Bug 225199

Summary: WebAuthn "user gesture required" console message for .get references ".create"
Product: WebKit Reporter: Matthew Miller (Cisco) <matthew>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: bfulgham, jiewen_tan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 14   
Hardware: Mac (Intel)   
OS: macOS 11   
Attachments:
Description Flags
Screenshot of console output from within Safari referencing incorrect API none

Matthew Miller (Cisco)
Reported 2021-04-29 11:14:38 PDT
Created attachment 427361 [details] Screenshot of console output from within Safari referencing incorrect API Calls to WebAuthn's `navigator.credentials.get()` outside of a user gesture errors out as expected. However, the console warning output from this operations mentions "navigator.credentials.create": > User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' within user activated events. Console output generated by a call to `navigator.credentials.get` should reference "navigator.credentials.get" instead. This appears to be caused by a recent change to `WebAuthenticatorCoordinator::processingUserGesture()` that hardcodes "navigator.credentials.create" into the message: https://trac.webkit.org/browser/webkit/branches/safari-611-branch/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp#L112 The following LayoutTests confirm that the same incorrect message is used for `navigator.credentials.get()` user gesture issues as well: - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-nfc.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt
Attachments
Screenshot of console output from within Safari referencing incorrect API (18.60 KB, image/png)
2021-04-29 11:14 PDT, Matthew Miller (Cisco) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Matthew Miller (Cisco)
Comment 1 2021-04-30 08:50:02 PDT
I should clarify that this is observed in Safari 14.1 on macOS 11.3
Radar WebKit Bug Importer
Comment 2 2021-05-06 11:15:40 PDT
<rdar://problem/77616652>
Note You need to log in before you can comment on or make changes to this bug.