WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
185522
NetworkCORSPreflightChecker should proceed when having a ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenge
https://bugs.webkit.org/show_bug.cgi?id=185522
Summary
NetworkCORSPreflightChecker should proceed when having a ProtectionSpaceAuthe...
youenn fablet
Reported
2018-05-10 11:49:37 PDT
NetworkCORSPreflightChecker should proceed when having a ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenge
Attachments
Patch
(2.61 KB, patch)
2018-05-10 11:55 PDT
,
youenn fablet
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
youenn fablet
Comment 1
2018-05-10 11:50:02 PDT
<
rdar://problem/39987152
>
youenn fablet
Comment 2
2018-05-10 11:55:56 PDT
Created
attachment 340114
[details]
Patch
youenn fablet
Comment 3
2018-05-10 14:38:41 PDT
Testing of this feature would require writing an API test using an HTTP server. It would also require that the certificate would be valid. This patch is also missing the ability to let the certificates be validated by UIProcess when the connection is created by the preflight request.
Brent Fulgham
Comment 4
2018-05-10 16:02:39 PDT
Comment on
attachment 340114
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=340114&action=review
This looks correct to me. r=me.
> Source/WebKit/ChangeLog:10 > + Previously, we were failing right away which is not right in case preflight is the request triggering the connection.
If the issue is that preflight doesn't use credentials, couldn't this be an issue with any of the authentication scheme's needing credentials (e.g., ProtectionSpaceAuthenticationSchemeClientCertificateRequested)? Or is it something special about the behavior of ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested? Looking through the rest of the code, it seems like ServerTrust is handled specially and rejects as you propose here in similar cases.
youenn fablet
Comment 5
2018-05-10 23:54:54 PDT
Thanks for the review.
> If the issue is that preflight doesn't use credentials, couldn't this be an > issue with any of the authentication scheme's needing credentials (e.g., > ProtectionSpaceAuthenticationSchemeClientCertificateRequested)? Or is it > something special about the behavior of > ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested?
My understanding is that with other authentication schemes, the browser receives a 401. This is then transmitted to the preflight checker which always fail. In the case of ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested, we must react appropriately to the fact that the connection is credential-less.
youenn fablet
Comment 6
2018-05-10 23:56:38 PDT
I still wonder whether we should validate server certificates like we do for regular loads. There is an option to do that within network process, which would be easier to implement although we could consider doing the full path to UIProcess for consistency.
WebKit Commit Bot
Comment 7
2018-05-11 00:22:17 PDT
Comment on
attachment 340114
[details]
Patch Clearing flags on attachment: 340114 Committed
r231694
: <
https://trac.webkit.org/changeset/231694
>
WebKit Commit Bot
Comment 8
2018-05-11 00:22:19 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug