Implement a new SPI to inform clients about AppSSO
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 26 Jun 2019 03:11:36 +0000 (03:11 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 26 Jun 2019 03:11:36 +0000 (03:11 +0000)
https://bugs.webkit.org/show_bug.cgi?id=199085
<rdar://problem/50028246>

Reviewed by Geoffrey Garen.

Source/WebKit:

This patch implements a new SPI to inform clients about incoming AppSSO interceptions during
navigations. Therefore, clients can make an informed decision about whether this is the right
moment to do the interception as interceptions often show native UI. Also, the SPI is designed
to pass along a human readable name for the extension such that clients can do whatever they
want to inform users about what's going on.

Here is the new SPI:
- (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler;

* UIProcess/API/APINavigationClient.h:
(API::NavigationClient::decidePolicyForSOAuthorizationLoad):
* UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
* UIProcess/Cocoa/NavigationState.h:
* UIProcess/Cocoa/NavigationState.mm:
(WebKit::NavigationState::setNavigationDelegate):
(WebKit::soAuthorizationLoadPolicy):
(WebKit::wkSOAuthorizationLoadPolicy):
(WebKit::NavigationState::NavigationClient::decidePolicyForSOAuthorizationLoad):
* UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h: Added.
* UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
(WebKit::SOAuthorizationSession::start):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForSOAuthorizationLoad):
* UIProcess/WebPageProxy.h:
* WebKit.xcodeproj/project.pbxproj:

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
(-[TestSOAuthorizationBasicDelegate webView:didFinishNavigation:]):
(-[TestSOAuthorizationNavigationDelegate init]):
(-[TestSOAuthorizationNavigationDelegate _webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:]):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246829 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/APINavigationClient.h
Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h
Source/WebKit/UIProcess/Cocoa/NavigationState.h
Source/WebKit/UIProcess/Cocoa/NavigationState.mm
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h [new file with mode: 0644]
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm
Source/WebKit/UIProcess/WebPageProxy.cpp
Source/WebKit/UIProcess/WebPageProxy.h
Source/WebKit/WebKit.xcodeproj/project.pbxproj
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm

index b3556d7..4cc8c21 100644 (file)
@@ -1,3 +1,37 @@
+2019-06-25  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Implement a new SPI to inform clients about AppSSO
+        https://bugs.webkit.org/show_bug.cgi?id=199085
+        <rdar://problem/50028246>
+
+        Reviewed by Geoffrey Garen.
+
+        This patch implements a new SPI to inform clients about incoming AppSSO interceptions during
+        navigations. Therefore, clients can make an informed decision about whether this is the right
+        moment to do the interception as interceptions often show native UI. Also, the SPI is designed
+        to pass along a human readable name for the extension such that clients can do whatever they
+        want to inform users about what's going on.
+
+        Here is the new SPI:
+        - (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler;
+
+        * UIProcess/API/APINavigationClient.h:
+        (API::NavigationClient::decidePolicyForSOAuthorizationLoad):
+        * UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
+        * UIProcess/Cocoa/NavigationState.h:
+        * UIProcess/Cocoa/NavigationState.mm:
+        (WebKit::NavigationState::setNavigationDelegate):
+        (WebKit::soAuthorizationLoadPolicy):
+        (WebKit::wkSOAuthorizationLoadPolicy):
+        (WebKit::NavigationState::NavigationClient::decidePolicyForSOAuthorizationLoad):
+        * UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h: Added.
+        * UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
+        (WebKit::SOAuthorizationSession::start):
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::decidePolicyForSOAuthorizationLoad):
+        * UIProcess/WebPageProxy.h:
+        * WebKit.xcodeproj/project.pbxproj:
+
 2019-06-25  Simon Fraser  <simon.fraser@apple.com>
 
         [iOS WK2 Debug] scrollingcoordinator/scrolling-tree/scroller-with-negative-z-child.html asserts
index 196c372..a6e019c 100644 (file)
 #include <WebCore/LayoutMilestone.h>
 #include <wtf/Forward.h>
 
