Bug 197524

Summary:	Remove needsAppIdQuirks in 2023
Product:	WebKit	Reporter:	Jiewen Tan <jiewen_tan>
Component:	WebCore Misc.	Assignee:	Ryosuke Niwa <rniwa>
Status:	RESOLVED LATER
Severity:	Normal	CC:	ahmad.saleem792, ap, bfulgham, cdumez, commit-queue, james, jiewen_tan, pascoe, rniwa, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	246032
Bug Blocks:

Jiewen Tan

Reported 2019-05-02 11:31:39 PDT

Remove needsAppIdQuirks in 2023.

Attachments
Add attachment proposed patch, testcase, etc.

Ahmad Saleem

Comment 1 2022-09-23 05:47:33 PDT

https://github.com/WebKit/WebKit/blob/6bd8e23cd7a92e9c5e92fc130b31b4351bfa19b7/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp#L56 I tried to search "needsAppIdQuirks" in https://source.chromium.org but couldn't find anything. Is there any update? Thanks!

Alexey Proskuryakov

Comment 2 2022-09-29 18:12:49 PDT

Source//WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:static bool needsAppIdQuirks(const String& host, const String& appId) Source//WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp: if (!appIdURL.isValid() || facetId.protocol() != appIdURL.protocol() || (RegistrableDomain(appIdURL) != RegistrableDomain::uncheckedCreateFromHost(facetId.host()) && !needsAppIdQuirks(facetId.host(), appId))) This can probably be removed right now.

Ryosuke Niwa

Comment 3 2022-10-03 23:22:02 PDT

Pull request: https://github.com/WebKit/WebKit/pull/4968

EWS

Comment 4 2022-10-04 10:02:31 PDT

Committed 255131@main (e289f6f60014): <https://commits.webkit.org/255131@main> Reviewed commits have been landed. Closing PR #4968 and removing active labels.

Radar WebKit Bug Importer

Comment 5 2022-10-04 10:03:23 PDT

<rdar://problem/100768951>

pascoe@apple.com

Comment 6 2022-10-04 10:09:55 PDT

Google still actively uses this quirk and login breaks without it. I think we will need to consult before removing this quirk.

pascoe@apple.com

Comment 7 2022-10-04 10:15:07 PDT

This quirk is still in Chrome: https://github.com/chromium/chromium/blob/829d766699652d4678325623846cf5a33f996f4f/content/browser/webauth/webauth_request_security_checker.cc#L307

WebKit Commit Bot

Comment 8 2022-10-04 11:23:17 PDT

Re-opened since this is blocked by bug 246032

Ahmad Saleem

Comment 9 2023-03-31 17:29:07 PDT

Hi Team - we have now passed original time of January 2023. Can we check whether we can remove it or not? Or update comment to track it for future? Thanks!

Ryosuke Niwa

Comment 10 2023-04-03 11:24:38 PDT

Quirk is still present in Chromium: https://github.com/chromium/chromium/blob/776ba6a94375a2ab65bd6924859e2de628328cd2/content/browser/webauth/webauth_request_security_checker.cc#LL201C42-L201C52

Note You need to log in before you can comment on or make changes to this bug.