Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 20d4ad126aa3b75e75fba77bc85690c88e0ffcb2
https://github.com/WebKit/WebKit/commit/20d4ad126aa3b75e75fba77bc85690c88e0ffcb2
Author: Pascoe <[email protected]>
Date: 2026-04-14 (Tue, 14 Apr 2026)
Changed paths:
M
Source/WebKit/UIProcess/Cocoa/SOAuthorization/RedirectSOAuthorizationSession.mm
M Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SOAuthorizationTests.mm
Log Message:
-----------
Handles 401s for AppSSO redirect flows
rdar://145336725
https://bugs.webkit.org/show_bug.cgi?id=311665
Reviewed by Brent Fulgham.
An SSO extension may return an HTTP 401 response with body data via
didCompleteWithHTTPResponse:httpBody: during a login flow. Previously,
completeInternal only accepted 200, 302, and 307-POST — everything else
called fallBackToWebPathInternal(), which dropped the body. Now, 401
responses with non-empty body data are loaded as HTML (same as the 200
path), allowing the authentication flow to continue. The method was also
restructured to check each status code individually with a final fallback,
replacing the compound guard condition and trailing ASSERT.
Test: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SOAuthorizationTests.mm
*
Source/WebKit/UIProcess/Cocoa/SOAuthorization/RedirectSOAuthorizationSession.mm:
(WebKit::RedirectSOAuthorizationSession::completeInternal):
* Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h:
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SOAuthorizationTests.mm:
(TestWebKitAPI::TEST(SOAuthorizationRedirect,
InterceptionSucceedWith401AndBody)):
(TestWebKitAPI::TEST(SOAuthorizationRedirect,
InterceptionFallbackWith401AndEmptyBody)):
Canonical link: https://commits.webkit.org/311205@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