+#if HAVE(APP_SSO)
+#include "SOAuthorizationLoadPolicy.h"
+#endif
+
 namespace WebCore {
 struct ContentRuleListResults;
 class ResourceError;
@@ -140,6 +144,13 @@ public:
     virtual void didEndNavigationGesture(WebKit::WebPageProxy&, bool willNavigate, WebKit::WebBackForwardListItem&) { }
     virtual void didRemoveNavigationGestureSnapshot(WebKit::WebPageProxy&) { }
     virtual bool didChangeBackForwardList(WebKit::WebPageProxy&, WebKit::WebBackForwardListItem*, const Vector<Ref<WebKit::WebBackForwardListItem>>&) { return false; }
+
+#if HAVE(APP_SSO)
+    virtual void decidePolicyForSOAuthorizationLoad(WebKit::WebPageProxy&, WebKit::SOAuthorizationLoadPolicy currentSOAuthorizationLoadPolicy, const WTF::String&, CompletionHandler<void(WebKit::SOAuthorizationLoadPolicy)>&& completionHandler)
+    {
+        completionHandler(currentSOAuthorizationLoadPolicy);
+    }
+#endif
 };
 
 } // namespace API
index e9be04d..3926bb0 100644 (file)
@@ -54,6 +54,11 @@ typedef NS_ENUM(NSInteger, _WKProcessTerminationReason) {
     _WKProcessTerminationReasonCrash,
 } WK_API_AVAILABLE(macos(10.14), ios(12.0));
 
+typedef NS_ENUM(NSInteger, _WKSOAuthorizationLoadPolicy) {
+    _WKSOAuthorizationLoadPolicyAllow,
+    _WKSOAuthorizationLoadPolicyIgnore,
+} WK_API_AVAILABLE(macos(10.15), ios(13.0));
+
 static const WKNavigationActionPolicy _WKNavigationActionPolicyDownload = (WKNavigationActionPolicy)(WKNavigationActionPolicyAllow + 1);
 static const WKNavigationActionPolicy WK_API_AVAILABLE(macos(10.11), ios(9.0)) _WKNavigationActionPolicyAllowWithoutTryingAppLink = (WKNavigationActionPolicy)(_WKNavigationActionPolicyDownload + 1);
 static const WKNavigationActionPolicy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)) _WKNavigationActionPolicyAllowInNewProcess = (WKNavigationActionPolicy)(_WKNavigationActionPolicyAllowWithoutTryingAppLink + 1);
@@ -111,4 +116,6 @@ static const WKNavigationResponsePolicy _WKNavigationResponsePolicyBecomeDownloa
 - (void)_webView:(WKWebView *)webView backForwardListItemAdded:(WKBackForwardListItem *)itemAdded removed:(NSArray<WKBackForwardListItem *> *)itemsRemoved WK_API_AVAILABLE(macos(10.13.4));
 #endif
 
+- (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler WK_API_AVAILABLE(macos(10.15), ios(13.0));
+
 @end
index 091470f..d61628d 100644 (file)
@@ -139,6 +139,10 @@ private:
         void decidePolicyForNavigationAction(WebPageProxy&, Ref<API::NavigationAction>&&, Ref<WebFramePolicyListenerProxy>&&, API::Object* userData) override;
         void decidePolicyForNavigationResponse(WebPageProxy&, Ref<API::NavigationResponse>&&, Ref<WebFramePolicyListenerProxy>&&, API::Object* userData) override;
 
+#if HAVE(APP_SSO)
+        void decidePolicyForSOAuthorizationLoad(WebPageProxy&, SOAuthorizationLoadPolicy, const String&, CompletionHandler<void(SOAuthorizationLoadPolicy)>&&) override;
+#endif
+
         NavigationState& m_navigationState;
     };
     
@@ -238,6 +242,10 @@ private:
         bool webViewWillGoToBackForwardListItemInPageCache : 1;
         bool webViewDecidePolicyForPluginLoadWithCurrentPolicyPluginInfoCompletionHandler : 1;
 #endif
+
+#if HAVE(APP_SSO)
+        bool webViewDecidePolicyForSOAuthorizationLoadWithCurrentPolicyForExtensionCompletionHandler : 1;
+#endif
     } m_navigationDelegateMethods;
 
     WeakObjCPtr<id <WKHistoryDelegatePrivate> > m_historyDelegate;
index 325ff81..6e99500 100644 (file)
@@ -196,6 +196,9 @@ void NavigationState::setNavigationDelegate(id <WKNavigationDelegate> delegate)
     m_navigationDelegateMethods.webViewBackForwardListItemAddedRemoved = [delegate respondsToSelector:@selector(_webView:backForwardListItemAdded:removed:)];
     m_navigationDelegateMethods.webViewDecidePolicyForPluginLoadWithCurrentPolicyPluginInfoCompletionHandler = [delegate respondsToSelector:@selector(_webView:decidePolicyForPluginLoadWithCurrentPolicy:pluginInfo:completionHandler:)];
 #endif
+#if HAVE(APP_SSO)
+    m_navigationDelegateMethods.webViewDecidePolicyForSOAuthorizationLoadWithCurrentPolicyForExtensionCompletionHandler = [delegate respondsToSelector:@selector(_webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:)];
+#endif
 }
 
 RetainPtr<id <WKHistoryDelegatePrivate> > NavigationState::historyDelegate()
@@ -1101,6 +1104,54 @@ void NavigationState::NavigationClient::didFinishLoadForQuickLookDocumentInMainF
 }
 #endif
 
+#if HAVE(APP_SSO)
+static SOAuthorizationLoadPolicy soAuthorizationLoadPolicy(_WKSOAuthorizationLoadPolicy policy)
+{
+    switch (policy) {
+    case _WKSOAuthorizationLoadPolicyAllow:
+        return SOAuthorizationLoadPolicy::Allow;
+    case _WKSOAuthorizationLoadPolicyIgnore:
+        return SOAuthorizationLoadPolicy::Ignore;
+    }
+    ASSERT_NOT_REACHED();
+    return SOAuthorizationLoadPolicy::Allow;
+}
+
+static _WKSOAuthorizationLoadPolicy wkSOAuthorizationLoadPolicy(SOAuthorizationLoadPolicy policy)
+{
+    switch (policy) {
+    case SOAuthorizationLoadPolicy::Allow:
+        return _WKSOAuthorizationLoadPolicyAllow;
+    case SOAuthorizationLoadPolicy::Ignore:
+        return _WKSOAuthorizationLoadPolicyIgnore;
+    }
+    ASSERT_NOT_REACHED();
+    return _WKSOAuthorizationLoadPolicyAllow;
+}
+
+void NavigationState::NavigationClient::decidePolicyForSOAuthorizationLoad(WebPageProxy&, SOAuthorizationLoadPolicy currentSOAuthorizationLoadPolicy, const String& extension, CompletionHandler<void(SOAuthorizationLoadPolicy)>&& completionHandler)
+{
+    if (!m_navigationState.m_navigationDelegateMethods.webViewDecidePolicyForSOAuthorizationLoadWithCurrentPolicyForExtensionCompletionHandler) {
+        completionHandler(currentSOAuthorizationLoadPolicy);
+        return;
+    }
+
+    auto navigationDelegate = m_navigationState.m_navigationDelegate.get();
+    if (!navigationDelegate) {
+        completionHandler(currentSOAuthorizationLoadPolicy);
+        return;
+    }
+
+    auto checker = CompletionHandlerCallChecker::create(navigationDelegate.get(), @selector(_webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:));
+    [(id <WKNavigationDelegatePrivate>)navigationDelegate _webView:m_navigationState.m_webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:wkSOAuthorizationLoadPolicy(currentSOAuthorizationLoadPolicy) forExtension:extension completionHandler:makeBlockPtr([completionHandler = WTFMove(completionHandler), checker = WTFMove(checker)](_WKSOAuthorizationLoadPolicy policy) mutable {
+        if (checker->completionHandlerHasBeenCalled())
+            return;
+        checker->didCallCompletionHandler();
+        completionHandler(soAuthorizationLoadPolicy(policy));
+    }).get()];
+}
+#endif
+
 // HistoryDelegatePrivate support
     
