Discussion:
[webkit-gtk] webkit-gtk - memory leak?
Toni Koski
2010-11-01 09:20:19 UTC
Permalink
Hi list,

My goal is to create webkit/gtk based browser, which can be controlled
via Linux pipe (fifo).

I have made several test with webkit, but there is always "huge" memory
leaks.
I have used lastest webkit build: "WebKit r70732 was built on 28 October
2010".
I assume that the leak is in the cache(maybe I am wrong). Amount of the
memory leak is related to loaded page.
So, everything to disabling cache has done. I have also set: "m_disabled
= true " in the :"WebCore/loader/Cache.cpp"

I have tested both cache modes with out any effects for the memory leak:
- WEBKIT_CACHE_MODEL_WEB_BROWSER
- WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER

And same result with all methods:
- webkit_web_view_reload_bypass_cache
- webkit_web_view_load_uri
- webkit_web_view_reload





Even if I run callback function once with "gtk_widget_destroy(wk);", it
does not release used memory.


Plese help me, I am desperate ;-)





Here is my testcode:

#include <gtk/gtk.h>
#include <webkit/webkit.h>
#include <stdlib.h>
#include <time.h>



static WebKitWebView* web_view;

static char *urls[] = {"http://www.utu.fi",
"http://www.ts.fi",
"http://www.hs.fi",
"http://www.google.fi",
"http://www.hs.fi",
"http://www.turku.fi"};

gboolean callback (gpointer wk)
{
g_print("loading\n");
//webkit_web_view_load_uri(wk, urls[rand() % 6]);
//webkit_web_view_load_uri(wk, "http://www.hs.fi");
webkit_web_view_reload_bypass_cache(wk);
return TRUE;
}


int main( int argc, char *argv[])
{
GtkWidget *window;
GtkWidget *vbox;

gtk_init(&argc, &argv);

window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
gtk_window_set_default_size(GTK_WINDOW(window), 1024, 768);



web_view = WEBKIT_WEB_VIEW(webkit_web_view_new ());
gtk_widget_set_size_request(GTK_WIDGET(web_view), 1024,768);

//webkit_set_cache_model(WEBKIT_CACHE_MODEL_WEB_BROWSER);
webkit_set_cache_model(WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER);

WebKitWebSettings *settings = webkit_web_settings_new();
g_object_set(G_OBJECT(settings),
"enable-offline-web-application-cache", FALSE, NULL);
g_object_set(G_OBJECT(settings), "enable-private-browsing", TRUE,
NULL);
g_object_set(G_OBJECT(settings), "enable-scripts", FALSE, NULL);
g_object_set(G_OBJECT(settings), "enable-plugins", FALSE, NULL);
webkit_web_view_set_settings(web_view, settings);

WebKitWebBackForwardList *back_forward_list =
webkit_web_view_get_back_forward_list(web_view);
webkit_web_back_forward_list_set_limit(back_forward_list, 1);

gtk_container_add(GTK_CONTAINER (window), GTK_WIDGET(web_view));
webkit_web_view_load_uri(web_view, "http://www.hs.fi");

gtk_widget_show_all(window);

g_timeout_add(12000, callback, web_view);
gtk_main();

return 0;
}






/toni
Toni Koski
2010-11-02 07:33:36 UTC
Permalink
No effect with g_free(). Still leaking.
Yes, I have tested with uzbl also. With "www.hs.fi" I can see that the
used memory increases when the page is reloaded again and again :-(

