Regression(NetworkLoadChecker): CORS preflights are no longer able to deal with clien...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Aug 2018 22:14:05 +0000 (22:14 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Aug 2018 22:14:05 +0000 (22:14 +0000)
commit6c7e9b5b02b73252360ab65bf33ac6dc251fe6be
tree0f3f31b8ebba999c2ff90ac36e4636662d6a0840
parente45655e33d5e25364b96a2f880967025a3592151
Regression(NetworkLoadChecker): CORS preflights are no longer able to deal with client certificate authentication
https://bugs.webkit.org/show_bug.cgi?id=188355
<rdar://problem/42546319>

Reviewed by Alex Christensen.

Before we started using the NetworkLoadChecker to do CORS-preflighting in the Network process, challenges would
use the NetworkLoad::completeAuthenticationChallenge() code path with isAllowedToAskUserForCredentials to set
to false. This would call:
1. completionHandler(AuthenticationChallengeDisposition::UseCredential, { }); for TLS handshakes (server trust
   evaluation & client certification authentication)
2. NetworkProcess::singleton().authenticationManager().didReceiveAuthenticationChallenge() otherwise

However, NetworkCORSPreflightChecker::didReceiveChallenge() was behaving differently and calling:
1. completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { }); for server trust evaluations
2. completionHandler(AuthenticationChallengeDisposition::Cancel, { }); otherwise

Restore previous behavior by aligning NetworkCORSPreflightChecker::didReceiveChallenge() with
NetworkLoad::completeAuthenticationChallenge() when isAllowedToAskUserForCredentials is set to false. This means
we end up asking the AuthenticationManager for client certificate authentication instead or cancelling the
preflight.

This fixes CORS-preflighting on some internal sites.

* NetworkProcess/NetworkCORSPreflightChecker.cpp:
(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
* NetworkProcess/NetworkCORSPreflightChecker.h:
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
* NetworkProcess/NetworkLoadChecker.h:
* NetworkProcess/NetworkResourceLoader.cpp:
* NetworkProcess/PingLoad.cpp:
(WebKit::PingLoad::PingLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234626 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp
Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h
Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
Source/WebKit/NetworkProcess/NetworkLoadChecker.h
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/NetworkProcess/PingLoad.cpp