Bug 311625

Summary:	WebAuthn: AbortSignal reason is ignored when rejecting credentials.create() and credentials.get()
Product:	WebKit	Reporter:	Marcos Caceres <marcosc>
Component:	WebCore Misc.	Assignee:	Marcos Caceres <marcosc>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Marcos Caceres

Reported 2026-04-07 00:52:46 PDT

When navigator.credentials.create() or navigator.credentials.get() is called with an AbortSignal and the signal is aborted via controller.abort(reason), the returned promise should reject with signal.reason. Instead, WebKit discards the reason and always rejects with a hard-coded AbortError DOMException. Root cause: AuthenticatorCoordinator.cpp, lines ~251 and ~370: if (abortSignal && abortSignal->aborted()) { promise.reject(Exception { ExceptionCode::AbortError, "Aborted by AbortSignal."_s }); The fix is to reject with abortSignal->reason() instead. Affects both credentials.create() and credentials.get().

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-04-07 00:52:52 PDT

<rdar://problem/174220589>

Marcos Caceres

Comment 2 2026-04-07 22:58:32 PDT

Pull request: https://github.com/WebKit/WebKit/pull/62251

EWS

Comment 3 2026-04-08 08:48:17 PDT

Committed 310782@main (7a3f4c0ecbd3): <https://commits.webkit.org/310782@main> Reviewed commits have been landed. Closing PR #62251 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.