Summary: | [WebAuthn] Enable WebAuthn by default for MobileSafari and SafariViewService | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jiewen Tan <jiewen_tan> | ||||
Component: | WebKit Misc. | Assignee: | Jiewen Tan <jiewen_tan> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | alex.gaynor, bfulgham, commit-queue, james, jiewen_tan, kieun.shin, mitz, sam, simon.fraser, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=201439 | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 181943 | ||||||
Attachments: |
|
Description
Jiewen Tan
2019-08-30 17:39:30 PDT
Created attachment 377775 [details]
Patch
Comment on attachment 377775 [details]
Patch
r=me
Comment on attachment 377775 [details] Patch Clearing flags on attachment: 377775 Committed r249436: <https://trac.webkit.org/changeset/249436> All reviewed patches have been landed. Closing bug. Why don’t those clients just call in to WebKit and enable WebAuthn? (In reply to mitz from comment #6) > Why don’t those clients just call in to WebKit and enable WebAuthn? I agree, this is a very unorthodox way of enabling a feature. We tend to keep bundle checks to the absolute minimum. What is preventing MobileSafari and SafariViewServices from enabling this themselves? Why is this only an issue on iOS? (In reply to Sam Weinig from comment #7) > (In reply to mitz from comment #6) > > Why don’t those clients just call in to WebKit and enable WebAuthn? > > I agree, this is a very unorthodox way of enabling a feature. We tend to > keep bundle checks to the absolute minimum. What is preventing MobileSafari > and SafariViewServices from enabling this themselves? Why is this only an > issue on iOS? Right, that's a good idea. I should do that instead. Will follow up with patches on Internal. In macOS, applications are not required to be sandboxed. If they are not, they don't need any entitlements to enable the feature. Also, we don't have that many browser like clients in macOS. They probably never hit this path. In iOS, however, the story is the opposite way. I was not quite sure if I should do it for macOS as well. Now, I think I should. (In reply to Jiewen Tan from comment #8) > (In reply to Sam Weinig from comment #7) > > (In reply to mitz from comment #6) > > > Why don’t those clients just call in to WebKit and enable WebAuthn? > > > > I agree, this is a very unorthodox way of enabling a feature. We tend to > > keep bundle checks to the absolute minimum. What is preventing MobileSafari > > and SafariViewServices from enabling this themselves? Why is this only an > > issue on iOS? > > Right, that's a good idea. I should do that instead. Will follow up with > patches on Internal. > > In macOS, applications are not required to be sandboxed. If they are not, > they don't need any entitlements to enable the feature. Also, we don't have > that many browser like clients in macOS. They probably never hit this path. > In iOS, however, the story is the opposite way. > > I was not quite sure if I should do it for macOS as well. Now, I think I > should. Matching iOS and macOS should generally be preferred, unless there is a really compelling reason not to. |