RESOLVED FIXED 223510
Cannot login to microsoftonline.com without allowing storage access 
https://bugs.webkit.org/show_bug.cgi?id=223510
Summary Cannot login to microsoftonline.com without allowing storage access
Kate Cheney
Reported 2021-03-19 06:47:53 PDT
If a user denies storage access on sites with the storage access quirk, we cancel the click and they can't login. We should consider changing this behavior, because some sites which require storage access share login flows with sites that do not require storage access.
Attachments
Patch (20.85 KB, patch)
2021-03-19 07:24 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (20.85 KB, patch)
2021-03-19 10:04 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (20.99 KB, patch)
2021-03-19 12:51 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch for landing (21.02 KB, patch)
2021-03-19 15:33 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-03-19 06:48:19 PDT
<rdar://problem/75619058>
Kate Cheney
Comment 2 2021-03-19 07:24:12 PDT
Created attachment 423729 [details] Patch
Chris Dumez
Comment 3 2021-03-19 07:33:39 PDT
Comment on attachment 423729 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423729&action=review > Source/WebKit/WebProcess/WebPage/WebPage.cpp:3829 > +bool WebPage::pageIsParentProcessAFullWebBrowser() I don't think we should have a "page" prefix for WebPage functions. This is not a common pattern. > Source/WebKit/WebProcess/WebPage/WebPage.h:1416 > + bool pageIsParentProcessAFullWebBrowser(); Can this be const?
Kate Cheney
Comment 4 2021-03-19 09:44:45 PDT
(In reply to Chris Dumez from comment #3) > Comment on attachment 423729 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=423729&action=review > > > Source/WebKit/WebProcess/WebPage/WebPage.cpp:3829 > > +bool WebPage::pageIsParentProcessAFullWebBrowser() > > I don't think we should have a "page" prefix for WebPage functions. This is > not a common pattern. I needed some way to distinguish it from the isParentProcessAFullWebBrowser function in DefaultWebBrowserChecks.h. I can use something slightly different like isParentProcessAWebBrowser(). > > > Source/WebKit/WebProcess/WebPage/WebPage.h:1416 > > + bool pageIsParentProcessAFullWebBrowser(); > > Can this be const? Yes.
Kate Cheney
Comment 5 2021-03-19 10:04:12 PDT
Created attachment 423744 [details] Patch
Kate Cheney
Comment 6 2021-03-19 12:51:14 PDT
Created attachment 423761 [details] Patch
John Wilander
Comment 7 2021-03-19 15:14:02 PDT
Comment on attachment 423761 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423761&action=review r=me with comments. > Source/WebCore/ChangeLog:15 > + 2. Allow login even if the user denies storage access. Previously we I wouldn't say "allow login" since the browser doesn't decide that. I'd say "don't cancel the click" instead. > Source/WebKit/ChangeLog:10 > + allow login on sites even if the user denies storage access. See Ditto on allowing login. > Source/WebCore/dom/Element.cpp:400 > + isParentProcessAFullWebBrowser = true; This can be just isParentProcessAFullWebBrowser = MacApplication::isSafari(). > Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1962 > + auto* page = m_frame->page(); I looked and other functions use m_frame directly too so should be fine.
Kate Cheney
Comment 8 2021-03-19 15:20:56 PDT
(In reply to John Wilander from comment #7) > Comment on attachment 423761 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=423761&action=review > > r=me with comments. Thanks! I am also going to replace "tab" with "web content process" in the ChangeLog because a web content process can host multiple tabs sometimes. > > > Source/WebCore/ChangeLog:15 > > + 2. Allow login even if the user denies storage access. Previously we > > I wouldn't say "allow login" since the browser doesn't decide that. I'd say > "don't cancel the click" instead. Good call. > > > Source/WebKit/ChangeLog:10 > > + allow login on sites even if the user denies storage access. See > > Ditto on allowing login. Will fix. > > > Source/WebCore/dom/Element.cpp:400 > > + isParentProcessAFullWebBrowser = true; > > This can be just isParentProcessAFullWebBrowser = MacApplication::isSafari(). > Will fix. > > Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1962 > > + auto* page = m_frame->page(); > > I looked and other functions use m_frame directly too so should be fine. Yes, it's a Ref so it can't be null.
Kate Cheney
Comment 9 2021-03-19 15:33:56 PDT
Created attachment 423786 [details] Patch for landing
EWS
Comment 10 2021-03-19 16:27:50 PDT
Committed r274746: <https://commits.webkit.org/r274746> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423786 [details].
Note You need to log in before you can comment on or make changes to this bug.