Respect cookies set in a 401 responses when restarting the http transaction....

net/url_request/url_request_http_job.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_http_job.h"
 
 #include "base/base_switches.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
 #include "base/file_version_info.h"
 #include "base/message_loop.h"
 #include "base/string_util.h"
 #include "net/base/cookie_monster.h"
 #include "net/base/filter.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/base/sdch_manager.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_transaction.h"
 #include "net/http/http_transaction_factory.h"
+#include "net/http/http_util.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_error_job.h"
 
 // TODO(darin): make sure the port blocking code is not lost
 
 // static
 URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
                                           const std::string& scheme) {
   DCHECK(scheme == "http" || scheme == "https");
@@ skipping 257 matching lines @@
   DCHECK(transaction_.get());
 
   // Proxy gets set first, then WWW.
   if (proxy_auth_state_ == net::AUTH_STATE_NEED_AUTH) {
     proxy_auth_state_ = net::AUTH_STATE_HAVE_AUTH;
   } else {
     DCHECK(server_auth_state_ == net::AUTH_STATE_NEED_AUTH);
     server_auth_state_ = net::AUTH_STATE_HAVE_AUTH;
   }
 
+  RestartTransactionWithAuth(username, password);
+}
+
+void URLRequestHttpJob::RestartTransactionWithAuth(
+    const std::wstring& username,
+    const std::wstring& password) {
+
   // These will be reset in OnStartCompleted.
   response_info_ = NULL;
   response_cookies_.clear();
 
+  // Update the cookies, since the cookie store may have been updated from the
+  // headers in the 401/407. Since cookies were already appended to
+  // extra_headers by AddExtraHeaders(), we need to strip them out.
+  static const char* const cookie_name[] = { "cookie" };
+  request_info_.extra_headers = net::HttpUtil::StripHeaders(
+      request_info_.extra_headers, cookie_name, arraysize(cookie_name));
+  // TODO(eroman): this ordering is inconsistent with non-restarted request,
+  // where cookies header appears second from the bottom.
+  request_info_.extra_headers += AssembleRequestCookies();
+
   // No matter what, we want to report our status as IO pending since we will
   // be notifying our consumer asynchronously via OnStartCompleted.
   SetStatus(URLRequestStatus(URLRequestStatus::IO_PENDING, 0));
 
   int rv = transaction_->RestartWithAuth(username, password,
                                          &start_callback_);
   if (rv == net::ERR_IO_PENDING)
     return;
 
   // The transaction started synchronously, but we need to notify the
@@ skipping 151 matching lines @@
     // before we even download it (so that we don't waste memory or bandwidth).
     if (response_info_->headers->EnumerateHeader(&iter, name, &url_text)) {
       // request_->url() won't be valid in the destructor, so we use an
       // alternate copy.
       DCHECK(request_->url() == request_info_.url);
       // Resolve suggested URL relative to request url.
       sdch_dictionary_url_ = request_info_.url.Resolve(url_text);
     }
   }
 
+  // The HTTP transaction may be restarted several times for the purposes
+  // of sending authorization information. Each time it restarts, we get
+  // notified of the headers completion so that we can update the cookie store.
+  if (transaction_->IsReadyToRestartForAuth()) {
+    DCHECK(!response_info_->auth_challenge.get());
+    RestartTransactionWithAuth(std::wstring(), std::wstring());
+    return;
+  }
+
   URLRequestJob::NotifyHeadersComplete();
 }
 
 void URLRequestHttpJob::DestroyTransaction() {
   DCHECK(transaction_.get());
 
   transaction_.reset();
   response_info_ = NULL;
 }
 
@@ skipping 50 matching lines @@
                                                   &avail_dictionaries);
     if (!avail_dictionaries.empty()) {
       request_info_.extra_headers += "Avail-Dictionary: "
           + avail_dictionaries + "\r\n";
       request_info_.load_flags |= net::LOAD_SDCH_DICTIONARY_ADVERTISED;
     }
   }
 
   URLRequestContext* context = request_->context();
   if (context) {
-    // Add in the cookie header.  TODO might we need more than one header?
-    if (context->cookie_store() &&
-        context->cookie_policy()->CanGetCookies(request_->url(),
-                                               request_->policy_url())) {
-      net::CookieMonster::CookieOptions options;
-      options.set_include_httponly();
-      std::string cookies = request_->context()->cookie_store()->
-          GetCookiesWithOptions(request_->url(), options);
-      if (!cookies.empty())
-        request_info_.extra_headers += "Cookie: " + cookies + "\r\n";
-    }
+    request_info_.extra_headers += AssembleRequestCookies();
     if (!context->accept_language().empty())
       request_info_.extra_headers += "Accept-Language: " +
           context->accept_language() + "\r\n";
     if (!context->accept_charset().empty())
       request_info_.extra_headers += "Accept-Charset: " +
           context->accept_charset() + "\r\n";
   }
 }
 
+std::string URLRequestHttpJob::AssembleRequestCookies() {
+  URLRequestContext* context = request_->context();
+  if (context) {
+    // Add in the cookie header.  TODO might we need more than one header?
+    if (context->cookie_store() &&
+        context->cookie_policy()->CanGetCookies(request_->url(),
+                                                request_->policy_url())) {
+      net::CookieMonster::CookieOptions options;
+      options.set_include_httponly();
+      std::string cookies = request_->context()->cookie_store()->
+          GetCookiesWithOptions(request_->url(), options);
+      if (!cookies.empty())
+        return "Cookie: " + cookies + "\r\n";
+    }
+  }
+  return std::string();
+}
+
 void URLRequestHttpJob::FetchResponseCookies() {
   DCHECK(response_info_);
   DCHECK(response_cookies_.empty());
 
   std::string name = "Set-Cookie";
   std::string value;
 
   void* iter = NULL;
   while (response_info_->headers->EnumerateHeader(&iter, name, &value))
     response_cookies_.push_back(value);
 }