Bug 234809 - Make sure secure websocket connections in service workers can trigger authentication challenge callbacks
Summary: Make sure secure websocket connections in service workers can trigger authent...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Service Workers (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
: 233665 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-01-03 02:42 PST by youenn fablet
Modified: 2022-01-05 08:16 PST (History)
7 users (show)

See Also:


Attachments
Patch (21.96 KB, patch)
2022-01-03 02:51 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (26.53 KB, patch)
2022-01-03 08:44 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (27.18 KB, patch)
2022-01-03 11:12 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (45.96 KB, patch)
2022-01-04 01:01 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (46.16 KB, patch)
2022-01-04 04:18 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch for landing (29.05 KB, patch)
2022-01-05 01:06 PST, youenn fablet
ews-feeder: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description youenn fablet 2022-01-03 02:42:12 PST
Make sure secure websocket connections in service workers can trigger authentication challenge callbacks
Comment 1 youenn fablet 2022-01-03 02:42:27 PST
<rdar://85888177>
Comment 2 youenn fablet 2022-01-03 02:51:36 PST
Created attachment 448217 [details]
Patch
Comment 3 youenn fablet 2022-01-03 08:44:02 PST
Created attachment 448245 [details]
Patch
Comment 4 youenn fablet 2022-01-03 11:12:51 PST
Created attachment 448250 [details]
Patch
Comment 5 youenn fablet 2022-01-04 01:01:32 PST
Created attachment 448272 [details]
Patch
Comment 6 youenn fablet 2022-01-04 04:18:17 PST
Created attachment 448281 [details]
Patch
Comment 7 Chris Dumez 2022-01-04 09:21:13 PST
Comment on attachment 448250 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448250&action=review

r=me

> Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h:73
> +    const std::optional<WebCore::SecurityOriginData>& topOrigin() const { return m_topOrigin; }

SecurityOriginData has an "empty" state so we could use a SecurityOriginData as data members (instead of a std::optional<>) and have the call sites check SecurityOriginData::isEmpty().

> Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:51
> +    if (clientOrigin.topOrigin == clientOrigin.clientOrigin)

This could use a comment to explain why we only initialize m_topOrigin if topOrigin is the same as clientOrigin.

> Source/WebKit/WebProcess/Network/WebSocketChannel.cpp:121
> +    MessageSender::send(Messages::NetworkConnectionToWebProcess::CreateSocketChannel { *request, protocol, m_identifier, m_webPageProxyID, ClientOrigin { m_document->topOrigin().data(), m_document->securityOrigin().data() } });

I bet we have this logic in several places and it may be worth having a getter on Document that returns a ClientOrigin at this point.
Comment 8 Alex Christensen 2022-01-04 09:58:45 PST
Comment on attachment 448250 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448250&action=review

> LayoutTests/platform/mac-bigsur-wk2/http/tests/workers/service/serviceworker-websocket.https-expected.txt:3
> +PASS Open a WebSocket in service worker

These files are identical to the platform independent version and unnecessary.
Comment 9 youenn fablet 2022-01-04 10:16:19 PST
(In reply to Alex Christensen from comment #8)
> Comment on attachment 448250 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=448250&action=review
> 
> > LayoutTests/platform/mac-bigsur-wk2/http/tests/workers/service/serviceworker-websocket.https-expected.txt:3
> > +PASS Open a WebSocket in service worker
> 
> These files are identical to the platform independent version and
> unnecessary.

Not really, they are missing the canAuthenticateAgainstProtectionSpace line.
I guess we could reverse the files but in the future, all cocoa ports will probably be aligned with the updated test expectation.
Comment 10 Alex Christensen 2022-01-04 10:17:16 PST
Comment on attachment 448250 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448250&action=review

>>> LayoutTests/platform/mac-bigsur-wk2/http/tests/workers/service/serviceworker-websocket.https-expected.txt:3
>>> +PASS Open a WebSocket in service worker
>> 
>> These files are identical to the platform independent version and unnecessary.
> 
> Not really, they are missing the canAuthenticateAgainstProtectionSpace line.
> I guess we could reverse the files but in the future, all cocoa ports will probably be aligned with the updated test expectation.

oh, of course.  I was looking at it wrong.  This is fine.
Comment 11 youenn fablet 2022-01-05 01:06:43 PST
Created attachment 448365 [details]
Patch for landing
Comment 12 EWS 2022-01-05 02:36:56 PST
Committed r287611 (245738@main): <https://commits.webkit.org/245738@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 448365 [details].
Comment 13 youenn fablet 2022-01-05 02:58:44 PST
Took it all.

(In reply to Chris Dumez from comment #7)
> Comment on attachment 448250 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=448250&action=review
> 
> r=me
> 
> > Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h:73
> > +    const std::optional<WebCore::SecurityOriginData>& topOrigin() const { return m_topOrigin; }
> 
> SecurityOriginData has an "empty" state so we could use a SecurityOriginData
> as data members (instead of a std::optional<>) and have the call sites check
> SecurityOriginData::isEmpty().
> 
> > Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:51
> > +    if (clientOrigin.topOrigin == clientOrigin.clientOrigin)
> 
> This could use a comment to explain why we only initialize m_topOrigin if
> topOrigin is the same as clientOrigin.
> 
> > Source/WebKit/WebProcess/Network/WebSocketChannel.cpp:121
> > +    MessageSender::send(Messages::NetworkConnectionToWebProcess::CreateSocketChannel { *request, protocol, m_identifier, m_webPageProxyID, ClientOrigin { m_document->topOrigin().data(), m_document->securityOrigin().data() } });
> 
> I bet we have this logic in several places and it may be worth having a
> getter on Document that returns a ClientOrigin at this point.
Comment 14 youenn fablet 2022-01-05 08:16:35 PST
*** Bug 233665 has been marked as a duplicate of this bug. ***