196046 2019-03-20 17:36:30 -0700 [WebAuthN] Add a quirk for google.com when processing AppID extension 2019-05-02 15:49:20 -0700 1 1 1 Unclassified WebKit Platform WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 181943 1 aczeskis jiewen_tan alex.gaynor bfulgham commit-queue jiewen_tan simon.fraser webkit-bug-importer wenson_hsieh oldest_to_newest 1519360 0 aczeskis 2019-03-20 17:36:30 -0700 For historical reasons (being the first U2F implementor) Google uses a non-standard (cross-origin) AppID. The App ID is “www.gstatic.com” for logins to “google.com” and its subdomains. This bug requests an exception on the cross-origin check for valid AppIds in the case of google.com and gstatic.com. Both Chrome and Firefox already make this exception. Firefox tracking bug and implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=1436078 Chrome's implementation: https://cs.chromium.org/chromium/src/content/browser/webauth/authenticator_common.cc?l=252&rcl=4d674f923c5a1f03b2262132cb621a3db78f7562 1519378 1 webkit-bug-importer 2019-03-20 18:13:04 -0700 <rdar://problem/49088479> 1532213 2 368761 jiewen_tan 2019-05-01 21:58:36 -0700 Created attachment 368761 Patch 1532314 3 368761 bfulgham 2019-05-02 10:00:55 -0700 Comment on attachment 368761 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368761&action=review > Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 > +{ Please add a comment: " FIXME(BUG #): Remove this quirk in 2023 As an early adopter of U2F features, Google has a large number of existing device registrations that authenticate 'google.com' against 'gstatic.com'. Firefox and other browsers have agreed to grant an exception to the AppId rules for a limited time period (5 years from January, 2018) to allow existing Google users to seamlessly transition to proper WebAuthN behavior. " Then please file a bug to remove this quirk in 2023. 1532369 4 368761 jiewen_tan 2019-05-02 11:34:27 -0700 Comment on attachment 368761 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368761&action=review >> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 >> +{ > > Please add a comment: > > " > FIXME(BUG #): Remove this quirk in 2023 > As an early adopter of U2F features, Google has a large number of existing device registrations that authenticate 'google.com' against 'gstatic.com'. > Firefox and other browsers have agreed to grant an exception to the AppId rules for a limited time period (5 years from January, 2018) to allow existing > Google users to seamlessly transition to proper WebAuthN behavior. > " > > Then please file a bug to remove this quirk in 2023. Added. 1532370 5 jiewen_tan 2019-05-02 11:34:49 -0700 (In reply to Brent Fulgham from comment #3) > Comment on attachment 368761 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=368761&action=review > > > Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 > > +{ > > Please add a comment: > > " > FIXME(BUG #): Remove this quirk in 2023 > As an early adopter of U2F features, Google has a large number of existing > device registrations that authenticate 'google.com' against 'gstatic.com'. > Firefox and other browsers have agreed to grant an exception to the AppId > rules for a limited time period (5 years from January, 2018) to allow > existing > Google users to seamlessly transition to proper WebAuthN behavior. > " > > Then please file a bug to remove this quirk in 2023. Thanks Brent for r+ this patch. 1532373 6 368798 jiewen_tan 2019-05-02 11:36:34 -0700 Created attachment 368798 Patch for landing 1532386 7 368798 commit-queue 2019-05-02 12:15:13 -0700 Comment on attachment 368798 Patch for landing Clearing flags on attachment: 368798 Committed r244879: <https://trac.webkit.org/changeset/244879> 1532405 8 368761 simon.fraser 2019-05-02 12:57:44 -0700 Comment on attachment 368761 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368761&action=review >>>> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 >>>> +{ >>> >>> Please add a comment: >>> >>> " >>> FIXME(BUG #): Remove this quirk in 2023 >>> As an early adopter of U2F features, Google has a large number of existing device registrations that authenticate 'google.com' against 'gstatic.com'. >>> Firefox and other browsers have agreed to grant an exception to the AppId rules for a limited time period (5 years from January, 2018) to allow existing >>> Google users to seamlessly transition to proper WebAuthN behavior. >>> " >>> >>> Then please file a bug to remove this quirk in 2023. >> >> Added. > > Thanks Brent for r+ this patch. This needs to go through the Quirks class so that the Develop menu switch can turn it off. 1532439 9 jiewen_tan 2019-05-02 14:04:59 -0700 (In reply to Simon Fraser (smfr) from comment #8) > Comment on attachment 368761 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=368761&action=review > > >>>> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 > >>>> +{ > >>> > >>> Please add a comment: > >>> > >>> " > >>> FIXME(BUG #): Remove this quirk in 2023 > >>> As an early adopter of U2F features, Google has a large number of existing device registrations that authenticate 'google.com' against 'gstatic.com'. > >>> Firefox and other browsers have agreed to grant an exception to the AppId rules for a limited time period (5 years from January, 2018) to allow existing > >>> Google users to seamlessly transition to proper WebAuthN behavior. > >>> " > >>> > >>> Then please file a bug to remove this quirk in 2023. > >> > >> Added. > > > > Thanks Brent for r+ this patch. > > This needs to go through the Quirks class so that the Develop menu switch > can turn it off. I would argue it is not meaningful to turn Quirks off. Basically, the whole WebAuthentication feature will not work