 NavigationState::HistoryClient::HistoryClient(NavigationState& navigationState)
diff --git a/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h b/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h
new file mode 100644 (file)
index 0000000..06ef277
--- /dev/null
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if HAVE(APP_SSO)
+
+namespace WebKit {
+
+enum class SOAuthorizationLoadPolicy : uint8_t {
+    Allow,
+    Ignore
+};
+
+} // namespace WebKit
+
+#endif // HAVE(APP_SSO)
index 4678fe3..c9892dd 100644 (file)
@@ -32,6 +32,7 @@
 #import "APINavigation.h"
 #import "APINavigationAction.h"
 #import "APIUIClient.h"
+#import "SOAuthorizationLoadPolicy.h"
 #import "WKUIDelegate.h"
 #import "WebPageProxy.h"
 #import "WebSiteDataStore.h"
@@ -102,24 +103,35 @@ void SOAuthorizationSession::start()
 {
     ASSERT((m_state == State::Idle || m_state == State::Waiting) && m_page && m_navigationAction);
     m_state = State::Active;
-    if (!m_soAuthorization)
-        return;
 
-    // FIXME<rdar://problem/48909336>: Replace the below with AppSSO constants.
-    auto initiatorOrigin = emptyString();
-    if (m_navigationAction->sourceFrame())
-        initiatorOrigin = m_navigationAction->sourceFrame()->securityOrigin().securityOrigin().toString();
-    if (m_action == InitiatingAction::SubFrame && m_page->mainFrame())
-        initiatorOrigin = WebCore::SecurityOrigin::create(m_page->mainFrame()->url())->toString();
-    NSDictionary *authorizationOptions = @{
-        SOAuthorizationOptionUserActionInitiated: @(m_navigationAction->isProcessingUserGesture()),
-        @"initiatorOrigin": (NSString *)initiatorOrigin,
-        @"initiatingAction": @(static_cast<NSInteger>(m_action))
-    };
-    [m_soAuthorization setAuthorizationOptions:authorizationOptions];
-
-    auto *nsRequest = m_navigationAction->request().nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
-    [m_soAuthorization beginAuthorizationWithURL:nsRequest.URL httpHeaders:nsRequest.allHTTPHeaderFields httpBody:nsRequest.HTTPBody];
+    m_page->decidePolicyForSOAuthorizationLoad(emptyString(), [this, weakThis = makeWeakPtr(*this)] (SOAuthorizationLoadPolicy policy) {
+        if (!weakThis)
+            return;
+
+        if (policy == SOAuthorizationLoadPolicy::Ignore) {
+            fallBackToWebPath();
+            return;
+        }
+
+        if (!m_soAuthorization || !m_page || !m_navigationAction)
+            return;
+
+        // FIXME: <rdar://problem/48909336> Replace the below with AppSSO constants.
+        auto initiatorOrigin = emptyString();
+        if (m_navigationAction->sourceFrame())
+            initiatorOrigin = m_navigationAction->sourceFrame()->securityOrigin().securityOrigin().toString();
+        if (m_action == InitiatingAction::SubFrame && m_page->mainFrame())
+            initiatorOrigin = WebCore::SecurityOrigin::create(m_page->mainFrame()->url())->toString();
+        NSDictionary *authorizationOptions = @{
+            SOAuthorizationOptionUserActionInitiated: @(m_navigationAction->isProcessingUserGesture()),
+            @"initiatorOrigin": (NSString *)initiatorOrigin,
+            @"initiatingAction": @(static_cast<NSInteger>(m_action))
+        };
+        [m_soAuthorization setAuthorizationOptions:authorizationOptions];
+
+        auto *nsRequest = m_navigationAction->request().nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
+        [m_soAuthorization beginAuthorizationWithURL:nsRequest.URL httpHeaders:nsRequest.allHTTPHeaderFields httpBody:nsRequest.HTTPBody];
+    });
 }
 
