185103 – [GTK] Webkit should spoof as Safari on a Mac when on Chase.com

Bug 185103 - [GTK] Webkit should spoof as Safari on a Mac when on Chase.com

Summary: [GTK] Webkit should spoof as Safari on a Mac when on Chase.com

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	Other
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Michael Catanzaro

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-27 19:43 PDT by Ryan Farmer
Modified:	2018-04-30 08:16 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (3.40 KB, patch) 2018-04-29 14:54 PDT, Michael Catanzaro	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryan Farmer 2018-04-27 19:43:10 PDT

[GTK] Webkit should spoof as Safari on a Mac when on Chase.com

When given the default user agent for GNOME Web, Chase gives the user an "upgrade your browser" nag screen, and then when logged in, it gives you a crappy fallback site for obsolete web browsers. Boo!

I think we have more of a shot at finding Jimmy Hoffa than convincing one of the largest US banks to quit demanding that we use another web browser.

Safari 11.1 on Mac OS X user agent results in normal online banking site and everything seems to work.

Comment 1 Michael Catanzaro 2018-04-28 14:58:58 PDT

OK

Comment 2 Michael Catanzaro 2018-04-29 14:41:56 PDT

I tested this and the quirk doesn't work. The problem also doesn't occur in MiniBrowser. Chase seems to be checking the final component of the user agent (Epiphany/605.1.15).

Comment 3 Michael Catanzaro 2018-04-29 14:50:40 PDT

(In reply to Michael Catanzaro from comment #2)
> I tested this and the quirk doesn't work.

Hm, maybe I forgot to build or something. It works fine.

Comment 4 Michael Catanzaro 2018-04-29 14:54:45 PDT

Created attachment 339099 [details]
Patch

Comment 5 EWS Watchlist 2018-04-29 14:56:28 PDT

Attachment 339099 [details] did not pass style-queue:


ERROR: Tools/ChangeLog:3:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: spoof  [changelog/unwantedsecurityterms] [3]
ERROR: Source/WebCore/ChangeLog:3:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: spoof  [changelog/unwantedsecurityterms] [3]
Total errors found: 2 in 4 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 6 WebKit Commit Bot 2018-04-30 08:16:20 PDT

Comment on attachment 339099 [details]
Patch

Clearing flags on attachment: 339099

Committed r231156: <https://trac.webkit.org/changeset/231156>

Comment 7 WebKit Commit Bot 2018-04-30 08:16:21 PDT

All reviewed patches have been landed.  Closing bug.