summaryrefslogtreecommitdiffstats
path: root/net/url_request
diff options
context:
space:
mode:
authortsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-02-10 20:19:41 +0000
committertsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-02-10 20:19:41 +0000
commit7b08ba6f8a304633e96cd122982c483ffd1bcafe (patch)
tree36cf877fd56845de88adf84b6393e6fb79ea8ca0 /net/url_request
parentc0714dfcceb93df1dda0af23d72fc29a5399556c (diff)
downloadchromium_src-7b08ba6f8a304633e96cd122982c483ffd1bcafe.zip
chromium_src-7b08ba6f8a304633e96cd122982c483ffd1bcafe.tar.gz
chromium_src-7b08ba6f8a304633e96cd122982c483ffd1bcafe.tar.bz2
Don't use IDENT_SRC_URL for HttpAuth challenges. IE hasn't supported it for years, and at worst it represents a session fixation attack.
BUG=94578 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=120836 Review URL: http://codereview.chromium.org/9307093 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@121506 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/url_request')
-rw-r--r--net/url_request/url_request_unittest.cc31
1 files changed, 0 insertions, 31 deletions
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index bafbd6f..287e21b 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -2465,37 +2465,6 @@ TEST_F(URLRequestTestHTTP, BasicAuthWithCookies) {
EXPECT_TRUE(d.data_received().find("Cookie: got_challenged=true")
!= std::string::npos);
}
-
- // Same test as above, except this time the restart is initiated earlier
- // (without user intervention since identity is embedded in the URL).
- {
- TestNetworkDelegate network_delegate; // must outlive URLRequest
- scoped_refptr<TestURLRequestContext> context(
- new TestURLRequestContext(true));
- context->set_network_delegate(&network_delegate);
- context->Init();
-
- TestDelegate d;
-
- GURL::Replacements replacements;
- std::string username("user2");
- std::string password("secret");
- replacements.SetUsernameStr(username);
- replacements.SetPasswordStr(password);
- GURL url_with_identity = url_requiring_auth.ReplaceComponents(replacements);
-
- URLRequest r(url_with_identity, &d);
- r.set_context(context);
- r.Start();
-
- MessageLoop::current()->Run();
-
- EXPECT_TRUE(d.data_received().find("user2/secret") != std::string::npos);
-
- // Make sure we sent the cookie in the restarted transaction.
- EXPECT_TRUE(d.data_received().find("Cookie: got_challenged=true")
- != std::string::npos);
- }
}
TEST_F(URLRequestTest, DelayedCookieCallback) {
generated by cgit v1.1 at 2025-03-02 22:56:00 +0000