215626 – WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads

Bug 215626 - WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads

Summary: WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TL...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alex Christensen

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-08-18 14:27 PDT by Alex Christensen
Modified:	2020-08-19 18:50 PDT (History)
CC List:	2 users (show)

See Also:	215640

Attachments
Patch (8.06 KB, patch) 2020-08-18 14:38 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (5.54 KB, patch) 2020-08-18 14:50 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Christensen 2020-08-18 14:27:30 PDT

WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads

Comment 1 Alex Christensen 2020-08-18 14:38:20 PDT

Created attachment 406811 [details]
Patch

Comment 2 Darin Adler 2020-08-18 14:41:02 PDT

Comment on attachment 406811 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=406811&action=review

> Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:397
> +    if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes
> +        && fastServerTrustEvaluationEnabled
> +        && !isTopLevelNavigation())
> +        return completionHandler(AuthenticationChallengeDisposition::Cancel, { });

Why not do this in NetworkSessionCocoa::continueDidReceiveChallenge rather than passing more state through?

Comment 3 Alex Christensen 2020-08-18 14:50:58 PDT

Created attachment 406813 [details]
Patch

Comment 4 Alex Christensen 2020-08-18 14:51:35 PDT

Comment on attachment 406813 [details]
Patch

Great idea!

Comment 5 EWS 2020-08-18 15:18:25 PDT

Committed r265835: <https://trac.webkit.org/changeset/265835>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 406813 [details].

Comment 6 Radar WebKit Bug Importer 2020-08-18 15:19:18 PDT

<rdar://problem/67356569>

Comment 7 Alex Christensen 2020-08-19 18:50:48 PDT

http://trac.webkit.org/r265930