diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2024-04-02 11:11:52 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2024-04-20 13:48:37 +0200 |
commit | 4f9387f2aee19e38f05cab76a71f0d067b8d80dd (patch) | |
tree | e70d921bc1ece767d4fc5a50cf7342b43374d1b4 /src/network/access/qhttp2protocolhandler.cpp | |
parent | 60bdf2b220151021e59baa372a050b9f72400b81 (diff) |
Http2: fix handling unsuppported authenticate challenge
When adding/fixing parts earlier it was missed that it was not handling
the _unsupported_ case, when authentication is not handled and there is
no resend. But there _is_ a challenge header.
Pick-to: 6.7 6.6 6.5
Fixes: QTBUG-123891
Change-Id: I21470df0ce2528bad3babffc6e9f19b7afd29d20
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network/access/qhttp2protocolhandler.cpp')
-rw-r--r-- | src/network/access/qhttp2protocolhandler.cpp | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp index 376f7251ff..d9341dc643 100644 --- a/src/network/access/qhttp2protocolhandler.cpp +++ b/src/network/access/qhttp2protocolhandler.cpp @@ -1205,12 +1205,14 @@ void QHttp2ProtocolHandler::handleAuthorization(Stream &stream) // In this case IIS will fall back to HTTP/1.1." // Though it might be OK to ignore this. The server shouldn't let us connect with // HTTP/2 if it doesn't support us using it. - } else if (!auth.isEmpty()) { - // Somewhat mimics parts of QHttpNetworkConnectionChannel::handleStatus - bool resend = false; - const bool authenticateHandled = m_connection->d_func()->handleAuthenticateChallenge( - m_socket, httpReply, isProxy, resend); - if (authenticateHandled && resend) { + return false; + } + // Somewhat mimics parts of QHttpNetworkConnectionChannel::handleStatus + bool resend = false; + const bool authenticateHandled = m_connection->d_func()->handleAuthenticateChallenge( + m_socket, httpReply, isProxy, resend); + if (authenticateHandled) { + if (resend) { httpReply->d_func()->eraseData(); // Add the request back in queue, we'll retry later now that // we've gotten some username/password set on it: @@ -1225,11 +1227,15 @@ void QHttp2ProtocolHandler::handleAuthorization(Stream &stream) // We automatically try to send new requests when the stream is // closed, so we don't need to call sendRequest ourselves. return true; - } // else: Authentication failed or was cancelled + } // else: we're just not resending the request. + // @note In the http/1.x case we (at time of writing) call close() + // for the connectionChannel (which is a bit weird, we could surely + // reuse the open socket outside "connection:close"?), but in http2 + // we only have one channel, so we won't close anything. } else { - // No authentication header, but we got a 401/407 so we cannot - // succeed. We need to emit signals for headers and data, and then - // finishWithError. + // No authentication header or authentication isn't supported, but + // we got a 401/407 so we cannot succeed. We need to emit signals + // for headers and data, and then finishWithError. emit httpReply->headerChanged(); emit httpReply->readyRead(); QNetworkReply::NetworkError error = httpReply->statusCode() == 401 |