/toni
you could call g_free() ? try taking a look at some other webkit
examples. i'm also pretty sure that uzbl has covered FIFO piping so
maybe look at their code for example.
Hi list,
My goal is to create webkit/gtk based browser, which can be
controlled via Linux pipe (fifo).
I have made several test with webkit, but there is always "huge"
memory leaks.
I have used lastest webkit build: "WebKit r70732 was built on 28
October 2010".
I assume that the leak is in the cache(maybe I am wrong). Amount
of the memory leak is related to loaded page.
"m_disabled = true " in the :"WebCore/loader/Cache.cpp"
- WEBKIT_CACHE_MODEL_WEB_BROWSER
- WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER
- webkit_web_view_reload_bypass_cache
- webkit_web_view_load_uri
- webkit_web_view_reload
Even if I run callback function once with
"gtk_widget_destroy(wk);", it does not release used memory.
Plese help me, I am desperate ;-)
#include <gtk/gtk.h>
#include <webkit/webkit.h>
#include <stdlib.h>
#include <time.h>
static WebKitWebView* web_view;
static char *urls[] = {"http://www.utu.fi",
"http://www.ts.fi",
"http://www.hs.fi",
"http://www.google.fi",
"http://www.hs.fi",
"http://www.turku.fi"};
gboolean callback (gpointer wk)
{
g_print("loading\n");
//webkit_web_view_load_uri(wk, urls[rand() % 6]);
//webkit_web_view_load_uri(wk, "http://www.hs.fi");
webkit_web_view_reload_bypass_cache(wk);
return TRUE;
}
int main( int argc, char *argv[])
{
GtkWidget *window;
GtkWidget *vbox;
gtk_init(&argc, &argv);
window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
gtk_window_set_default_size(GTK_WINDOW(window), 1024, 768);
web_view = WEBKIT_WEB_VIEW(webkit_web_view_new ());
gtk_widget_set_size_request(GTK_WIDGET(web_view), 1024,768);
//webkit_set_cache_model(WEBKIT_CACHE_MODEL_WEB_BROWSER);
webkit_set_cache_model(WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER);
WebKitWebSettings *settings = webkit_web_settings_new();
g_object_set(G_OBJECT(settings),
"enable-offline-web-application-cache", FALSE, NULL);
g_object_set(G_OBJECT(settings), "enable-private-browsing",
TRUE, NULL);
g_object_set(G_OBJECT(settings), "enable-scripts", FALSE, NULL);
g_object_set(G_OBJECT(settings), "enable-plugins", FALSE, NULL);
webkit_web_view_set_settings(web_view, settings);
WebKitWebBackForwardList *back_forward_list =
webkit_web_view_get_back_forward_list(web_view);
webkit_web_back_forward_list_set_limit(back_forward_list, 1);
gtk_container_add(GTK_CONTAINER (window), GTK_WIDGET(web_view));
webkit_web_view_load_uri(web_view, "http://www.hs.fi");
gtk_widget_show_all(window);
g_timeout_add(12000, callback, web_view);
gtk_main();
return 0;
}
/toni
_______________________________________________
webkit-gtk mailing list
http://lists.webkit.org/mailman/listinfo.cgi/webkit-gtk
Sergio Villar Senin
2010-11-02 08:23:44 UTC
Permalink
Post by Toni Koski
No effect with g_free(). Still leaking.
Yes, I have tested with uzbl also. With "www.hs.fi" I can see that the
used memory increases when the page is reloaded again and again :-(
Maybe the problem is related to the new HTTP cache we added recently.
Even if you do not use it, you'll be using the new stream based loading
code needed by cache. I can help with that, just ping me (sergio) on IRC.

BR
Post by Toni Koski
/toni
you could call g_free() ? try taking a look at some other webkit
examples. i'm also pretty sure that uzbl has covered FIFO piping so
maybe look at their code for example.
Hi list,
My goal is to create webkit/gtk based browser, which can be
controlled via Linux pipe (fifo).
I have made several test with webkit, but there is always "huge"
memory leaks.
I have used lastest webkit build: "WebKit r70732 was built on 28
October 2010".
I assume that the leak is in the cache(maybe I am wrong). Amount
of the memory leak is related to loaded page.
"m_disabled = true " in the :"WebCore/loader/Cache.cpp"
- WEBKIT_CACHE_MODEL_WEB_BROWSER
- WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER
- webkit_web_view_reload_bypass_cache
- webkit_web_view_load_uri
- webkit_web_view_reload
Even if I run callback function once with
"gtk_widget_destroy(wk);", it does not release used memory.
Plese help me, I am desperate ;-)
#include <gtk/gtk.h>
#include <webkit/webkit.h>
#include <stdlib.h>
#include <time.h>
static WebKitWebView* web_view;
static char *urls[] = {"http://www.utu.fi",
"http://www.ts.fi",
"http://www.hs.fi",
"http://www.google.fi",
"http://www.hs.fi",
"http://www.turku.fi"};
gboolean callback (gpointer wk)
{
g_print("loading\n");
//webkit_web_view_load_uri(wk, urls[rand() % 6]);
//webkit_web_view_load_uri(wk, "http://www.hs.fi");
webkit_web_view_reload_bypass_cache(wk);
return TRUE;
}
int main( int argc, char *argv[])
{
GtkWidget *window;
GtkWidget *vbox;
gtk_init(&argc, &argv);
window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
gtk_window_set_default_size(GTK_WINDOW(window), 1024, 768);
web_view = WEBKIT_WEB_VIEW(webkit_web_view_new ());
gtk_widget_set_size_request(GTK_WIDGET(web_view), 1024,768);
//webkit_set_cache_model(WEBKIT_CACHE_MODEL_WEB_BROWSER);
webkit_set_cache_model(WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER);
WebKitWebSettings *settings = webkit_web_settings_new();
g_object_set(G_OBJECT(settings),
"enable-offline-web-application-cache", FALSE, NULL);
g_object_set(G_OBJECT(settings), "enable-private-browsing",
TRUE, NULL);
g_object_set(G_OBJECT(settings), "enable-scripts", FALSE, NULL);
g_object_set(G_OBJECT(settings), "enable-plugins", FALSE, NULL);
webkit_web_view_set_settings(web_view, settings);
WebKitWebBackForwardList *back_forward_list =
webkit_web_view_get_back_forward_list(web_view);
webkit_web_back_forward_list_set_limit(back_forward_list, 1);
gtk_container_add(GTK_CONTAINER (window), GTK_WIDGET(web_view));
webkit_web_view_load_uri(web_view, "http://www.hs.fi");
gtk_widget_show_all(window);
g_timeout_add(12000, callback, web_view);
gtk_main();
return 0;
}
/toni
_______________________________________________
webkit-gtk mailing list
http://lists.webkit.org/mailman/listinfo.cgi/webkit-gtk
_______________________________________________
webkit-gtk mailing list
http://lists.webkit.org/mailman/listinfo.cgi/webkit-gtk
Sergio Villar Senin
2010-11-02 11:22:21 UTC
Permalink
Post by Sergio Villar Senin
Post by Toni Koski
No effect with g_free(). Still leaking.
Yes, I have tested with uzbl also. With "www.hs.fi" I can see that the
used memory increases when the page is reloaded again and again :-(
Maybe the problem is related to the new HTTP cache we added recently.
Even if you do not use it, you'll be using the new stream based loading
code needed by cache. I can help with that, just ping me (sergio) on IRC.
After investigating a little bit it seems that it's not cache's issue.
BTW running your example with valgrind gives me the following outcome
after 5 reloads:

==23248== LEAK SUMMARY:
==23248== definitely lost: 8,804 bytes in 36 blocks
==23248== indirectly lost: 21,540 bytes in 1,051 blocks
==23248== possibly lost: 1,206,326 bytes in 9,118 blocks
==23248== still reachable: 758,669 bytes in 4,566 blocks
==23248== suppressed: 14,516 bytes in 270 blocks

This includes all the libraries used by webkitgtk. There is only 8k of
definitely lost memory. After 20 reloads I got this:

==23488== definitely lost: 12,817 bytes in 86 blocks
==23488== indirectly lost: 28,500 bytes in 1,387 blocks
==23488== possibly lost: 1,404,947 bytes in 9,443 blocks
==23488== still reachable: 1,051,558 bytes in 4,774 blocks
==23488== suppressed: 15,988 bytes in 297 blocks

So 12k of definitely lost memory after 20 reloads. Most of the possibly
lost stuff is related to font handling as far as I saw. What is the
"huge" leak you identified? What tools are you using?

