225199 – WebAuthn "user gesture required" console message for .get references ".create"

NEW225199

WebAuthn "user gesture required" console message for .get references ".create"

https://bugs.webkit.org/show_bug.cgi?id=225199

Summary WebAuthn "user gesture required" console message for .get references ".create"

Matthew Miller (Cisco)

Reported 2021-04-29 11:14:38 PDT

Created attachment 427361 [details] Screenshot of console output from within Safari referencing incorrect API Calls to WebAuthn's `navigator.credentials.get()` outside of a user gesture errors out as expected. However, the console warning output from this operations mentions "navigator.credentials.create": > User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' within user activated events. Console output generated by a call to `navigator.credentials.get` should reference "navigator.credentials.get" instead. This appears to be caused by a recent change to `WebAuthenticatorCoordinator::processingUserGesture()` that hardcodes "navigator.credentials.create" into the message: https://trac.webkit.org/browser/webkit/branches/safari-611-branch/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp#L112 The following LayoutTests confirm that the same incorrect message is used for `navigator.credentials.get()` user gesture issues as well: - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-nfc.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt - webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt

Attachments
Screenshot of console output from within Safari referencing incorrect API (18.60 KB, image/png) 2021-04-29 11:14 PDT, Matthew Miller (Cisco)	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Matthew Miller (Cisco)

Comment 1 2021-04-30 08:50:02 PDT

I should clarify that this is observed in Safari 14.1 on macOS 11.3

Radar WebKit Bug Importer

Comment 2 2021-05-06 11:15:40 PDT

<rdar://problem/77616652>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Safari 14

Hardware Mac (Intel)

OS macOS 11

Product WebKit

Component WebKit Misc.

Assignee

Nobody

Reported

2021-04-29 11:14 PDT

Modified

2021-05-06 11:15 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks