[webkit-changes] [279629] trunk

[commit-queue]

Title: [279629] trunk

Revision

279629

Author

commit-qu...@webkit.org

Date

2021-07-06 17:27:40 -0700 (Tue, 06 Jul 2021)

Log Message

imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any*.html are crashing in debug
https://bugs.webkit.org/show_bug.cgi?id=227310

Patch by Alex Christensen <achristen...@webkit.org> on 2021-07-06
Reviewed by Chris Dumez.

Source/WebCore:

In r228486 we blocked cross-origin requests from asking for credentials, and we wanted to add a console log for web developers
to see why they could no longer ask for credentials.  r228703 loosened that to allow main resources to request credentials,
and it added an incorrect assertion before logging.  ResourceLoader::isAllowedToAskUserForCredentials has two other reasons
why credentials could be blocked, and there is no reason to log in those cases because that is standard web behavior, as seen by
running the tests in Chrome and Firefox and seeing no console log.  This removes the logs in cases where other browsers also
have the same behavior and do not log, and removes the incorrect assertion.

* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didBlockAuthenticationChallenge):

LayoutTests:

* TestExpectations:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/TestExpectations
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/ResourceLoader.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (279628 => 279629)

--- trunk/LayoutTests/ChangeLog	2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/LayoutTests/ChangeLog	2021-07-07 00:27:40 UTC (rev 279629)
@@ -1,3 +1,12 @@
+2021-07-06  Alex Christensen  <achristen...@webkit.org>
+
+        imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any*.html are crashing in debug
+        https://bugs.webkit.org/show_bug.cgi?id=227310
+
+        Reviewed by Chris Dumez.
+
+        * TestExpectations:
+
 2021-07-06  Chris Dumez  <cdu...@apple.com>
 
         SubtleCrypto should only be exposed to secure contexts

Modified: trunk/LayoutTests/TestExpectations (279628 => 279629)

--- trunk/LayoutTests/TestExpectations	2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/LayoutTests/TestExpectations	2021-07-07 00:27:40 UTC (rev 279629)
@@ -321,10 +321,6 @@
 imported/w3c/web-platform-tests/service-workers/service-worker/nested-blob-url-workers.https.html [ Skip ]
 imported/w3c/web-platform-tests/service-workers/service-worker/update-bytecheck-cors-import.https.html [ Skip ]
 
-# Thee tests are crashing in Debug (https://bugs.webkit.org/show_bug.cgi?id=227310)
-[ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any.html [ Skip ]
-[ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any.worker.html [ Skip ]
-
 # This test is a flaky timeout.
 imported/w3c/web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-video-cache.https.html [ Skip ]
 webkit.org/b/201666 imported/w3c/web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-video-with-range-request.https.html [ Skip ]

Modified: trunk/Source/WebCore/ChangeLog (279628 => 279629)

--- trunk/Source/WebCore/ChangeLog	2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/Source/WebCore/ChangeLog	2021-07-07 00:27:40 UTC (rev 279629)
@@ -1,3 +1,20 @@
+2021-07-06  Alex Christensen  <achristen...@webkit.org>
+
+        imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any*.html are crashing in debug
+        https://bugs.webkit.org/show_bug.cgi?id=227310
+
+        Reviewed by Chris Dumez.
+
+        In r228486 we blocked cross-origin requests from asking for credentials, and we wanted to add a console log for web developers
+        to see why they could no longer ask for credentials.  r228703 loosened that to allow main resources to request credentials,
+        and it added an incorrect assertion before logging.  ResourceLoader::isAllowedToAskUserForCredentials has two other reasons
+        why credentials could be blocked, and there is no reason to log in those cases because that is standard web behavior, as seen by
+        running the tests in Chrome and Firefox and seeing no console log.  This removes the logs in cases where other browsers also
+        have the same behavior and do not log, and removes the incorrect assertion.
+
+        * loader/ResourceLoader.cpp:
+        (WebCore::ResourceLoader::didBlockAuthenticationChallenge):
+
 2021-07-06  Chris Dumez  <cdu...@apple.com>
 
         SubtleCrypto should only be exposed to secure contexts

Modified: trunk/Source/WebCore/loader/ResourceLoader.cpp (279628 => 279629)

--- trunk/Source/WebCore/loader/ResourceLoader.cpp	2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/Source/WebCore/loader/ResourceLoader.cpp	2021-07-07 00:27:40 UTC (rev 279629)
@@ -507,10 +507,8 @@
     m_wasAuthenticationChallengeBlocked = true;
     if (m_options.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials)
         return;
-    ASSERT(!shouldAllowResourceToAskForCredentials());
-    if (!m_frame)
-        return;
-    m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Blocked ", m_request.url().stringCenterEllipsizedToLength(), " from asking for credentials because it is a cross-origin request."));
+    if (m_frame && !shouldAllowResourceToAskForCredentials())
+        m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Blocked ", m_request.url().stringCenterEllipsizedToLength(), " from asking for credentials because it is a cross-origin request."));
 }
 
 void ResourceLoader::didReceiveResponse(const ResourceResponse& r, CompletionHandler<void()>&& policyCompletionHandler)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes