Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

xmlhttprequest crashing Safari 2.0 on http redirect

Hi,

I'm having trouble using the xmlhttprequest object on Safari 2.0.  It
seems the behavior concerning the handling of redirects on the page I'm
GETing is inconsistent across browsers, and Safari's is the least
elegant, to put it mildly.

I'm developing an in-house web app that uses the xmlhttprequest object
to fetch data from a server.  The request goes through an authentication
system called Bluestem
(https://www-s.uiuc.edu/bluestem/notes/index.html), which basically
redirects the http request to a login page on the initial connection,
and whenever the session has expired (2 hrs of inactivity).  Since the
user authenticates when the web app is loaded, the subsequent
xmlhttprequest's are allowed, and work fine in the latest versions of
Safari, Opera, Firefox, and IE.

The problem comes when the Bluestem session has expired.  If the user
then initiates an xmlhttprequest by interacting with the web app,
instead of receiving the typical response from the server (200), it
receives a 302 with Location: header pointing to the login page.  The
subsequent behavior by the user agent is inconsistent across the
browsers.  The document at
http://whatwg.org/specs/web-apps/current-work/#senddata states:

"If the response is an HTTP redirect, then it should be transparently
followed (unless it violates security or infinite loop precautions). Any
other error (including a 401) must cause the object to use that error
page as the response."

I'm not sure if this is any sort of definitive spec, but would be nice
if there was one.  Firefox returns a request status of 302, IE returns 0
(if I'm remembering correctly), Opera transparently follows the redirect
(returning the login page html as the responseText), but Safari simply
crashes between readyState-s 1 and 2.  The whole browser just
disappears, and then I get the crashed/try-again dialog.

Some more research was done by the JPSPAN team, at:
http://jpspan.sourceforge.net/wiki/doku.php?id=javascript:xmlhttprequest:behaviour:httpheaders#redirects

If anyone wants to see the error, you can access a static version of the
page at:

https://tigger.uic.edu/~mterlo1/cso/webapps/supplies/InventoryUpdate/webapp.cgi.html

It should crash Safari 2.0 while doing the initial update.  On other
browsers, you should see a "Bluestem authentication required" error
message in the title bar.

The actual page serving the webapp is unavailable to the public, but for
reference it's:
https://tigger.uic.edu/htbin/perlwrap-auth/mterlo1/cso/webapps/supplies/InventoryUpdate/webapp.cgi

Please let me know if there's anything I can do to fix the problem, or
if more information is needed. Also, if any of the above links don't work (except the last), or if this is the wrong list to post this report to, please inform me.

Thanks,
Mike Ter Louw

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webcore-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webcore-dev/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.