Rails core - Nov 2006 - [offtopic] HTTP Authentication in Safari is broken for RESTful Rails

There''s currently a bug in Safari, or more likely somewhere in the OS  
X HTTP API that breaks HTTP Authentication when there is a semicolon  
in the path part of the URL. This means it''s impossible to use HTTP  
Authentication when you''re building a RESTful Rails app that needs to  
work in Safari.

More details can be found at http://bugs.webkit.org/show_bug.cgi? 
id=10073

There''s a test page at http://onautopilot.com/test;webkit that should  
ask you for a username and a password.

Right now this still seems to be broken in Leopard. It would be great  
if somebody who knows the right people inside Apple could try to  
raise awareness of this issue. It would be somewhat ironic if Leopard  
Server ships with Rails while this is still broken.

Kind regards,
Thijs

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

On 25/11/2006, at 6:35 AM, Thijs van der Vossen wrote:
>
> There''s currently a bug in Safari, or more likely somewhere in the
OS
> X HTTP API that breaks HTTP Authentication when there is a semicolon
> in the path part of the URL. This means it''s impossible to use
HTTP
> Authentication when you''re building a RESTful Rails app that needs
to
> work in Safari.
I stumbled across this in September, and it required this ugly, ugly  
work around:
http://toolmantim.com/article/2006/9/19/ 
safari_urls_the_semi_colon_and_one_night_in_paris

Thanks for raising the issue properly and trying to get it addressed.

-- tim


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

On Nov 25, 2006, at 12:01 AM, Tim Lucas wrote:
> On 25/11/2006, at 6:35 AM, Thijs van der Vossen wrote:
>> There''s currently a bug in Safari, or more likely somewhere in
the OS
>> X HTTP API that breaks HTTP Authentication when there is a semicolon
>> in the path part of the URL. This means it''s impossible to use
HTTP
>> Authentication when you''re building a RESTful Rails app that
needs to
>> work in Safari.
>
> I stumbled across this in September, and it required this ugly, ugly
> work around:
> http://toolmantim.com/article/2006/9/19/
> safari_urls_the_semi_colon_and_one_night_in_paris
>
> Thanks for raising the issue properly and trying to get it addressed.
Great idea to try escaping the semicolon!
For those interested, you can work around this issue by adding the  
following to your ApplicationController in app/controllers/ 
application.rb:

   # make HTTP Authentication work on Safari for RESTful Rails
   alias_method :orig_url_for, :url_for
   def url_for(options = {}, *parameters_for_method_reference)
     result = orig_url_for(options, parameters_for_method_reference)
     if request.env[''HTTP_USER_AGENT''].to_s.include?
''AppleWebKit''
       result.is_a?(String) ? result.gsub('';'',
''%3B'') : result
     else
       result
     end
   end

Kind regards,
Thijs

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

On Nov 29, 2006, at 6:09 AM, Thijs van der Vossen wrote:
> On Nov 25, 2006, at 12:01 AM, Tim Lucas wrote:
>> On 25/11/2006, at 6:35 AM, Thijs van der Vossen wrote:
>>> There''s currently a bug in Safari, or more likely
somewhere in
>>> the OS
>>> X HTTP API that breaks HTTP Authentication when there is a
semicolon
>>> in the path part of the URL. This means it''s impossible to
use HTTP
>>> Authentication when you''re building a RESTful Rails app
that
>>> needs to
>>> work in Safari.
>>
>> I stumbled across this in September, and it required this ugly, ugly
>> work around:
>> http://toolmantim.com/article/2006/9/19/
>> safari_urls_the_semi_colon_and_one_night_in_paris
>>
>> Thanks for raising the issue properly and trying to get it addressed.
>
> Great idea to try escaping the semicolon!
> For those interested, you can work around this issue by adding the
> following to your ApplicationController in app/controllers/
> application.rb:
>
>    # make HTTP Authentication work on Safari for RESTful Rails
>    alias_method :orig_url_for, :url_for
>    def url_for(options = {}, *parameters_for_method_reference)
>      result = orig_url_for(options, parameters_for_method_reference)
>      if request.env[''HTTP_USER_AGENT''].to_s.include?
''AppleWebKit''
>        result.is_a?(String) ? result.gsub('';'',
''%3B'') : result
>      else
>        result
>      end
>    end
Very nice, Thijs. A minor nitpick, and nothing to do with the actual  
solution: when overriding a method in a subclass, you can just call  
''super'' to get at the original. You don''t actually
need to alias the
original. The alias trick is only needed when you are altering a  
method of the current class. For instance, if you were monkeypatching  
a new url_for implementation into ActionController::Base itself,  
you''d need to use alias there to preserve the original url_for.

