Closed Bug 1302620 Opened 8 years ago Closed 8 years ago

[XHR2] Fix the open() method to handle username and password as per spec.

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1302623
Tracking Flags:
Tracking Status
firefox51 --- affected

People

(Reporter: wisniewskit, Assigned: wisniewskit)

References

Details

Attachments

(1 file)

refactor-xhr-open-methods-to-not-use-optionals-and-correct-auth-handling.diff
8 years ago
(deleted), patch
Details | Diff | Splinter Review 
In bug 933759, the XHR Open() methods were changed to better-match with the WebIDL in the spec, but there is still follow-up work to do:

1) Fold these two methods into one, removing their use of Optionals:
>void Open(const nsACString& aMethod, const nsAString& aUrl, bool aAsync, const nsAString& aUsername, const nsAString& aPassword, ErrorResult& aRv);
>nsresult Open(const nsACString& aMethod, const nsACString& aUrl, const Optional<bool>& aAsync, const Optional<nsAString>& aUsername, const Optional<nsAString>& aPassword);

2) Correct the handling of username and password to better match steps 7 and 8 in the spec.

Here is a patch which does these things. A try run seems fine: https://treeherder.mozilla.org/#/jobs?repo=try&revision=b74d9cc3a3b4

Unfortunately, I can't think of a way to add web platform tests to ensure that #2 doesn't break, because Firefox and Chrome both disallow URL authentication even in XHRs (and I'd be surprised if WebKit or Edge allow it).

I'm also not sure if it's even worth changing the spec at this point to use header-based authentication instead, even if the feature is technically broken anyway in modern browsers (at least without preference-flipping).
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: