Bug 189961
| Summary: | [WPE][GTK] Fix HTTP credentials in sandbox | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Patrick Griffis <pgriffis> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 189956 | ||
Patrick Griffis
Currently the WebProcess talks to libsecret for HTTP credentials.
This is unacceptable and needs to be proxied through the UI layer which can
limit password access by origin.
See also how this was handled in Epiphany: https://gitlab.gnome.org/GNOME/epiphany/commit/68b0f85747a177047a7b49d839895aad54b05309
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
As part of this I want to rework how credentials are saved. Give the application a signal so it can save credentials in its own way. E.g. Epiphany should be able to put WebKitGTK+ passwords with all the user's Epiphany passwords. It doesn't make sense that just the few HTTP auth passwords are separated.
Patrick Griffis
We've decided to trust the NetworkProcess for now and not sandbox it so this no longer applies.