Bug 196831

Summary: Always set _allowsSensitiveLogging to NO
Product: WebKit Reporter: Saam Barati <saam>
Component: WebKit2Assignee: Saam Barati <saam>
Status: NEW    
Severity: Normal CC: achristensen, ggaren, jberlin, krollin, mjs, rniwa
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Saam Barati
Reported 2019-04-11 14:45:30 PDT
...
Attachments
patch (1.91 KB, patch)
2019-04-11 14:52 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2019-04-11 14:52:08 PDT
Created attachment 367243 [details] patch Hopefully it builds. I still need to test it. Based on the documentation in: https://developer.apple.com/documentation/foundation/nsurlsessionconfiguration/1411560-defaultsessionconfiguration?language=objc "Modifying the returned session configuration object does not affect any configuration objects returned by future calls to this method, and does not change the default behavior for existing sessions. It is therefore always safe to use the returned object as a starting point for additional customization." I think this patch is safe to do without affecting other users of "defaultSessionConfiguration".
Alex Christensen
Comment 2 2019-04-15 13:15:22 PDT
(In reply to Saam Barati from comment #1) > Created attachment 367243 [details] > I think this patch is safe to do without affecting other users of > "defaultSessionConfiguration". There are no other users of defaultSessionConfiguration in the network process. This patch will disallow sensitive logging in all WKWebViews and have no other effects.
Note You need to log in before you can comment on or make changes to this bug.