Bug 196831 - Always set _allowsSensitiveLogging to NO
Summary: Always set _allowsSensitiveLogging to NO
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-11 14:45 PDT by Saam Barati
Modified: 2019-04-15 13:15 PDT (History)
6 users (show)

See Also:


Attachments
patch (1.91 KB, patch)
2019-04-11 14:52 PDT, Saam Barati
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2019-04-11 14:45:30 PDT
...
Comment 1 Saam Barati 2019-04-11 14:52:08 PDT
Created attachment 367243 [details]
patch

Hopefully it builds. I still need to test it.

Based on the documentation in:
https://developer.apple.com/documentation/foundation/nsurlsessionconfiguration/1411560-defaultsessionconfiguration?language=objc

"Modifying the returned session configuration object does not affect any configuration objects returned by future calls to this method, and does not change the default behavior for existing sessions. It is therefore always safe to use the returned object as a starting point for additional customization."

I think this patch is safe to do without affecting other users of "defaultSessionConfiguration".
Comment 2 Alex Christensen 2019-04-15 13:15:22 PDT
(In reply to Saam Barati from comment #1)
> Created attachment 367243 [details]
> I think this patch is safe to do without affecting other users of
> "defaultSessionConfiguration".
There are no other users of defaultSessionConfiguration in the network process.  This patch will disallow sensitive logging in all WKWebViews and have no other effects.