.scheme(), "basic"))
     return false;
 
-  // Extract the realm.
+  // Extract the realm (may be missing).
   while (challenge_tok.GetNext()) {
     if (LowerCaseEqualsASCII(challenge_tok.name(), "realm"))
       realm_ = challenge_tok.unquoted_value();
   }
 
-  return challenge_tok.valid() && !realm_.empty();
+  return challenge_tok.valid();
 }
 
 std::string HttpAuthHandlerBasic::GenerateCredentials(