 void SOAuthorizationSession::fallBackToWebPath()
index d7b6d75..ac74bd4 100644 (file)
@@ -9247,6 +9247,13 @@ void WebPageProxy::configureLoggingChannel(const String& channelName, WTFLogChan
 #endif
 }
 
+#if HAVE(APP_SSO)
+void WebPageProxy::decidePolicyForSOAuthorizationLoad(const String& extension, CompletionHandler<void(SOAuthorizationLoadPolicy)>&& completionHandler)
+{
+    m_navigationClient->decidePolicyForSOAuthorizationLoad(*this, SOAuthorizationLoadPolicy::Allow, extension, WTFMove(completionHandler));
+}
+#endif
+
 } // namespace WebKit
 
 #undef MERGE_WHEEL_EVENTS
index 6e3297d..35e85f0 100644 (file)
@@ -141,6 +141,10 @@ OBJC_CLASS _WKRemoteObjectRegistry;
 #include <WebCore/WebMediaSessionManagerClient.h>
 #endif
 
+#if HAVE(APP_SSO)
+#include "SOAuthorizationLoadPolicy.h"
+#endif
+
 #if ENABLE(MEDIA_SESSION)
 namespace WebCore {
 class MediaSessionMetadata;
@@ -1545,6 +1549,7 @@ public:
 #if HAVE(APP_SSO)
     void setShouldSuppressSOAuthorizationInAllNavigationPolicyDecision() { m_shouldSuppressSOAuthorizationInAllNavigationPolicyDecision = true; }
     void setShouldSuppressSOAuthorizationInNextNavigationPolicyDecision() { m_shouldSuppressSOAuthorizationInNextNavigationPolicyDecision = true; }
+    void decidePolicyForSOAuthorizationLoad(const String&, CompletionHandler<void(SOAuthorizationLoadPolicy)>&&);
 #endif
 
