NetworkCORSPreflightChecker should proceed when having a ProtectionSpaceAuthenticatio...
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 May 2018 07:22:12 +0000 (07:22 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 May 2018 07:22:12 +0000 (07:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=185522
<rdar://problem/39987152>

Reviewed by Brent Fulgham.

In case of such challenge, refuse to proceed with authentication since preflight is not using credentials.
Previously, we were failing right away which is not right in case preflight is the request triggering the connection.

Manually tested.

* NetworkProcess/NetworkCORSPreflightChecker.cpp:
(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231694 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp

index 2973bf9..127757f 100644 (file)
@@ -1,3 +1,19 @@
+2018-05-11  Youenn Fablet  <youenn@apple.com>
+
+        NetworkCORSPreflightChecker should proceed when having a ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested challenge
+        https://bugs.webkit.org/show_bug.cgi?id=185522
+        <rdar://problem/39987152>
+
+        Reviewed by Brent Fulgham.
+
+        In case of such challenge, refuse to proceed with authentication since preflight is not using credentials.
+        Previously, we were failing right away which is not right in case preflight is the request triggering the connection.
+
+        Manually tested.
+
+        * NetworkProcess/NetworkCORSPreflightChecker.cpp:
+        (WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
+
 2018-05-10  Daniel Bates  <dabates@apple.com>
 
         Use PlatformStrategies to switch between WebKit and WebKitLegacy checking of CSP frame-ancestors and X-Frame-Options
index 7b770a7..3274326 100644 (file)
@@ -78,9 +78,15 @@ void NetworkCORSPreflightChecker::willPerformHTTPRedirection(WebCore::ResourceRe
     m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl });
 }
 
-void NetworkCORSPreflightChecker::didReceiveChallenge(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&& completionHandler)
+void NetworkCORSPreflightChecker::didReceiveChallenge(const WebCore::AuthenticationChallenge& challenge, ChallengeCompletionHandler&& completionHandler)
 {
     RELEASE_LOG_IF_ALLOWED("didReceiveChallenge");
+
+    if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
+        completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { });
+        return;
+    }
+
     completionHandler(AuthenticationChallengeDisposition::Cancel, { });
     m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl });
 }