Re: Inappropriate NSError from -[NSURLConnection sendSynchronousRequest:::]
Re: Inappropriate NSError from -[NSURLConnection sendSynchronousRequest:::]
- Subject: Re: Inappropriate NSError from -[NSURLConnection sendSynchronousRequest:::]
- From: Jeff Johnson <email@hidden>
- Date: Mon, 5 Oct 2009 00:44:19 -0500
Hi Jerry.
Don't use +[NSURLConnection
sendSynchronousRequest:returningResponse:error:], it's a bad API.
Instead use -[NSURLConnection initWithRequest:delegate:]. :-)
If you use the async NSURLConnection API, you'll get a
connection:didReceiveAuthenticationChallenge: delegate call in
response to your request. At that point, you can decide whether to
send a new credential, continue without credentials, or cancel. If you
call [[challenge sender]
continueWithoutCredentialForAuthenticationChallenge:challenge], then
you'll get a connection: didReceiveResponse: call with an HTTP 401
response, and the connection will finish loading without error.
It may be an implementation detail of the sync API that when it
receives an authentication challenge, it cancels. When you use the
sync API, you're leaving the policy decisions to Apple instead of
making them yourself.
-Jeff
On Oct 5, 2009, at 12:01 AM, Jerry Krinock wrote:
In Mac OS 10.5, if I construct an NSURL containing a username and
password embedded in the URL, and if that username and password is
bad, i.e.
https://BadUsername:email@hidden/v1/posts/update#
and then I feed this NSURL in a NSURLRequest to
-[NSURLConnection sendSynchronousRequest:returningResponse:error:]
it returns an NSError in domain NSURLErrorDomain with errorCode
NSURLErrorUserCancelledAuthentication = -1012.
This seems to be fishy because the user didn't cancel -- the user
provided a bad username/password.
I would like to detect the given NSError and map it to appropriate
alert text. So, following the First Theorem of Reverse Engineering,
I am going to set aside common sense, and map
NSURLErrorUserCancelledAuthentication to tell the user that "The
username/password you entered was not accepted by the server."
Since there is no documentation on exactly what NSError is provided,
I'm worried that Apple is going to fix this someday by defining and
returning a more proper error code, NSURLErrorBadCredential or
something like that, and this will break my app.
Could someone please explain the logic of how "bad username/
password" became "user cancelled", and how permanent is this
association?
By the way, NSURLErrorUserCancelledAuthentication is, in my opinion,
the 2nd-most appropriate error code for bad username/password which
is currently defined in NSURLErrorDomain.
NSURLErrorUserAuthenticationRequired = -1013 might be a little more
appropriate, but still that implies a *missing* instead of a *wrong*
credential.
Sincerely,
Jerry Krinock
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden