Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 073bf48042ce0c1bc752e744fd7252dfc5319399
https://github.com/WebKit/WebKit/commit/073bf48042ce0c1bc752e744fd7252dfc5319399
Author: Anthony Tarbinian <[email protected]>
Date: 2026-05-18 (Mon, 18 May 2026)
Changed paths:
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
Log Message:
-----------
[Site Isolation] Handle RemoteFrames in
AuthenticatorCoordinator::scopeAndCrossOriginParent
https://bugs.webkit.org/show_bug.cgi?id=314439
rdar://176593716
Reviewed by Charlie Wolfe.
AuthenticatorCoordinator::scopeAndCrossOriginParent performs
security checks to check if a frame's ancestor frames are
same-origin, same-site, or cross-origin.
The method currently traverses the ancestors via the
current document's parent document (Document::parentDocument).
However, with site isolation enabled, some of the ancestor's documents
might not available if the ancestors are in a different process.
This patch updates this ancestor traversal to operate on the frame
tree and handles both Local or Remote frame cases.
In the case where the ancestor is a remote frame, we don't
have access to it's full URL. However, we can grab the registerable domain
from the SecurityOrigin and use that to perform the check which was
previously done with areRegistrableDomainsEqual.
This patch fixes
http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html
with site isolation enabled.
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinatorInternal::scopeAndCrossOriginParent):
Canonical link: https://commits.webkit.org/313422@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
