Bug 146228

Summary: [WK1] WebAllowDenyPolicyListener.denyOnlyThisRequest() should not start a new permission request
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, benjamin, dbates
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2015-06-22 19:46:59 PDT
On WebKit1, WebAllowDenyPolicyListener.denyOnlyThisRequest() currently denies the pending request (as is expected) but then starts a new permission requests right away (not expected). This means that if the client application keeps calling WebAllowDenyPolicyListener.denyOnlyThisRequest(), we'll end up in an infinite loop, even though the application did not make any new geolocation requests.
Attachments
Patch (3.78 KB, patch)
2015-06-22 19:58 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-06-22 19:47:07 PDT
rdar://problem/15179262
Chris Dumez
Comment 2 2015-06-22 19:58:54 PDT
Created attachment 255391 [details] Patch
Daniel Bates
Comment 3 2015-06-22 20:54:02 PDT
Comment on attachment 255391 [details] Patch OK.
Chris Dumez
Comment 4 2015-06-22 20:55:15 PDT
Comment on attachment 255391 [details] Patch Clearing flags on attachment: 255391 Committed r185860: <http://trac.webkit.org/changeset/185860>
Chris Dumez
Comment 5 2015-06-22 20:55:18 PDT
All reviewed patches have been landed. Closing bug.
Benjamin Poulain
Comment 6 2015-06-22 21:25:51 PDT
This looks fishy as hell. I have a hard time believing this is correct. You don't even need to remove the object from the GeolocationController? Can you just leave the watcher pending like that? No need to call their callback?
Chris Dumez
Comment 7 2015-06-22 22:18:48 PDT
(In reply to comment #6) > This looks fishy as hell. I have a hard time believing this is correct. Ok, we can discuss this tomorrow. The app I was testing uses getCurrentPosition(), not watchPosition(). Your comments seem to be related to watchers so it is possible I missed something there. > You don't even need to remove the object from the GeolocationController? > Can you just leave the watcher pending like that? No need to call their callback? Maybe I misunderstand the question but the watcher's error callback *does* get called with a PermissionDenied error when Geolocation::setAllowed(false) is called. The GeoNotifier will then call Geolocation::fatalErrorOccurred(), which will unregister the watcher or the "oneShot" from Geolocation. If there are no more listeners, Geolocation will then remove itself from the GeolocationController.
Benjamin Poulain
Comment 8 2015-06-22 22:24:25 PDT
(In reply to comment #7) > (In reply to comment #6) > > This looks fishy as hell. I have a hard time believing this is correct. > > Ok, we can discuss this tomorrow. The app I was testing uses > getCurrentPosition(), not watchPosition(). Your comments seem to be related > to watchers so it is possible I missed something there. > > > You don't even need to remove the object from the GeolocationController? > > Can you just leave the watcher pending like that? No need to call their callback? > > Maybe I misunderstand the question but the watcher's error callback *does* > get called with a PermissionDenied error when Geolocation::setAllowed(false) > is called. > > The GeoNotifier will then call Geolocation::fatalErrorOccurred(), which will > unregister the watcher or the "oneShot" from Geolocation. If there are no > more listeners, Geolocation will then remove itself from the > GeolocationController. My bad, I misunderstood what this was for. I did not see this was only called after a proper deny().
Note You need to log in before you can comment on or make changes to this bug.