Bug 146228 - [WK1] WebAllowDenyPolicyListener.denyOnlyThisRequest() should not start a new permission request
Summary: [WK1] WebAllowDenyPolicyListener.denyOnlyThisRequest() should not start a new...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2015-06-22 19:46 PDT by Chris Dumez
Modified: 2015-06-22 22:24 PDT (History)
3 users (show)

See Also:

Attachments
Patch (3.78 KB, patch)
2015-06-22 19:58 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2015-06-22 19:46:59 PDT 
On WebKit1, WebAllowDenyPolicyListener.denyOnlyThisRequest() currently denies the pending request (as is expected) but then starts a new permission requests right away (not expected).
This means that if the client application keeps calling WebAllowDenyPolicyListener.denyOnlyThisRequest(), we'll end up in an infinite loop, even though the application did not make any new geolocation requests.
Comment 1 Chris Dumez 2015-06-22 19:47:07 PDT 
rdar://problem/15179262
Comment 2 Chris Dumez 2015-06-22 19:58:54 PDT 
Created attachment 255391 [details]
Patch
Comment 3 Daniel Bates 2015-06-22 20:54:02 PDT 
Comment on attachment 255391 [details]
Patch

OK.
Comment 4 Chris Dumez 2015-06-22 20:55:15 PDT 
Comment on attachment 255391 [details]
Patch

Clearing flags on attachment: 255391

Committed r185860: <http://trac.webkit.org/changeset/185860>
Comment 5 Chris Dumez 2015-06-22 20:55:18 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Benjamin Poulain 2015-06-22 21:25:51 PDT 
This looks fishy as hell. I have a hard time believing this is correct.

You don't even need to remove the object from the GeolocationController? Can you just leave the watcher pending like that? No need to call their callback?
Comment 7 Chris Dumez 2015-06-22 22:18:48 PDT 
(In reply to comment #6)
> This looks fishy as hell. I have a hard time believing this is correct.

Ok, we can discuss this tomorrow. The app I was testing uses getCurrentPosition(), not watchPosition(). Your comments seem to be related to watchers so it is possible I missed something there. 

> You don't even need to remove the object from the GeolocationController?
> Can you just leave the watcher pending like that? No need to call their callback?

Maybe I misunderstand the question but the watcher's error callback *does* get called with a PermissionDenied error when Geolocation::setAllowed(false) is called.

The GeoNotifier will then call Geolocation::fatalErrorOccurred(), which will unregister the watcher or the "oneShot" from Geolocation. If there are no more listeners, Geolocation will then remove itself from the GeolocationController.
Comment 8 Benjamin Poulain 2015-06-22 22:24:25 PDT 
(In reply to comment #7)
> (In reply to comment #6)
> > This looks fishy as hell. I have a hard time believing this is correct.
> 
> Ok, we can discuss this tomorrow. The app I was testing uses
> getCurrentPosition(), not watchPosition(). Your comments seem to be related
> to watchers so it is possible I missed something there. 
> 
> > You don't even need to remove the object from the GeolocationController?
> > Can you just leave the watcher pending like that? No need to call their callback?
> 
> Maybe I misunderstand the question but the watcher's error callback *does*
> get called with a PermissionDenied error when Geolocation::setAllowed(false)
> is called.
> 
> The GeoNotifier will then call Geolocation::fatalErrorOccurred(), which will
> unregister the watcher or the "oneShot" from Geolocation. If there are no
> more listeners, Geolocation will then remove itself from the
> GeolocationController.

My bad, I misunderstood what this was for. I did not see this was only called after a proper deny().