     Logger& logger();
index c71776a..1b52263 100644 (file)
                578DC2982155A0020074E815 /* LocalAuthenticationSoftLink.h in Headers */ = {isa = PBXBuildFile; fileRef = 578DC2972155A0010074E815 /* LocalAuthenticationSoftLink.h */; };
                57AC8F50217FEED90055438C /* HidConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 57AC8F4E217FEED90055438C /* HidConnection.h */; };
                57B4B46020B504AC00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */; };
+               57BBEA6D22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 57BBEA6C22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h */; };
                57DCED6E2142EE5E0016B847 /* WebAuthenticatorCoordinatorMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57DCED6B2142EAE20016B847 /* WebAuthenticatorCoordinatorMessageReceiver.cpp */; };
                57DCED6F2142EE630016B847 /* WebAuthenticatorCoordinatorMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DCED6A2142EAE20016B847 /* WebAuthenticatorCoordinatorMessages.h */; };
                57DCED702142EE680016B847 /* WebAuthenticatorCoordinatorProxyMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57DCED6C2142EAF90016B847 /* WebAuthenticatorCoordinatorProxyMessageReceiver.cpp */; };
                57AC8F4F217FEED90055438C /* HidConnection.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = HidConnection.mm; sourceTree = "<group>"; };
                57B4B45D20B504AB00D4AD79 /* AuthenticationManagerCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationManagerCocoa.mm; sourceTree = "<group>"; };
                57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClientCertificateAuthenticationXPCConstants.h; sourceTree = "<group>"; };
+               57BBEA6C22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOAuthorizationLoadPolicy.h; sourceTree = "<group>"; };
                57DCED6A2142EAE20016B847 /* WebAuthenticatorCoordinatorMessages.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAuthenticatorCoordinatorMessages.h; path = DerivedSources/WebKit2/WebAuthenticatorCoordinatorMessages.h; sourceTree = BUILT_PRODUCTS_DIR; };
                57DCED6B2142EAE20016B847 /* WebAuthenticatorCoordinatorMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAuthenticatorCoordinatorMessageReceiver.cpp; path = DerivedSources/WebKit2/WebAuthenticatorCoordinatorMessageReceiver.cpp; sourceTree = BUILT_PRODUCTS_DIR; };
                57DCED6C2142EAF90016B847 /* WebAuthenticatorCoordinatorProxyMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAuthenticatorCoordinatorProxyMessageReceiver.cpp; path = DerivedSources/WebKit2/WebAuthenticatorCoordinatorProxyMessageReceiver.cpp; sourceTree = BUILT_PRODUCTS_DIR; };
                                57FD317A22B3514A008D0E8B /* RedirectSOAuthorizationSession.mm */,
                                57FD317222B35148008D0E8B /* SOAuthorizationCoordinator.h */,
                                57FD317922B35149008D0E8B /* SOAuthorizationCoordinator.mm */,
+                               57BBEA6C22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h */,
                                57FD317322B35148008D0E8B /* SOAuthorizationNSURLExtras.h */,
                                57FD317622B35149008D0E8B /* SOAuthorizationNSURLExtras.mm */,
                                57FD317C22B3514A008D0E8B /* SOAuthorizationSession.h */,
                                83F9644E1FA0F76E00C47750 /* SharedStringHashTableReadOnly.h in Headers */,
                                1D67B339212E1F6100FAA786 /* ShareSheetCallbackID.h in Headers */,
                                7A41E9FB21F81DAD00B88CDB /* ShouldGrandfatherStatistics.h in Headers */,
-                               576CA9D722B862180030143C /* SOAuthorizationNSURLExtras.h in Headers */,
                                995226D6207D184600F78420 /* SimulatedInputDispatcher.h in Headers */,
                                2DAF06D618BD1A470081CEB1 /* SmartMagnificationController.h in Headers */,
                                2DE6943E18BD2A68005C15E5 /* SmartMagnificationControllerMessages.h in Headers */,
                                57FD318322B35162008D0E8B /* SOAuthorizationCoordinator.h in Headers */,
+                               57BBEA6D22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h in Headers */,
+                               576CA9D722B862180030143C /* SOAuthorizationNSURLExtras.h in Headers */,
                                57FD318522B35169008D0E8B /* SOAuthorizationSession.h in Headers */,
                                5272B28B1406985D0096A5D0 /* StatisticsData.h in Headers */,
                                514BDED316C98EDD00E4E25E /* StatisticsRequest.h in Headers */,
index c37480d..09ee370 100644 (file)
@@ -1,3 +1,17 @@
+2019-06-25  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Implement a new SPI to inform clients about AppSSO
+        https://bugs.webkit.org/show_bug.cgi?id=199085
+        <rdar://problem/50028246>
+
+        Reviewed by Geoffrey Garen.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
+        (-[TestSOAuthorizationBasicDelegate webView:didFinishNavigation:]):
+        (-[TestSOAuthorizationNavigationDelegate init]):
+        (-[TestSOAuthorizationNavigationDelegate _webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:]):
+        (TestWebKitAPI::TEST):
+
 2019-06-25  Aakash Jain  <aakash_jain@apple.com>
 
         [ews-build] Retry Layout test in case of failures
index 42197e4..e73d20b 100644 (file)
@@ -120,9 +120,25 @@ static const char* samlResponse =
 "</script>"
 "</html>";
 