in Google.com if this is off. 1532445 10 368761 wenson_hsieh 2019-05-02 14:31:04 -0700 Comment on attachment 368761 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368761&action=review >>>>>> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 >>>>>> +{ >>>>> >>>>> Please add a comment: >>>>> >>>>> " >>>>> FIXME(BUG #): Remove this quirk in 2023 >>>>> As an early adopter of U2F features, Google has a large number of existing device registrations that authenticate 'google.com' against 'gstatic.com'. >>>>> Firefox and other browsers have agreed to grant an exception to the AppId rules for a limited time period (5 years from January, 2018) to allow existing >>>>> Google users to seamlessly transition to proper WebAuthN behavior. >>>>> " >>>>> >>>>> Then please file a bug to remove this quirk in 2023. >>>> >>>> Added. >>> >>> Thanks Brent for r+ this patch. >> >> This needs to go through the Quirks class so that the Develop menu switch can turn it off. > > I would argue it is not meaningful to turn Quirks off. Basically, the whole WebAuthentication feature will not work in Google.com if this is off. I believe the utility in being able to turn off quirks is that web developers can easily test their content against the un-quirked browser engine, to make sure that their content will work when we finally remove the quirk. 1532453 11 jiewen_tan 2019-05-02 14:37:42 -0700 (In reply to Wenson Hsieh from comment #10) > Comment on attachment 368761 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=368761&action=review > > >>>>>> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:84 > >>>>>> +{ > >>>>> > >>>>> Please add a comment: > >>>>> > >>>>> " > >>>>> FIXME(BUG #): Remove this quirk in 2023 > >>>>> As an early adopter of U2F features, Google has a large number of existing device registrations that authenticate 'google.com' against 'gstatic.com'. > >>>>> Firefox and other browsers have agreed to grant an exception to the AppId rules for a limited time period (5 years from January, 2018) to allow existing > >>>>> Google users to seamlessly transition to proper WebAuthN behavior. > >>>>> " > >>>>> > >>>>> Then please file a bug to remove this quirk in 2023. > >>>> > >>>> Added. > >>> > >>> Thanks Brent for r+ this patch. > >> > >> This needs to go through the Quirks class so that the Develop menu switch can turn it off. > > > > I would argue it is not meaningful to turn Quirks off. Basically, the whole WebAuthentication feature will not work in Google.com if this is off. > > I believe the utility in being able to turn off quirks is that web > developers can easily test their content against the un-quirked browser > engine, to make sure that their content will work when we finally remove the > quirk. I don't think they would have any un-quirked version. I probably shouldn't name this as quirks. 