189961 – [WPE][GTK] Fix HTTP credentials in sandbox

RESOLVED INVALID 189961

[WPE][GTK] Fix HTTP credentials in sandbox

https://bugs.webkit.org/show_bug.cgi?id=189961

Summary [WPE][GTK] Fix HTTP credentials in sandbox

Patrick Griffis

Reported 2018-09-25 11:31:31 PDT

Currently the WebProcess talks to libsecret for HTTP credentials. This is unacceptable and needs to be proxied through the UI layer which can limit password access by origin. See also how this was handled in Epiphany: https://gitlab.gnome.org/GNOME/epiphany/commit/68b0f85747a177047a7b49d839895aad54b05309

Attachments
Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2018-09-28 08:32:00 PDT

As part of this I want to rework how credentials are saved. Give the application a signal so it can save credentials in its own way. E.g. Epiphany should be able to put WebKitGTK+ passwords with all the user's Epiphany passwords. It doesn't make sense that just the few HTTP auth passwords are separated.

Patrick Griffis

Comment 2 2018-10-15 08:11:00 PDT

We've decided to trust the NetworkProcess for now and not sandbox it so this no longer applies.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2018-09-25 11:31 PDT

Modified

2018-10-15 08:11 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks

189956

Dependencies

tree graph