+@interface TestSOAuthorizationBasicDelegate : NSObject <WKNavigationDelegate>
+@end
+
+@implementation TestSOAuthorizationBasicDelegate
+
+- (void)webView:(WKWebView *)webView didFinishNavigation:(WKNavigation *)navigation
+{
+    EXPECT_FALSE(navigationCompleted);
+    navigationCompleted = true;
+    finalURL = navigation._request.URL.absoluteString;
+}
+
+@end
+
 @interface TestSOAuthorizationNavigationDelegate : NSObject <WKNavigationDelegate, WKUIDelegate>
 @property bool isDefaultPolicy;
 @property bool shouldOpenExternalSchemes;
+@property bool allowSOAuthorizationLoad;
+@property bool isAsyncExecution;
 - (instancetype)init;
 @end
 
@@ -133,6 +149,8 @@ static const char* samlResponse =
     if (self = [super init]) {
         self.isDefaultPolicy = true;
         self.shouldOpenExternalSchemes = false;
+        self.allowSOAuthorizationLoad = true;
+        self.isAsyncExecution = false;
     }
     return self;
 }
@@ -163,6 +181,27 @@ static const char* samlResponse =
     return gNewWindow.get();
 }
 
+- (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler
+{
+    EXPECT_EQ(policy, _WKSOAuthorizationLoadPolicyAllow);
+    EXPECT_TRUE([extension isEqual:@""]);
+    if (!self.isAsyncExecution) {
+        if (self.allowSOAuthorizationLoad)
+            completionHandler(policy);
+        else
+            completionHandler(_WKSOAuthorizationLoadPolicyIgnore);
+        return;
+    }
+
+    auto allowSOAuthorizationLoad = self.allowSOAuthorizationLoad;
+    dispatch_async(dispatch_get_main_queue(), ^() {
+        if (allowSOAuthorizationLoad)
+            completionHandler(_WKSOAuthorizationLoadPolicyAllow);
+        else
+            completionHandler(_WKSOAuthorizationLoadPolicyIgnore);
+    });
+}
+
 @end
 
 #if PLATFORM(MAC)
@@ -416,8 +455,8 @@ TEST(SOAuthorizationRedirect, InterceptionSucceed1)
     RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
 
     auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
-    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
-    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    auto delegate = adoptNS([[TestSOAuthorizationBasicDelegate alloc] init]);
+    [webView setNavigationDelegate:delegate.get()];
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
@@ -443,8 +482,8 @@ TEST(SOAuthorizationRedirect, InterceptionSucceed2)
     InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
 
     auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
-    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
-    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    auto delegate = adoptNS([[TestSOAuthorizationBasicDelegate alloc] init]);
+    [webView setNavigationDelegate:delegate.get()];
 
     // Force App Links with a request.URL that has a different host than the current one (empty host) and ShouldOpenExternalURLsPolicy::ShouldAllow.
     auto testURL = URL(URL(), "https://www.example.com");
@@ -957,6 +996,72 @@ TEST(SOAuthorizationRedirect, InterceptionCompleteTwice)
     [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] init]).get()];
 }
 
+TEST(SOAuthorizationRedirect, SOAuthorizationLoadPolicyIgnore)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    [delegate setAllowSOAuthorizationLoad:false];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&navigationCompleted);
+
+    EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
+}
+
+TEST(SOAuthorizationRedirect, SOAuthorizationLoadPolicyAllowAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&authorizationPerformed);
+    checkAuthorizationOptions(false, "", 0);
+
+    RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+    auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
+    [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] init]).get()];
+    Util::run(&navigationCompleted);
+#if PLATFORM(IOS)
+    navigationCompleted = false;
+    Util::run(&navigationCompleted);
+#endif
+    EXPECT_WK_STREQ(redirectURL.get().absoluteString, finalURL);
+}
+
+TEST(SOAuthorizationRedirect, SOAuthorizationLoadPolicyIgnoreAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    [delegate setAllowSOAuthorizationLoad:false];
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&navigationCompleted);
+
+    EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
+}
+
+
 // FIXME(175204): Enable the iOS tests once the bug is fixed.
 #if PLATFORM(MAC)
 TEST(SOAuthorizationRedirect, InterceptionSucceedWithUI)
@@ -1654,6 +1759,95 @@ TEST(SOAuthorizationPopUp, AuthorizationOptions)
     checkAuthorizationOptions(true, "http://www.webkit.org", 1);
 }
 
+TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyIgnore)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(openerTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.webkit.org")];
+    Util::run(&navigationCompleted);
+
+#if PLATFORM(MAC)
+    [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
+#elif PLATFORM(IOS)
+    [webView evaluateJavaScript: @"clickMe()" completionHandler:nil];
+#endif
+    Util::run(&newWindowCreated);
+    EXPECT_FALSE(authorizationPerformed);
+}
+
+TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyAllowAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+
+    RetainPtr<NSURL> baseURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(openerTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 400, 400)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:baseURL.get()];
+    Util::run(&navigationCompleted);
+
+#if PLATFORM(MAC)
+    [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
+#elif PLATFORM(IOS)
+    [webView evaluateJavaScript: @"clickMe()" completionHandler:nil];
+#endif
+    Util::run(&authorizationPerformed);
+    checkAuthorizationOptions(true, "file://", 1);
+
+    auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
+    auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "window.close();").utf8(); // The pop up closes itself.
+    // The secret WKWebView needs to be destroyed right the way.
+    @autoreleasepool {
+        [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] initWithBytes:resonseHtmlCString.data() length:resonseHtmlCString.length()]).get()];
+    }
+    [webView waitForMessage:@"Hello."];
+    [webView waitForMessage:@"WindowClosed."];
+}
+
+
+TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyIgnoreAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(openerTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.webkit.org")];
+    Util::run(&navigationCompleted);
+
+#if PLATFORM(MAC)
+    [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
+#elif PLATFORM(IOS)
+    [webView evaluateJavaScript: @"clickMe()" completionHandler:nil];
+#endif
+    Util::run(&newWindowCreated);
+    EXPECT_FALSE(authorizationPerformed);
+}
+
 TEST(SOAuthorizationSubFrame, NoInterceptions)
 {
     resetState();
@@ -1861,6 +2055,75 @@ TEST(SOAuthorizationSubFrame, AuthorizationOptions)
     checkAuthorizationOptions(false, "http://www.apple.com", 2);
 }
 
+TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyIgnore)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(parentTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.apple.com")];
+    // Try to wait until the iframe load is finished.
+    Util::sleep(0.5);
+    // Make sure we don't intercept the iframe.
+    EXPECT_FALSE(authorizationPerformed);
+}
+
+TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyAllowAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+    ClassMethodSwizzler swizzler4([AKAuthorizationController class], @selector(isURLFromAppleOwnedDomain:), reinterpret_cast<IMP>(overrideIsURLFromAppleOwnedDomain));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(parentTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:nil];
+    [webView waitForMessage:@"http://www.example.com"];
+    [webView waitForMessage:@"SOAuthorizationDidStart"];
+    checkAuthorizationOptions(false, "null", 2);
+
+    auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
+    auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();
+    [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] initWithBytes:iframeHtmlCString.data() length:iframeHtmlCString.length()]).get()];
+    [webView waitForMessage:@"http://www.example.com"];
+    [webView waitForMessage:@"Hello."];
+}
+
+TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyIgnoreAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(parentTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.apple.com")];
+    // Try to wait until the iframe load is finished.
+    Util::sleep(0.5);
+    // Make sure we don't intercept the iframe.
+    EXPECT_FALSE(authorizationPerformed);
+}
+
 } // namespace TestWebKitAPI
 
 #endif