| commit | 3238f2e118490c9e0c6c9e16fa8fd74b907eceb3 | [log] [tgz] |
|---|---|---|
| author | Bence Béky <[email protected]> | Fri Sep 22 22:44:49 2017 |
| committer | Commit Bot <[email protected]> | Fri Sep 22 22:44:49 2017 |
| tree | 2c73a5fc84f7660bb518bd638fefb8b6398e03ee | |
| parent | c5f7d51b00fa184f1ac4f0f8179bb772030fe4f7 [diff] [blame] |
Modify Authentication retry logic. If the server requests NTLM or Negotiate scheme negotiation over an HTTP/2 connection, then mark the origin as one that requires HTTP/1.1 (as opposed to HTTP/2) and retry the request without using HTTP/2. Otherwise the server would reset the retry on HTTP/2 with error code HTTP_1_1_REQUIRED, resulting in an extra roundtrip, and additionally a flash of error page before actual reload on Windows. See example recorded network event logs and the corresponding header value for "www-authenticate" response header: * https://crbug.com/685741#c2 "Negotiate\r\nNTLM" * https://crbug.com/709827#c2 "Negotiate" * https://crbug.com/713851#c9 "Negotiate\r\nNTLM" * https://crbug.com/717329#c8 "NTLM" * https://crbug.com/756828#c4 "NTLM" Do not worry about proxies, as proxy authentication is not supported, see HttpNetworkTransactionTest.ConnectStatus407. Bug: 685741 Change-Id: I5740310ddbd9c26880f1e13cf8303229153acc80 Reviewed-on: https://chromium-review.googlesource.com/673091 Reviewed-by: Asanka Herath <[email protected]> Commit-Queue: Bence Béky <[email protected]> Cr-Commit-Position: refs/heads/master@{#503890}
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index a111d104..70bd489 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc
@@ -224,6 +224,13 @@ DCHECK(HaveAuth(target)); DCHECK(!stream_request_.get()); + // Authorization schemes incompatible with HTTP/2 are unsupported for proxies. + if (target == HttpAuth::AUTH_SERVER && + auth_controllers_[target]->NeedsHTTP11()) { + session_->http_server_properties()->SetHTTP11Required( + HostPortPair::FromURL(request_->url)); + } + bool keep_alive = false; // Even if the server says the connection is keep-alive, we have to be // able to find the end of each response in order to reuse the connection.