368761 2019-05-01 21:58:36 -0700 2019-05-02 10:00:31 -0700 Patch bug-196046-20190501215834.patch text/plain 2897 jiewen_tan U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ0ODY2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNzBhNDQ0MDdmY2U4NWY3 YjcyNjJkZWVmNmEwZWJiOWQ3ODUxNDk3My4uN2JmZGZkMjAxYTA4MWUwYTVjMDFhNTc3NTU2ODli NzkwNDE3ZTdjOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDE5LTA1LTAxICBKaWV3 ZW4gVGFuICA8amlld2VuX3RhbkBhcHBsZS5jb20+CisKKyAgICAgICAgW1dlYkF1dGhOXSBBZGQg YSBxdWlyayBmb3IgZ29vZ2xlLmNvbSB3aGVuIHByb2Nlc3NpbmcgQXBwSUQgZXh0ZW5zaW9uCisg ICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xOTYwNDYKKyAg ICAgICAgPHJkYXI6Ly9wcm9ibGVtLzQ5MDg4NDc5PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIFJlbGF4aW5nIHRoZSBzYW1lIHNpdGUgcmVzdHJpY3Rp b24gb24gQXBwSUQgd2hpbGUgaW4gZ29vZ2xlLmNvbSBhbmQgYW55CisgICAgICAgIG9mIGl0cyBz dWJkb21haW5zIHRvIGFsbG93IHR3byB3d3cuZ3N0YXRpYy5jb20gQXBwSURzIHRvIHNsaXAgaW4u CisKKyAgICAgICAgQ292ZXJlZCBieSBtYW51YWwgdGVzdHMgb24gR29vZ2xlLmNvbS4KKworICAg ICAgICAqIE1vZHVsZXMvd2ViYXV0aG4vQXV0aGVudGljYXRvckNvb3JkaW5hdG9yLmNwcDoKKyAg ICAgICAgKFdlYkNvcmU6OkF1dGhlbnRpY2F0b3JDb29yZGluYXRvckludGVybmFsOjpuZWVkc0Fw cElkUXVpcmtzKToKKyAgICAgICAgKFdlYkNvcmU6OkF1dGhlbnRpY2F0b3JDb29yZGluYXRvcklu dGVybmFsOjpwcm9jZXNzQXBwSWRFeHRlbnNpb24pOgorCiAyMDE5LTA1LTAxICBKaWV3ZW4gVGFu ICA8amlld2VuX3RhbkBhcHBsZS5jb20+CiAKICAgICAgICAgW1dlYkF1dGhOXSBBZG9wdCBTZWN1 cml0eU9yaWdpbjo6aXNNYXRjaGluZ1JlZ2lzdHJhYmxlRG9tYWluU3VmZml4KCkKZGlmZiAtLWdp dCBhL1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvd2ViYXV0aG4vQXV0aGVudGljYXRvckNvb3JkaW5h dG9yLmNwcCBiL1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvd2ViYXV0aG4vQXV0aGVudGljYXRvckNv b3JkaW5hdG9yLmNwcAppbmRleCA5NTczOTI3ZjMwNGJiZDA5MmE3NGY4N2Y3ZGZjYjMwYmQyNmYz MjVmLi4zZTliZjlmZGFiNjI4N2IwODNmNmQ4ZDcxNmJlNWQxYjI4M2ZmMjI1IDEwMDY0NAotLS0g YS9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYmF1dGhuL0F1dGhlbnRpY2F0b3JDb29yZGluYXRv ci5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvTW9kdWxlcy93ZWJhdXRobi9BdXRoZW50aWNhdG9y Q29vcmRpbmF0b3IuY3BwCkBAIC04MCw2ICs4MCwxMyBAQCBzdGF0aWMgVmVjdG9yPHVpbnQ4X3Q+ IHByb2R1Y2VDbGllbnREYXRhSnNvbkhhc2goY29uc3QgQXJyYXlCdWZmZXImIGNsaWVudERhdGFK cwogICAgIHJldHVybiBjcnlwdG8tPmNvbXB1dGVIYXNoKCk7CiB9CiAKK3N0YXRpYyBib29sIG5l ZWRzQXBwSWRRdWlya3MoY29uc3QgU3RyaW5nJiBob3N0LCBjb25zdCBTdHJpbmcmIGFwcElkKQor eworICAgIGlmIChlcXVhbExldHRlcnNJZ25vcmluZ0FTQ0lJQ2FzZShob3N0LCAiZ29vZ2xlLmNv bSIpIHx8IGhvc3QuZW5kc1dpdGhJZ25vcmluZ0FTQ0lJQ2FzZSgiLmdvb2dsZS5jb20iKSkKKyAg ICAgICAgcmV0dXJuIChhcHBJZCA9PSAiaHR0cHM6Ly93d3cuZ3N0YXRpYy5jb20vc2VjdXJpdHlr ZXkvb3JpZ2lucy5qc29uIl9zKSB8fCAoYXBwSWQgPT0gImh0dHBzOi8vd3d3LmdzdGF0aWMuY29t L3NlY3VyaXR5a2V5L2EvZ29vZ2xlLmNvbS9vcmlnaW5zLmpzb24iX3MpOworICAgIHJldHVybiBm YWxzZTsKK30KKwogLy8gVGhlIGZvbGxvd2luZyByb3VnaGx5IGltcGxlbWVudHMgU3RlcCAxLTMg b2YgdGhlIHNwZWMgdG8gYXZvaWQgdGhlIGNvbXBsZXhpdHkgb2YgbWFraW5nIHVubmVjZXNzYXJ5 