- Jamis Buck
jamis@37signals.com

On 30/11/2006, at 12:09 AM, Thijs van der Vossen wrote:
>
> On Nov 25, 2006, at 12:01 AM, Tim Lucas wrote:
>> On 25/11/2006, at 6:35 AM, Thijs van der Vossen wrote:
>>> There''s currently a bug in Safari, or more likely
somewhere in
>>> the OS
>>> X HTTP API that breaks HTTP Authentication when there is a
semicolon
>>> in the path part of the URL. This means it''s impossible to
use HTTP
>>> Authentication when you''re building a RESTful Rails app
that
>>> needs to
>>> work in Safari.
>>
>> I stumbled across this in September, and it required this ugly, ugly
>> work around:
>> http://toolmantim.com/article/2006/9/19/
>> safari_urls_the_semi_colon_and_one_night_in_paris
>>
>> Thanks for raising the issue properly and trying to get it addressed.
>
> Great idea to try escaping the semicolon!
> For those interested, you can work around this issue by adding the
> following to your ApplicationController in app/controllers/
> application.rb:
>
>    # make HTTP Authentication work on Safari for RESTful Rails
>    alias_method :orig_url_for, :url_for
>    def url_for(options = {}, *parameters_for_method_reference)
>      result = orig_url_for(options, parameters_for_method_reference)
>      if request.env[''HTTP_USER_AGENT''].to_s.include?
''AppleWebKit''
>        result.is_a?(String) ? result.gsub('';'',
''%3B'') : result
>      else
>        result
>      end
>    end
Thanks Thijs, updated accordingly (with slightly cleaner code):
http://toolmantim.com/article/2006/9/19/ 
safari_urls_the_semi_colon_and_one_night_in_paris

-- tim



--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

On Nov 29, 2006, at 4:11 PM, Jamis Buck wrote:
> On Nov 29, 2006, at 6:09 AM, Thijs van der Vossen wrote:
>> On Nov 25, 2006, at 12:01 AM, Tim Lucas wrote:
>> Great idea to try escaping the semicolon!
>> For those interested, you can work around this issue by adding the
>> following to your ApplicationController in app/controllers/
>> application.rb:
>>
>>    # make HTTP Authentication work on Safari for RESTful Rails
>>    alias_method :orig_url_for, :url_for
>>    def url_for(options = {}, *parameters_for_method_reference)
>>      result = orig_url_for(options, parameters_for_method_reference)
>>      if request.env[''HTTP_USER_AGENT''].to_s.include?
''AppleWebKit''
>>        result.is_a?(String) ? result.gsub('';'',
''%3B'') : result
>>      else
>>        result
>>      end
>>    end
>
> Very nice, Thijs. A minor nitpick, and nothing to do with the  
> actual solution: when overriding a method in a subclass, you can  
> just call ''super'' to get at the original. You
don''t actually need
> to alias the original. The alias trick is only needed when you are  
> altering a method of the current class. For instance, if you were  
> monkeypatching a new url_for implementation into  
> ActionController::Base itself, you''d need to use alias there to  
> preserve the original url_for.
At first I tried to call super as Tim did, but I ended up with an url  
without the '';edit'' part while using the url helpers generated
by
ActionController::Resources.

I''ve looked into this again and it seems that I need to explicitly  
pass the parameters to super to make it work. Like this:

   def url_for(options = {}, *parameters_for_method_reference)
     result = super(options, parameters_for_method_reference)
     if request.env[''HTTP_USER_AGENT''].to_s.include?
''AppleWebKit''
       result.is_a?(String) ?
result.gsub('';'',''%3B'') : result
     else
       result
     end
   end

My understanding of super was that it passed the original method''s  
parameters, but maybe not in this case.

Kind regards,
Thijs