Changeset 246829 in webkit

Timestamp:

Jun 25, 2019 8:11:36 PM (5 years ago)

Author:

jiewen_tan@apple.com

Message:

Implement a new SPI to inform clients about AppSSO
​https://bugs.webkit.org/show_bug.cgi?id=199085
<rdar://problem/50028246>

Reviewed by Geoffrey Garen.

Source/WebKit:

This patch implements a new SPI to inform clients about incoming AppSSO interceptions during
navigations. Therefore, clients can make an informed decision about whether this is the right
moment to do the interception as interceptions often show native UI. Also, the SPI is designed
to pass along a human readable name for the extension such that clients can do whatever they
want to inform users about what's going on.

Here is the new SPI:

• (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^{)(_WKSOAuthorizationLoadPolicy policy))completionHandler;}

• UIProcess/API/APINavigationClient.h:

(API::NavigationClient::decidePolicyForSOAuthorizationLoad):

• UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
• UIProcess/Cocoa/NavigationState.h:
• UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::soAuthorizationLoadPolicy):
(WebKit::wkSOAuthorizationLoadPolicy):
(WebKit::NavigationState::NavigationClient::decidePolicyForSOAuthorizationLoad):

• UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h: Added.
• UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:

(WebKit::SOAuthorizationSession::start):

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::decidePolicyForSOAuthorizationLoad):

• UIProcess/WebPageProxy.h:
• WebKit.xcodeproj/project.pbxproj:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(-[TestSOAuthorizationBasicDelegate webView:didFinishNavigation:]):
(-[TestSOAuthorizationNavigationDelegate init]):
(-[TestSOAuthorizationNavigationDelegate _webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:]):
(TestWebKitAPI::TEST):

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/APINavigationClient.h (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h (modified) (2 diffs)
• Source/WebKit/UIProcess/Cocoa/NavigationState.h (modified) (2 diffs)
• Source/WebKit/UIProcess/Cocoa/NavigationState.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h (added)
• Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/WebPageProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebPageProxy.h (modified) (2 diffs)
• Source/WebKit/WebKit.xcodeproj/project.pbxproj (modified) (4 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm (modified) (8 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-06-25  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Implement a new SPI to inform clients about AppSSO
+        https://bugs.webkit.org/show_bug.cgi?id=199085
+        <rdar://problem/50028246>
+
+        Reviewed by Geoffrey Garen.
+
+        This patch implements a new SPI to inform clients about incoming AppSSO interceptions during
+        navigations. Therefore, clients can make an informed decision about whether this is the right
+        moment to do the interception as interceptions often show native UI. Also, the SPI is designed
+        to pass along a human readable name for the extension such that clients can do whatever they
+        want to inform users about what's going on.
+
+        Here is the new SPI:
+        - (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler;
+
+        * UIProcess/API/APINavigationClient.h:
+        (API::NavigationClient::decidePolicyForSOAuthorizationLoad):
+        * UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
+        * UIProcess/Cocoa/NavigationState.h:
+        * UIProcess/Cocoa/NavigationState.mm:
+        (WebKit::NavigationState::setNavigationDelegate):
+        (WebKit::soAuthorizationLoadPolicy):
+        (WebKit::wkSOAuthorizationLoadPolicy):
+        (WebKit::NavigationState::NavigationClient::decidePolicyForSOAuthorizationLoad):
+        * UIProcess/Cocoa/SOAuthorization/SOAuthorizationLoadPolicy.h: Added.
+        * UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
+        (WebKit::SOAuthorizationSession::start):
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::decidePolicyForSOAuthorizationLoad):
+        * UIProcess/WebPageProxy.h:
+        * WebKit.xcodeproj/project.pbxproj:
+
 2019-06-25  Simon Fraser  <simon.fraser@apple.com>
 

trunk/Source/WebKit/UIProcess/API/APINavigationClient.h

@@ -40 +40 @@
 #include <WebCore/LayoutMilestone.h>
 #include <wtf/Forward.h>
+
+#if HAVE(APP_SSO)
+#include "SOAuthorizationLoadPolicy.h"
+#endif
 
 namespace WebCore {
@@ -141 +145 @@
     virtual void didRemoveNavigationGestureSnapshot(WebKit::WebPageProxy&) { }
     virtual bool didChangeBackForwardList(WebKit::WebPageProxy&, WebKit::WebBackForwardListItem*, const Vector<Ref<WebKit::WebBackForwardListItem>>&) { return false; }
+
+#if HAVE(APP_SSO)
+    virtual void decidePolicyForSOAuthorizationLoad(WebKit::WebPageProxy&, WebKit::SOAuthorizationLoadPolicy currentSOAuthorizationLoadPolicy, const WTF::String&, CompletionHandler<void(WebKit::SOAuthorizationLoadPolicy)>&& completionHandler)
+    {
+        completionHandler(currentSOAuthorizationLoadPolicy);
+    }
+#endif
 };
 