IG5ldHdvcmsgcmVxdWVzdHM6CiAvLyBodHRwczovL2ZpZG9hbGxpYW5jZS5vcmcvc3BlY3MvZmlk by12Mi4wLWlkLTIwMTgwMjI3L2ZpZG8tYXBwaWQtYW5kLWZhY2V0cy12Mi4wLWlkLTIwMTgwMjI3 Lmh0bWwjZGV0ZXJtaW5pbmctaWYtYS1jYWxsZXItcy1mYWNldGlkLWlzLWF1dGhvcml6ZWQtZm9y LWFuLWFwcGlkCiAvLyBJdCBmb2xsb3dzIHdoYXQgQ2hyb21lIGFuZCBGaXJlZm94IGRvLCBzZWU6 CkBAIC05Niw3ICsxMDMsNyBAQCBzdGF0aWMgU3RyaW5nIHByb2Nlc3NBcHBJZEV4dGVuc2lvbihj b25zdCBTZWN1cml0eU9yaWdpbiYgZmFjZXRJZCwgY29uc3QgU3RyaW5nJgogCiAgICAgLy8gU3Rl cCAzLiBSZWxheCB0aGUgY29tcGFyaXNvbiB0byBzYW1lIHNpdGUuCiAgICAgVVJMIGFwcElkVVJM KFVSTCgpLCBhcHBJZCk7Ci0gICAgaWYgKCFhcHBJZFVSTC5pc1ZhbGlkKCkgfHwgZmFjZXRJZC5w cm90b2NvbCgpICE9IGFwcElkVVJMLnByb3RvY29sKCkgfHwgUmVnaXN0cmFibGVEb21haW4oYXBw SWRVUkwpICE9IFJlZ2lzdHJhYmxlRG9tYWluOjp1bmNoZWNrZWRDcmVhdGVGcm9tSG9zdChmYWNl dElkLmhvc3QoKSkpCisgICAgaWYgKCFhcHBJZFVSTC5pc1ZhbGlkKCkgfHwgZmFjZXRJZC5wcm90 b2NvbCgpICE9IGFwcElkVVJMLnByb3RvY29sKCkgfHwgKFJlZ2lzdHJhYmxlRG9tYWluKGFwcElk VVJMKSAhPSBSZWdpc3RyYWJsZURvbWFpbjo6dW5jaGVja2VkQ3JlYXRlRnJvbUhvc3QoZmFjZXRJ ZC5ob3N0KCkpICYmICFuZWVkc0FwcElkUXVpcmtzKGZhY2V0SWQuaG9zdCgpLCBhcHBJZCkpKQog ICAgICAgICByZXR1cm4gU3RyaW5nKCk7CiAgICAgcmV0dXJuIGFwcElkOwogfQo= 368798 2019-05-02 11:36:34 -0700 2019-05-02 12:15:13 -0700 Patch for landing bug-196046-20190502113633.patch text/plain 3340 jiewen_tan U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ0ODY2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNzBhNDQ0MDdmY2U4NWY3 YjcyNjJkZWVmNmEwZWJiOWQ3ODUxNDk3My4uMmU3N2NlYzQzNDUyN2M1ODg0YTkzNDg0ZTY0NjZk ZmRmZjViMGY3YiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDE5LTA1LTAxICBKaWV3 ZW4gVGFuICA8amlld2VuX3RhbkBhcHBsZS5jb20+CisKKyAgICAgICAgW1dlYkF1dGhOXSBBZGQg YSBxdWlyayBmb3IgZ29vZ2xlLmNvbSB3aGVuIHByb2Nlc3NpbmcgQXBwSUQgZXh0ZW5zaW9uCisg ICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xOTYwNDYKKyAg ICAgICAgPHJkYXI6Ly9wcm9ibGVtLzQ5MDg4NDc5PgorCisgICAgICAgIFJldmlld2VkIGJ5IEJy ZW50IEZ1bGdoYW0uCisKKyAgICAgICAgUmVsYXhpbmcgdGhlIHNhbWUgc2l0ZSByZXN0cmljdGlv biBvbiBBcHBJRCB3aGlsZSBpbiBnb29nbGUuY29tIGFuZCBhbnkKKyAgICAgICAgb2YgaXRzIHN1 YmRvbWFpbnMgdG8gYWxsb3cgdHdvIHd3dy5nc3RhdGljLmNvbSBBcHBJRHMgdG8gc2xpcCBpbi4K KworICAgICAgICBDb3ZlcmVkIGJ5IG1hbnVhbCB0ZXN0cyBvbiBHb29nbGUuY29tLgorCisgICAg ICAgICogTW9kdWxlcy93ZWJhdXRobi9BdXRoZW50aWNhdG9yQ29vcmRpbmF0b3IuY3BwOgorICAg ICAgICAoV2ViQ29yZTo6QXV0aGVudGljYXRvckNvb3JkaW5hdG9ySW50ZXJuYWw6Om5lZWRzQXBw SWRRdWlya3MpOgorICAgICAgICAoV2ViQ29yZTo6QXV0aGVudGljYXRvckNvb3JkaW5hdG9ySW50 ZXJuYWw6OnByb2Nlc3NBcHBJZEV4dGVuc2lvbik6CisKIDIwMTktMDUtMDEgIEppZXdlbiBUYW4g IDxqaWV3ZW5fdGFuQGFwcGxlLmNvbT4KIAogICAgICAgICBbV2ViQXV0aE5dIEFkb3B0IFNlY3Vy aXR5T3JpZ2luOjppc01hdGNoaW5nUmVnaXN0cmFibGVEb21haW5TdWZmaXgoKQpkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYkNvcmUvTW9kdWxlcy93ZWJhdXRobi9BdXRoZW50aWNhdG9yQ29vcmRpbmF0 b3IuY3BwIGIvU291cmNlL1dlYkNvcmUvTW9kdWxlcy93ZWJhdXRobi9BdXRoZW50aWNhdG9yQ29v cmRpbmF0b3IuY3BwCmluZGV4IDk1NzM5MjdmMzA0YmJkMDkyYTc0Zjg3ZjdkZmNiMzBiZDI2ZjMy NWYuLmE0ZDIwYWNkYjdjOTcwYzFjYjJlOTRlZDdmZGFiNGE2ODQzYzY2MWEgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvd2ViYXV0aG4vQXV0aGVudGljYXRvckNvb3JkaW5hdG9y LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYmF1dGhuL0F1dGhlbnRpY2F0b3JD b29yZGluYXRvci5jcHAKQEAgLTgwLDYgKzgwLDE3IEBAIHN0YXRpYyBWZWN0b3I8dWludDhfdD4g cHJvZHVjZUNsaWVudERhdGFKc29uSGFzaChjb25zdCBBcnJheUJ1ZmZlciYgY2xpZW50RGF0YUpz CiAgICAgcmV0dXJuIGNyeXB0by0+Y29tcHV0ZUhhc2goKTsKIH0KIAorc3RhdGljIGJvb2wgbmVl ZHNBcHBJZFF1aXJrcyhjb25zdCBTdHJpbmcmIGhvc3QsIGNvbnN0IFN0cmluZyYgYXBwSWQpCit7 CisgICAgLy8gRklYTUUoMTk3NTI0KTogUmVtb3ZlIHRoaXMgcXVpcmsgaW4gMjAyMy4gQXMgYW4g ZWFybHkgYWRvcHRlciBvZiBVMkYgZmVhdHVyZXMsIEdvb2dsZSBoYXMgYSBsYXJnZSBudW1iZXIg b2YKKyAgICAvLyBleGlzdGluZyBkZXZpY2UgcmVnaXN0cmF0aW9ucyB0aGF0IGF1dGhlbnRpY2F0 ZSAnZ29vZ2xlLmNvbScgYWdhaW5zdCAnZ3N0YXRpYy5jb20nLiBGaXJlZm94IGFuZCBvdGhlciBi cm93c2VycworICAgIC8vIGhhdmUgYWdyZWVkIHRvIGdyYW50IGFuIGV4Y2VwdGlvbiB0byB0aGUg QXBwSWQgcnVsZXMgZm9yIGEgbGltaXRlZCB0aW1lIHBlcmlvZCAoNSB5ZWFycyBmcm9tIEphbnVh cnksIDIwMTgpIHRvCisgICAgLy8gYWxsb3cgZXhpc3RpbmcgR29vZ2xlIHVzZXJzIHRvIHNlYW1s ZXNzbHkgdHJhbnNpdGlvbiB0byBwcm9wZXIgV2ViQXV0aE4gYmVoYXZpb3IuCisgICAgaWYgKGVx dWFsTGV0dGVyc0lnbm9yaW5nQVNDSUlDYXNlKGhvc3QsICJnb29nbGUuY29tIikgfHwgaG9zdC5l bmRzV2l0aElnbm9yaW5nQVNDSUlDYXNlKCIuZ29vZ2xlLmNvbSIpKQorICAgICAgICByZXR1cm4g KGFwcElkID09ICJodHRwczovL3d3dy5nc3RhdGljLmNvbS9zZWN1cml0eWtleS9vcmlnaW5zLmpz b24iX3MpIHx8IChhcHBJZCA9PSAiaHR0cHM6Ly93d3cuZ3N0YXRpYy5jb20vc2VjdXJpdHlrZXkv YS9nb29nbGUuY29tL29yaWdpbnMuanNvbiJfcyk7CisgICAgcmV0dXJuIGZhbHNlOworfQorCiAv LyBUaGUgZm9sbG93aW5nIHJvdWdobHkgaW1wbGVtZW50cyBTdGVwIDEtMyBvZiB0aGUgc3BlYyB0 byBhdm9pZCB0aGUgY29tcGxleGl0eSBvZiBtYWtpbmcgdW5uZWNlc3NhcnkgbmV0d29yayByZXF1 ZXN0czoKIC8vIGh0dHBzOi8vZmlkb2FsbGlhbmNlLm9yZy9zcGVjcy9maWRvLXYyLjAtaWQtMjAx ODAyMjcvZmlkby1hcHBpZC1hbmQtZmFjZXRzLXYyLjAtaWQtMjAxODAyMjcuaHRtbCNkZXRlcm1p bmluZy1pZi1hLWNhbGxlci1zLWZhY2V0aWQtaXMtYXV0aG9yaXplZC1mb3ItYW4tYXBwaWQKIC8v IEl0IGZvbGxvd3Mgd2hhdCBDaHJvbWUgYW5kIEZpcmVmb3ggZG8sIHNlZToKQEAgLTk2LDcgKzEw Nyw3IEBAIHN0YXRpYyBTdHJpbmcgcHJvY2Vzc0FwcElkRXh0ZW5zaW9uKGNvbnN0IFNlY3VyaXR5 T3JpZ2luJiBmYWNldElkLCBjb25zdCBTdHJpbmcmCiAKICAgICAvLyBTdGVwIDMuIFJlbGF4IHRo ZSBjb21wYXJpc29uIHRvIHNhbWUgc2l0ZS4KICAgICBVUkwgYXBwSWRVUkwoVVJMKCksIGFwcElk KTsKLSAgICBpZiAoIWFwcElkVVJMLmlzVmFsaWQoKSB8fCBmYWNldElkLnByb3RvY29sKCkgIT0g YXBwSWRVUkwucHJvdG9jb2woKSB8fCBSZWdpc3RyYWJsZURvbWFpbihhcHBJZFVSTCkgIT0gUmVn aXN0cmFibGVEb21haW46OnVuY2hlY2tlZENyZWF0ZUZyb21Ib3N0KGZhY2V0SWQuaG9zdCgpKSkK KyAgICBpZiAoIWFwcElkVVJMLmlzVmFsaWQoKSB8fCBmYWNldElkLnByb3RvY29sKCkgIT0gYXBw SWRVUkwucHJvdG9jb2woKSB8fCAoUmVnaXN0cmFibGVEb21haW4oYXBwSWRVUkwpICE9IFJlZ2lz dHJhYmxlRG9tYWluOjp1bmNoZWNrZWRDcmVhdGVGcm9tSG9zdChmYWNldElkLmhvc3QoKSkgJiYg IW5lZWRzQXBwSWRRdWlya3MoZmFjZXRJZC5ob3N0KCksIGFwcElkKSkpCiAgICAgICAgIHJldHVy biBTdHJpbmcoKTsKICAgICByZXR1cm4gYXBwSWQ7CiB9Cg==