Fix the duplicate session_callback_->AddRef() calls made by

the Restart() calls in DidReceiveError() and the RestartWithAuth()
call in DidReceiveHeaders() by adding a new RestartInternal()
method that doesn't call session_callback_->AddRef().

Remove the username/password that the server rejected from the
auth cache only if the cache entry has the same username/password.

Use the username:password specified in the URL after receiving
a 401 response from the server.  Do not send it preemptively.

R=eroman
BUG=b/1473850
Review URL: http://codereview.chromium.org/10668

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5421 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 0 deletions

diff --git a/net/http/http_transaction_winhttp.h b/net/http/http_transaction_winhttp.h
index 5bb3b94..46b69d8 100644
--- a/net/http/http_transaction_winhttp.h
+++ b/net/http/http_transaction_winhttp.h
@@ -87,6 +87,7 @@ class HttpTransactionWinHttp : public HttpTransaction {
   int SendRequest();
   bool ReopenRequest();
   int Restart(CompletionCallback* callback);
+  int RestartInternal();
   int DidResolveProxy();
   int DidReceiveError(DWORD error, DWORD secure_failure);
   int DidSendRequest();
@@ -189,6 +190,9 @@ class HttpTransactionWinHttp : public HttpTransaction {
   // called WinHttpRequestThrottle::NotifyRequestDone.
   bool request_submitted_;
 
+  // True if we have used the username/password embedded in the URL.
+  bool used_embedded_credentials_;
+
   DISALLOW_EVIL_CONSTRUCTORS(HttpTransactionWinHttp);
 };