Br
Toni Koski
2010-11-03 06:17:22 UTC
Permalink
Post by Sergio Villar Senin
Post by Sergio Villar Senin
Post by Toni Koski
No effect with g_free(). Still leaking.
Yes, I have tested with uzbl also. With "www.hs.fi" I can see that the
used memory increases when the page is reloaded again and again :-(
Maybe the problem is related to the new HTTP cache we added recently.
Even if you do not use it, you'll be using the new stream based loading
code needed by cache. I can help with that, just ping me (sergio) on IRC.
After investigating a little bit it seems that it's not cache's issue.
BTW running your example with valgrind gives me the following outcome
==23248== definitely lost: 8,804 bytes in 36 blocks
==23248== indirectly lost: 21,540 bytes in 1,051 blocks
==23248== possibly lost: 1,206,326 bytes in 9,118 blocks
==23248== still reachable: 758,669 bytes in 4,566 blocks
==23248== suppressed: 14,516 bytes in 270 blocks
This includes all the libraries used by webkitgtk. There is only 8k of
==23488== definitely lost: 12,817 bytes in 86 blocks
==23488== indirectly lost: 28,500 bytes in 1,387 blocks
==23488== possibly lost: 1,404,947 bytes in 9,443 blocks
==23488== still reachable: 1,051,558 bytes in 4,774 blocks
==23488== suppressed: 15,988 bytes in 297 blocks
So 12k of definitely lost memory after 20 reloads. Most of the possibly
lost stuff is related to font handling as far as I saw. What is the
"huge" leak you identified? What tools are you using?
Br
_______________________________________________
webkit-gtk mailing list
http://lists.webkit.org/mailman/listinfo.cgi/webkit-gtk
I have not made any "professional" memory tracking. I have just
monitoring RSS size with "ps" -command and top. Some of test I have made
with "smem.pl" Perl script, with is reading memory usage from
/proc/$PID/smap file and generates human readable reports.
Yes, I know RSS is not whole truth. But what I can see in real world, is
that the test-program seems to use more and more merory until system
starts to swap and freeze. Website "www.hs.fi" seems to be very bad in
point of view mine tests. If I loop my program without any "reload",
"reload_bypass_cache" or "load_uri", I cant see any memory leak.

/toni
Toni Koski
2013-10-16 09:18:17 UTC
Permalink
Hello Webkits,

I try to implement NTLM authentication with webkit2gtk (2.2.0).

There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM. It
seems to work fine at least with BASIC and DIGEST -authentications.


gboolean auth_callback(WebKitWebView *web_view,
WebKitAuthenticationRequest *request,
gpointer user_data)
{
g_print("Catch auth signal!\n");

const gchar *host = NULL;
const gchar *realm = NULL;
WebKitAuthenticationScheme scheme;

host=webkit_authentication_request_get_host(request);
realm=webkit_authentication_request_get_realm(request);
scheme=webkit_authentication_request_get_scheme(request);
g_print("AUTH %s\n",host);
g_print("REALM %s\n",realm);
g_print("SCHEME %d\n",scheme);
return True;
}


g_signal_connect(web_view, "authenticate", G_CALLBACK(auth_callback), 0);


Any suggestion or sample code how to get it work.


/toni
Brian Holt
2013-10-16 09:22:19 UTC
Permalink
Hi Toni,

Your callback looks fine to me - I don't think it's a problem catching the
signal, but there may be a problem with the emission of the signal for NTML.

Do you have a test site that I can check with?

Regards
Brian
-----Original Message-----
Sent: 16 October 2013 10:18
Subject: [webkit-gtk] libwebkit2gtk and NTLM authentication
Hello Webkits,
I try to implement NTLM authentication with webkit2gtk (2.2.0).
There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM. It
seems to work fine at least with BASIC and DIGEST -authentications.
gboolean auth_callback(WebKitWebView *web_view,
WebKitAuthenticationRequest *request,
gpointer user_data) {
g_print("Catch auth signal!\n");
const gchar *host = NULL;
const gchar *realm = NULL;
WebKitAuthenticationScheme scheme;
host=webkit_authentication_request_get_host(request);
realm=webkit_authentication_request_get_realm(request);
scheme=webkit_authentication_request_get_scheme(request);
g_print("AUTH %s\n",host);
g_print("REALM %s\n",realm);
g_print("SCHEME %d\n",scheme);
return True;
}
g_signal_connect(web_view, "authenticate", G_CALLBACK(auth_callback), 0);
Any suggestion or sample code how to get it work.
/toni
_______________________________________________
webkit-gtk mailing list
https://lists.webkit.org/mailman/listinfo/webkit-gtk
Toni Koski
2013-10-16 09:29:41 UTC
Permalink
Hello Brian,

I have made all my test against Windows SBS 2011 in our local network.
So I don't have provide any test site for you :-(
I have tested with NTLM and NTLMv2. NTLM works fine with Chromium browser.

/toni
Post by Brian Holt
Hi Toni,
Your callback looks fine to me - I don't think it's a problem catching the
signal, but there may be a problem with the emission of the signal for NTML.
Do you have a test site that I can check with?
Regards
Brian
-----Original Message-----
Sent: 16 October 2013 10:18
Subject: [webkit-gtk] libwebkit2gtk and NTLM authentication
Hello Webkits,
I try to implement NTLM authentication with webkit2gtk (2.2.0).
There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM. It
seems to work fine at least with BASIC and DIGEST -authentications.
gboolean auth_callback(WebKitWebView *web_view,
WebKitAuthenticationRequest *request,
gpointer user_data) {
g_print("Catch auth signal!\n");
const gchar *host = NULL;
const gchar *realm = NULL;
WebKitAuthenticationScheme scheme;
host=webkit_authentication_request_get_host(request);
realm=webkit_authentication_request_get_realm(request);
scheme=webkit_authentication_request_get_scheme(request);
g_print("AUTH %s\n",host);
g_print("REALM %s\n",realm);
g_print("SCHEME %d\n",scheme);
return True;
}
g_signal_connect(web_view, "authenticate", G_CALLBACK(auth_callback), 0);
Any suggestion or sample code how to get it work.
/toni
_______________________________________________
webkit-gtk mailing list
https://lists.webkit.org/mailman/listinfo/webkit-gtk
Brian Holt
2013-10-16 09:44:20 UTC
Permalink
Hi Toni,

I'm fairly sure that the problem is not with the WK2 GTK API, but is rather with libsoup and whether it is emitting its own "authenticate" signal.
Carlos Garcia Campos
2013-10-16 09:38:48 UTC
Permalink
Post by Toni Koski
Hello Webkits,
I try to implement NTLM authentication with webkit2gtk (2.2.0).
There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM. It
seems to work fine at least with BASIC and DIGEST -authentications.
According to libsoup API docs, NTLM authentication is not enabled by
default and the feature should be added to the session explicitly. I
don't think we are doing that in WebKit, so I guess we don't support
NTLM authentication at the moment.

Dan, is this right?
--
Carlos Garcia Campos
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
Dan Winship
2013-10-16 12:29:02 UTC
Permalink
Post by Carlos Garcia Campos
Post by Toni Koski
I try to implement NTLM authentication with webkit2gtk (2.2.0).
There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM. It
seems to work fine at least with BASIC and DIGEST -authentications.
According to libsoup API docs, NTLM authentication is not enabled by
default and the feature should be added to the session explicitly. I
don't think we are doing that in WebKit, so I guess we don't support
NTLM authentication at the moment.
Dan, is this right?
Yes. You need to do

soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);

There are some arguments against enabling it by default; if you have the
client-side samba stuff installed, and are logged into a Windows domain,
then NTLM authentication can happen completely transparently (ie, no
"authenticate" signal, no password dialog) using the cached credentials,
and there are attacks against intranets that you could make using that
functionality if you could hijack someone's http connection... so it's
best to only have it get used when the app is explicitly expecting it to
be used (as in evolution).

