Bug 197524

Summary:	Remove needsAppIdQuirks in 2023
Product:	WebKit	Reporter:	Jiewen Tan <jiewen_tan>
Component:	WebCore Misc.	Assignee:	Ryosuke Niwa <rniwa>
Status:	RESOLVED LATER
Severity:	Normal	CC:	ahmad.saleem792, ap, bfulgham, cdumez, commit-queue, james, jiewen_tan, pascoe, rniwa, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	246032
Bug Blocks:

Description Jiewen Tan 2019-05-02 11:31:39 PDT

Remove needsAppIdQuirks in 2023.

Comment 1 Ahmad Saleem 2022-09-23 05:47:33 PDT

https://github.com/WebKit/WebKit/blob/6bd8e23cd7a92e9c5e92fc130b31b4351bfa19b7/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp#L56

I tried to search "needsAppIdQuirks" in https://source.chromium.org but couldn't find anything.

Is there any update? Thanks!

Comment 2 Alexey Proskuryakov 2022-09-29 18:12:49 PDT

Source//WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:static bool needsAppIdQuirks(const String& host, const String& appId)
Source//WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:    if (!appIdURL.isValid() || facetId.protocol() != appIdURL.protocol() || (RegistrableDomain(appIdURL) != RegistrableDomain::uncheckedCreateFromHost(facetId.host()) && !needsAppIdQuirks(facetId.host(), appId)))

This can probably be removed right now.

Comment 3 Ryosuke Niwa 2022-10-03 23:22:02 PDT

Pull request: https://github.com/WebKit/WebKit/pull/4968

Comment 4 EWS 2022-10-04 10:02:31 PDT

Committed 255131@main (e289f6f60014): <https://commits.webkit.org/255131@main>

Reviewed commits have been landed. Closing PR #4968 and removing active labels.

Comment 5 Radar WebKit Bug Importer 2022-10-04 10:03:23 PDT

<rdar://problem/100768951>

Comment 6 pascoe@apple.com 2022-10-04 10:09:55 PDT

Google still actively uses this quirk and login breaks without it. I think we will need to consult before removing this quirk.

Comment 7 pascoe@apple.com 2022-10-04 10:15:07 PDT

This quirk is still in Chrome: https://github.com/chromium/chromium/blob/829d766699652d4678325623846cf5a33f996f4f/content/browser/webauth/webauth_request_security_checker.cc#L307

Comment 8 WebKit Commit Bot 2022-10-04 11:23:17 PDT

Re-opened since this is blocked by bug 246032

Comment 9 Ahmad Saleem 2023-03-31 17:29:07 PDT

Hi Team - we have now passed original time of January 2023. Can we check whether we can remove it or not? Or update comment to track it for future? Thanks!

Comment 10 Ryosuke Niwa 2023-04-03 11:24:38 PDT

Quirk is still present in Chromium:
https://github.com/chromium/chromium/blob/776ba6a94375a2ab65bd6924859e2de628328cd2/content/browser/webauth/webauth_request_security_checker.cc#LL201C42-L201C52