NavigationSOAuthorizationSession should check the active URL of the responding page after waking up from waiting 
https://bugs.webkit.org/show_bug.cgi?id=200150
Summary NavigationSOAuthorizationSession should check the active URL of the respondin...
Jiewen Tan
Reported 2019-07-25 19:47:11 PDT
NavigationSOAuthorizationSession should check the active URL of the responding page after waking up from waiting.
Attachments
Patch (7.68 KB, patch)
2019-07-25 19:51 PDT, Jiewen Tan 		bfulgham: review+
DetailsFormatted DiffDiff
Patch for landing (7.92 KB, patch)
2019-07-26 15:26 PDT, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jiewen Tan
Comment 1 2019-07-25 19:48:01 PDT
<rdar://problem/53280170>
Jiewen Tan
Comment 2 2019-07-25 19:51:17 PDT
Created attachment 374933 [details] Patch
Brent Fulgham
Comment 3 2019-07-26 14:59:20 PDT
Comment on attachment 374933 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=374933&action=review > Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:70 > + // When the current main frame URL is different from the before one, I think it might be simpler to say: "// When the current main frame URL has changed from the start of authentication, the SOAuthorization is no longer valid." Even better would be to make a method: bool NavigationSOAuthorizationSession::mainFrameURLDidChangeDuringAuthentication() { auto* page = this->page(); return !page || page->pageLoadState().activeURL() != m_waitingPageActiveURL; } > Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:72 > + if (page->pageLoadState().activeURL() != m_waitingPageActiveURL) { Then this just becomes: if (mainFrameURLDidChangeDuringAuthentication()) { abort(); ... And you don't need a comment. :-) > Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:-79 > - ASSERT_NOT_REACHED(); Why is it okay to remove this assertion? Is it because we now expect to abort if the URL changed during authentication?
Jiewen Tan
Comment 4 2019-07-26 15:22:20 PDT
Comment on attachment 374933 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=374933&action=review Thanks Brent for r+ this patch. >> Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:70 >> + // When the current main frame URL is different from the before one, > > I think it might be simpler to say: > > "// When the current main frame URL has changed from the start of authentication, the SOAuthorization is no longer valid." > > Even better would be to make a method: > > bool NavigationSOAuthorizationSession::mainFrameURLDidChangeDuringAuthentication() > { > auto* page = this->page(); > return !page || page->pageLoadState().activeURL() != m_waitingPageActiveURL; > } Fixed. >> Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:72 >> + if (page->pageLoadState().activeURL() != m_waitingPageActiveURL) { > > Then this just becomes: > > if (mainFrameURLDidChangeDuringAuthentication()) { > abort(); > ... > > And you don't need a comment. :-) Named it pageActiveURLDidChangeDuringWaiting. >> Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:-79 >> - ASSERT_NOT_REACHED(); > > Why is it okay to remove this assertion? Is it because we now expect to abort if the URL changed during authentication? Yes.
Jiewen Tan
Comment 5 2019-07-26 15:26:00 PDT
Created attachment 374991 [details] Patch for landing
WebKit Commit Bot
Comment 6 2019-07-26 17:03:51 PDT
Comment on attachment 374991 [details] Patch for landing Clearing flags on attachment: 374991 Committed r247885: <https://trac.webkit.org/changeset/247885>
Note You need to log in before you can comment on or make changes to this bug.