Bug 188639 - Stop using canAuthenticateAgainstProtectionSpace in modern WebKit
Summary: Stop using canAuthenticateAgainstProtectionSpace in modern WebKit
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-08-15 22:50 PDT by Alex Christensen
Modified: 2018-08-16 11:00 PDT (History)
6 users (show)

See Also:

Attachments
Patch (40.13 KB, patch)
2018-08-15 22:56 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews104 for mac-sierra-wk2 (3.30 MB, application/zip)
2018-08-15 23:52 PDT, EWS Watchlist 		no flags Details
Patch (40.64 KB, patch)
2018-08-16 10:03 PDT, Alex Christensen 		youennf: review+
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2018-08-15 22:50:34 PDT 
Stop using canAuthenticateAgainstProtectionSpace in modern WebKit
Comment 1 Alex Christensen 2018-08-15 22:56:27 PDT 
Created attachment 347248 [details]
Patch
Comment 2 EWS Watchlist 2018-08-15 23:52:52 PDT 
Comment on attachment 347248 [details]
Patch

Attachment 347248 [details] did not pass mac-wk2-ews (mac-wk2):
Output: https://webkit-queues.webkit.org/results/8877013

New failing tests:
accessibility/smart-invert-reference.html
Comment 3 EWS Watchlist 2018-08-15 23:52:54 PDT 
Created attachment 347251 [details]
Archive of layout-test-results from ews104 for mac-sierra-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews104  Port: mac-sierra-wk2  Platform: Mac OS X 10.12.6
Comment 4 youenn fablet 2018-08-16 09:56:10 PDT 
Comment on attachment 347248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347248&action=review

> Source/WebKit/ChangeLog:12
> +        with the 1 client that still uses it (not for long, see rdar://problem/43358403) and simplify and optimize

No public API is impacted?

> Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp:-106
> -    NetworkProcess::singleton().canAuthenticateAgainstProtectionSpace(challenge.protectionSpace(), m_parameters.pageID, m_parameters.frameID, [this, weakThis = makeWeakPtr(this), completionHandler = WTFMove(completionHandler), challenge = WTFMove(challenge)] (bool canAuthenticate) mutable {

NetworkCORSPreflightChecker no longer needs to be weakptr.

> Source/WebKit/NetworkProcess/NetworkLoad.cpp:254
>  void NetworkLoad::didReceiveChallenge(AuthenticationChallenge&& challenge, ChallengeCompletionHandler&& completionHandler)

We probably no longer need to pass an AuthenticationChallenge&&.

> Source/WebKit/NetworkProcess/NetworkLoad.cpp:269
> +#endif

We do not have this handling in NetworkCORSPreflightChecker, is that fine?
Should we move that code in NetworkDataTaskCocoa::didReceiveChallenge?
Comment 5 Alex Christensen 2018-08-16 09:58:24 PDT 
Comment on attachment 347248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347248&action=review

>> Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp:-106
>> -    NetworkProcess::singleton().canAuthenticateAgainstProtectionSpace(challenge.protectionSpace(), m_parameters.pageID, m_parameters.frameID, [this, weakThis = makeWeakPtr(this), completionHandler = WTFMove(completionHandler), challenge = WTFMove(challenge)] (bool canAuthenticate) mutable {
> 
> NetworkCORSPreflightChecker no longer needs to be weakptr.

Right!

>> Source/WebKit/NetworkProcess/NetworkLoad.cpp:254
>>  void NetworkLoad::didReceiveChallenge(AuthenticationChallenge&& challenge, ChallengeCompletionHandler&& completionHandler)
> 
> We probably no longer need to pass an AuthenticationChallenge&&.

I think we still should for conceptual correctness.

>> Source/WebKit/NetworkProcess/NetworkLoad.cpp:269
>> +#endif
> 
> We do not have this handling in NetworkCORSPreflightChecker, is that fine?
> Should we move that code in NetworkDataTaskCocoa::didReceiveChallenge?

That's fine.  This is actually from SPI just for testing that I plan to remove soon.
Comment 6 Alex Christensen 2018-08-16 10:03:28 PDT 
Created attachment 347271 [details]
Patch
Comment 7 Alex Christensen 2018-08-16 10:08:23 PDT 
(In reply to youenn fablet from comment #4)
> Comment on attachment 347248 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=347248&action=review
> 
> > Source/WebKit/ChangeLog:12
> > +        with the 1 client that still uses it (not for long, see rdar://problem/43358403) and simplify and optimize
> 
> No public API is impacted?

No public API is impacted.  The only public API we have is WKNavigationDelegate's didReceiveAuthenticationChallenge which works "the right way".  This is removing old stuff.
Comment 8 youenn fablet 2018-08-16 10:16:49 PDT 
Comment on attachment 347271 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347271&action=review

> Source/WebKit/NetworkProcess/PreconnectTask.h:-53
> -    void canAuthenticateAgainstProtectionSpaceAsync(const WebCore::ProtectionSpace&) final;

Maybe PreconnectTask no longer needs either to be CanMakeWeakPtr either.
Comment 9 youenn fablet 2018-08-16 10:18:20 PDT 
For extra safety, I would tend to verify we do not regress CORS preflight+ ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenges with this patch.
Comment 10 youenn fablet 2018-08-16 10:20:13 PDT 
Given how much we regress this, we should write a test for such case.
Do we receive a ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenge when loading https://localhost:8443?
If so, we could crash the network process and then do a CORS preflight.
Comment 11 Alex Christensen 2018-08-16 10:59:43 PDT 
http://trac.webkit.org/r234941
Comment 12 Radar WebKit Bug Importer 2018-08-16 11:00:21 PDT 
<rdar://problem/43388361>