-- Dan
Brian Holt
2013-10-16 12:40:20 UTC
Permalink
Post by Dan Winship
Post by Carlos Garcia Campos
Post by Toni Koski
There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM.
It
Post by Carlos Garcia Campos
Post by Toni Koski
seems to work fine at least with BASIC and DIGEST -authentications.
According to libsoup API docs, NTLM authentication is not enabled by
default and the feature should be added to the session explicitly. I
don't think we are doing that in WebKit, so I guess we don't support
NTLM authentication at the moment.
Dan, is this right?
Yes. You need to do
soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);
There are some arguments against enabling it by default; if you have
the client-side samba stuff installed, and are logged into a Windows
domain, then NTLM authentication can happen completely transparently
(ie, no "authenticate" signal, no password dialog) using the cached
credentials, and there are attacks against intranets that you could
make using that functionality if you could hijack someone's http
connection... so it's best to only have it get used when the app is
explicitly expecting it to be used (as in evolution).
This is fine if you are building WebKit yourself and are happy to add the line deep inside WebCore (perhaps in ResourceHandleSoup.cpp createSoupSession()), unless there is some way to get hold of the soup session at the API level? Perhaps we should expose an API in WebKitWebContext that allows NTLM e.g.

WEBKIT_API void
webkit_web_context_set_ntlm_authentication_enabled(WebKitWebContext *context,
gboolean enabled);

Regards
Brian
Toni Koski
2013-10-16 19:17:47 UTC
Permalink
Post by Brian Holt
Post by Dan Winship
Post by Carlos Garcia Campos
Post by Toni Koski
There can be found: "WEBKIT_AUTHENTICATION_SCHEME_NTLM = 5" from the
WebKitAuthenticationScheme.
However, I can't catch The "authenticate" -signal in case of NTLM.
It
Post by Carlos Garcia Campos
Post by Toni Koski
seems to work fine at least with BASIC and DIGEST -authentications.
According to libsoup API docs, NTLM authentication is not enabled by
default and the feature should be added to the session explicitly. I
don't think we are doing that in WebKit, so I guess we don't support
NTLM authentication at the moment.
Dan, is this right?
Yes. You need to do
soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);
There are some arguments against enabling it by default; if you have
the client-side samba stuff installed, and are logged into a Windows
domain, then NTLM authentication can happen completely transparently
(ie, no "authenticate" signal, no password dialog) using the cached
credentials, and there are attacks against intranets that you could
make using that functionality if you could hijack someone's http
connection... so it's best to only have it get used when the app is
explicitly expecting it to be used (as in evolution).
This is fine if you are building WebKit yourself and are happy to add the
line deep inside WebCore (perhaps in ResourceHandleSoup.cpp
createSoupSession()), unless there is some way to get hold of the soup
session at the API level? Perhaps we should expose an API in
WebKitWebContext that allows NTLM e.g.
WEBKIT_API void
webkit_web_context_set_ntlm_authentication_enabled(WebKitWebContext *context,
gboolean
enabled);
Regards
Brian
Thank you guys!
Works like a charm :-)

Added soup_session_add_feature_by_type(session, SOUP_TYPE_AUTH_NTLM); in
ResourceHandleSoup.cpp and recompiled libsoup with ntlm-auth.
This is fine for me until it is official provided by libwebkit.

/toni
Carlos Garcia Campos
2013-10-17 08:02:10 UTC
Permalink
Post by Toni Koski
Thank you guys!
Works like a charm :-)
Great to know it works.
Post by Toni Koski
Added soup_session_add_feature_by_type(session, SOUP_TYPE_AUTH_NTLM);
in ResourceHandleSoup.cpp and recompiled libsoup with ntlm-auth.
This is fine for me until it is official provided by libwebkit.
So, I guess we need to expose API to allow the user enable this feature
as Brian suggested. I think adding a new method to WebKitWebContext
makes sense, because other global network options are handled this way
(cookies, icon database, security manager, cache model, disk cache,
etc.).
Post by Toni Koski
/toni
--
Carlos Garcia Campos
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
Dan Winship
2013-10-17 18:44:28 UTC
Permalink
Post by Carlos Garcia Campos
So, I guess we need to expose API to allow the user enable this feature
as Brian suggested. I think adding a new method to WebKitWebContext
makes sense, because other global network options are handled this way
(cookies, icon database, security manager, cache model, disk cache,
etc.).
Eventually libsoup will optionally support "Negotiate" (aka GSS-API aka
Kerberos 5) authentication as well, so you might want to make the API a
little bit generic.

-- Dan
Carlos Garcia Campos
2013-10-18 06:55:43 UTC
Permalink
Post by Dan Winship
Post by Carlos Garcia Campos
So, I guess we need to expose API to allow the user enable this feature
as Brian suggested. I think adding a new method to WebKitWebContext
makes sense, because other global network options are handled this way
(cookies, icon database, security manager, cache model, disk cache,
etc.).
Eventually libsoup will optionally support "Negotiate" (aka GSS-API aka
Kerberos 5) authentication as well, so you might want to make the API a
little bit generic.
Good point, I actually thought about that, using a generic method that
receives a WebKitAuthenticationScheme[0], but then I thought that some
of the schemes should probably be always enabled, or is there any use
case where it makes sense to disable basic and digest, for example?

[0] http://webkitgtk.org/reference/webkit2gtk/stable/WebKitAuthenticationRequest.html#WebKitAuthenticationScheme
Post by Dan Winship
-- Dan
--
Carlos Garcia Campos
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
Gavin Lambert
2013-10-18 07:22:15 UTC
Permalink
Post by Carlos Garcia Campos
Good point, I actually thought about that, using a generic method that
receives a WebKitAuthenticationScheme[0], but then I thought that some
of the schemes should probably be always enabled, or is there any use
case where it makes sense to disable basic and digest, for example?
The security-paranoid might want to disable basic, since it's little better than clear-text passwords. (Although the security-paranoid shouldn't be sending passwords over anything but HTTPS anyway, so maybe it's moot.)
Dan Winship
2013-10-18 13:17:43 UTC
Permalink
Post by Carlos Garcia Campos
Post by Dan Winship
Eventually libsoup will optionally support "Negotiate" (aka GSS-API aka
Kerberos 5) authentication as well, so you might want to make the API a
little bit generic.
Good point, I actually thought about that, using a generic method that
receives a WebKitAuthenticationScheme[0], but then I thought that some
of the schemes should probably be always enabled, or is there any use
case where it makes sense to disable basic and digest, for example?
I don't think it would ever make sense in a general-purpose web browser,
but there might be other uses of WebKitGTK where it does?

-- Dan
Toni Koski
2014-05-28 13:06:22 UTC
Permalink
Post by Dan Winship
Post by Carlos Garcia Campos
Post by Dan Winship
Eventually libsoup will optionally support "Negotiate" (aka GSS-API aka
Kerberos 5) authentication as well, so you might want to make the API a
little bit generic.
Good point, I actually thought about that, using a generic method that
receives a WebKitAuthenticationScheme[0], but then I thought that some
of the schemes should probably be always enabled, or is there any use
case where it makes sense to disable basic and digest, for example?
I don't think it would ever make sense in a general-purpose web browser,
but there might be other uses of WebKitGTK where it does?
-- Dan
Still no official support for NTLM, NTLMv2 or Kerberos auth?
Any thoughts?


/toni

Loading...