trunk/Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h

@@ -54 +54 @@
     _WKProcessTerminationReasonCrash,
 } WK_API_AVAILABLE(macos(10.14), ios(12.0));
+
+typedef NS_ENUM(NSInteger, _WKSOAuthorizationLoadPolicy) {
+    _WKSOAuthorizationLoadPolicyAllow,
+    _WKSOAuthorizationLoadPolicyIgnore,
+} WK_API_AVAILABLE(macos(10.15), ios(13.0));
 
 static const WKNavigationActionPolicy _WKNavigationActionPolicyDownload = (WKNavigationActionPolicy)(WKNavigationActionPolicyAllow + 1);
@@ -112 +117 @@
 #endif
 
+- (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler WK_API_AVAILABLE(macos(10.15), ios(13.0));
+
 @end

trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.h

@@ -140 +140 @@
         void decidePolicyForNavigationResponse(WebPageProxy&, Ref<API::NavigationResponse>&&, Ref<WebFramePolicyListenerProxy>&&, API::Object* userData) override;
 
+#if HAVE(APP_SSO)
+        void decidePolicyForSOAuthorizationLoad(WebPageProxy&, SOAuthorizationLoadPolicy, const String&, CompletionHandler<void(SOAuthorizationLoadPolicy)>&&) override;
+#endif
+
         NavigationState& m_navigationState;
     };
@@ -239 +243 @@
         bool webViewDecidePolicyForPluginLoadWithCurrentPolicyPluginInfoCompletionHandler : 1;
 #endif
+
+#if HAVE(APP_SSO)
+        bool webViewDecidePolicyForSOAuthorizationLoadWithCurrentPolicyForExtensionCompletionHandler : 1;
+#endif
     } m_navigationDelegateMethods;
 

trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.mm

@@ -197 +197 @@
     m_navigationDelegateMethods.webViewDecidePolicyForPluginLoadWithCurrentPolicyPluginInfoCompletionHandler = [delegate respondsToSelector:@selector(_webView:decidePolicyForPluginLoadWithCurrentPolicy:pluginInfo:completionHandler:)];
 #endif
+#if HAVE(APP_SSO)
+    m_navigationDelegateMethods.webViewDecidePolicyForSOAuthorizationLoadWithCurrentPolicyForExtensionCompletionHandler = [delegate respondsToSelector:@selector(_webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:)];
+#endif
 }
 
@@ -1102 +1105 @@
 #endif
 
+#if HAVE(APP_SSO)
+static SOAuthorizationLoadPolicy soAuthorizationLoadPolicy(_WKSOAuthorizationLoadPolicy policy)
+{
+    switch (policy) {
+    case _WKSOAuthorizationLoadPolicyAllow:
+        return SOAuthorizationLoadPolicy::Allow;
+    case _WKSOAuthorizationLoadPolicyIgnore:
+        return SOAuthorizationLoadPolicy::Ignore;
+    }
+    ASSERT_NOT_REACHED();
+    return SOAuthorizationLoadPolicy::Allow;
+}
+
+static _WKSOAuthorizationLoadPolicy wkSOAuthorizationLoadPolicy(SOAuthorizationLoadPolicy policy)
+{
+    switch (policy) {
+    case SOAuthorizationLoadPolicy::Allow:
+        return _WKSOAuthorizationLoadPolicyAllow;
+    case SOAuthorizationLoadPolicy::Ignore:
+        return _WKSOAuthorizationLoadPolicyIgnore;
+    }
+    ASSERT_NOT_REACHED();
+    return _WKSOAuthorizationLoadPolicyAllow;
+}
+
+void NavigationState::NavigationClient::decidePolicyForSOAuthorizationLoad(WebPageProxy&, SOAuthorizationLoadPolicy currentSOAuthorizationLoadPolicy, const String& extension, CompletionHandler<void(SOAuthorizationLoadPolicy)>&& completionHandler)
+{
+    if (!m_navigationState.m_navigationDelegateMethods.webViewDecidePolicyForSOAuthorizationLoadWithCurrentPolicyForExtensionCompletionHandler) {
+        completionHandler(currentSOAuthorizationLoadPolicy);
+        return;
+    }
+
+    auto navigationDelegate = m_navigationState.m_navigationDelegate.get();
+    if (!navigationDelegate) {
+        completionHandler(currentSOAuthorizationLoadPolicy);
+        return;
+    }
+
+    auto checker = CompletionHandlerCallChecker::create(navigationDelegate.get(), @selector(_webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:));
+    [(id <WKNavigationDelegatePrivate>)navigationDelegate _webView:m_navigationState.m_webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:wkSOAuthorizationLoadPolicy(currentSOAuthorizationLoadPolicy) forExtension:extension completionHandler:makeBlockPtr([completionHandler = WTFMove(completionHandler), checker = WTFMove(checker)](_WKSOAuthorizationLoadPolicy policy) mutable {
+        if (checker->completionHandlerHasBeenCalled())
+            return;
+        checker->didCallCompletionHandler();
+        completionHandler(soAuthorizationLoadPolicy(policy));
+    }).get()];
+}
+#endif
+
 // HistoryDelegatePrivate support
     

trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm

@@ -33 +33 @@
 #import "APINavigationAction.h"
 #import "APIUIClient.h"
+#import "SOAuthorizationLoadPolicy.h"
 #import "WKUIDelegate.h"
 #import "WebPageProxy.h"
@@ -103 +104 @@
     ASSERT((m_state == State::Idle || m_state == State::Waiting) && m_page && m_navigationAction);
     m_state = State::Active;
-    if (!m_soAuthorization)
-        return;
-
-    // FIXME<rdar://problem/48909336>: Replace the below with AppSSO constants.
-    auto initiatorOrigin = emptyString();
-    if (m_navigationAction->sourceFrame())
-        initiatorOrigin = m_navigationAction->sourceFrame()->securityOrigin().securityOrigin().toString();
-    if (m_action == InitiatingAction::SubFrame && m_page->mainFrame())
-        initiatorOrigin = WebCore::SecurityOrigin::create(m_page->mainFrame()->url())->toString();
-    NSDictionary *authorizationOptions = @{
-        SOAuthorizationOptionUserActionInitiated: @(m_navigationAction->isProcessingUserGesture()),
-        @"initiatorOrigin": (NSString *)initiatorOrigin,
-        @"initiatingAction": @(static_cast<NSInteger>(m_action))
-    };
-    [m_soAuthorization setAuthorizationOptions:authorizationOptions];
-
-    auto *nsRequest = m_navigationAction->request().nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
-    [m_soAuthorization beginAuthorizationWithURL:nsRequest.URL httpHeaders:nsRequest.allHTTPHeaderFields httpBody:nsRequest.HTTPBody];
+
+    m_page->decidePolicyForSOAuthorizationLoad(emptyString(), [this, weakThis = makeWeakPtr(*this)] (SOAuthorizationLoadPolicy policy) {
+        if (!weakThis)
+            return;
+
+        if (policy == SOAuthorizationLoadPolicy::Ignore) {
+            fallBackToWebPath();
+            return;
+        }
+
+        if (!m_soAuthorization || !m_page || !m_navigationAction)
+            return;
+
+        // FIXME: <rdar://problem/48909336> Replace the below with AppSSO constants.
+        auto initiatorOrigin = emptyString();
+        if (m_navigationAction->sourceFrame())
+            initiatorOrigin = m_navigationAction->sourceFrame()->securityOrigin().securityOrigin().toString();
+        if (m_action == InitiatingAction::SubFrame && m_page->mainFrame())
+            initiatorOrigin = WebCore::SecurityOrigin::create(m_page->mainFrame()->url())->toString();
+        NSDictionary *authorizationOptions = @{
+            SOAuthorizationOptionUserActionInitiated: @(m_navigationAction->isProcessingUserGesture()),
+            @"initiatorOrigin": (NSString *)initiatorOrigin,
+            @"initiatingAction": @(static_cast<NSInteger>(m_action))
+        };
+        [m_soAuthorization setAuthorizationOptions:authorizationOptions];
+
+        auto *nsRequest = m_navigationAction->request().nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
+        [m_soAuthorization beginAuthorizationWithURL:nsRequest.URL httpHeaders:nsRequest.allHTTPHeaderFields httpBody:nsRequest.HTTPBody];
+    });
 }
 

trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

@@ -9248 +9248 @@
 }
 
+#if HAVE(APP_SSO)
+void WebPageProxy::decidePolicyForSOAuthorizationLoad(const String& extension, CompletionHandler<void(SOAuthorizationLoadPolicy)>&& completionHandler)
+{
+    m_navigationClient->decidePolicyForSOAuthorizationLoad(*this, SOAuthorizationLoadPolicy::Allow, extension, WTFMove(completionHandler));
+}
+#endif
+
 } // namespace WebKit
 

trunk/Source/WebKit/UIProcess/WebPageProxy.h

@@ -142 +142 @@
 #endif
 
+#if HAVE(APP_SSO)
+#include "SOAuthorizationLoadPolicy.h"
+#endif
+
 #if ENABLE(MEDIA_SESSION)
 namespace WebCore {
@@ -1546 +1550 @@
     void setShouldSuppressSOAuthorizationInAllNavigationPolicyDecision() { m_shouldSuppressSOAuthorizationInAllNavigationPolicyDecision = true; }
     void setShouldSuppressSOAuthorizationInNextNavigationPolicyDecision() { m_shouldSuppressSOAuthorizationInNextNavigationPolicyDecision = true; }
+    void decidePolicyForSOAuthorizationLoad(const String&, CompletionHandler<void(SOAuthorizationLoadPolicy)>&&);
 #endif
 

trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj

@@ -1043 +1043 @@
                 57AC8F50217FEED90055438C /* HidConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 57AC8F4E217FEED90055438C /* HidConnection.h */; };
                 57B4B46020B504AC00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */; };
+                57BBEA6D22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 57BBEA6C22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h */; };
                 57DCED6E2142EE5E0016B847 /* WebAuthenticatorCoordinatorMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57DCED6B2142EAE20016B847 /* WebAuthenticatorCoordinatorMessageReceiver.cpp */; };
                 57DCED6F2142EE630016B847 /* WebAuthenticatorCoordinatorMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DCED6A2142EAE20016B847 /* WebAuthenticatorCoordinatorMessages.h */; };
@@ -3481 +3482 @@
                 57B4B45D20B504AB00D4AD79 /* AuthenticationManagerCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationManagerCocoa.mm; sourceTree = "<group>"; };
                 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClientCertificateAuthenticationXPCConstants.h; sourceTree = "<group>"; };
+                57BBEA6C22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOAuthorizationLoadPolicy.h; sourceTree = "<group>"; };
                 57DCED6A2142EAE20016B847 /* WebAuthenticatorCoordinatorMessages.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAuthenticatorCoordinatorMessages.h; path = DerivedSources/WebKit2/WebAuthenticatorCoordinatorMessages.h; sourceTree = BUILT_PRODUCTS_DIR; };
                 57DCED6B2142EAE20016B847 /* WebAuthenticatorCoordinatorMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAuthenticatorCoordinatorMessageReceiver.cpp; path = DerivedSources/WebKit2/WebAuthenticatorCoordinatorMessageReceiver.cpp; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -7041 +7043 @@
                                 57FD317222B35148008D0E8B /* SOAuthorizationCoordinator.h */,
                                 57FD317922B35149008D0E8B /* SOAuthorizationCoordinator.mm */,
+                                57BBEA6C22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h */,
                                 57FD317322B35148008D0E8B /* SOAuthorizationNSURLExtras.h */,
                                 57FD317622B35149008D0E8B /* SOAuthorizationNSURLExtras.mm */,
@@ -9637 +9640 @@
                                 1D67B339212E1F6100FAA786 /* ShareSheetCallbackID.h in Headers */,
                                 7A41E9FB21F81DAD00B88CDB /* ShouldGrandfatherStatistics.h in Headers */,
-                                576CA9D722B862180030143C /* SOAuthorizationNSURLExtras.h in Headers */,
                                 995226D6207D184600F78420 /* SimulatedInputDispatcher.h in Headers */,
                                 2DAF06D618BD1A470081CEB1 /* SmartMagnificationController.h in Headers */,
                                 2DE6943E18BD2A68005C15E5 /* SmartMagnificationControllerMessages.h in Headers */,
                                 57FD318322B35162008D0E8B /* SOAuthorizationCoordinator.h in Headers */,
+                                57BBEA6D22BC0BFE00273995 /* SOAuthorizationLoadPolicy.h in Headers */,
+                                576CA9D722B862180030143C /* SOAuthorizationNSURLExtras.h in Headers */,
                                 57FD318522B35169008D0E8B /* SOAuthorizationSession.h in Headers */,
                                 5272B28B1406985D0096A5D0 /* StatisticsData.h in Headers */,

trunk/Tools/ChangeLog

@@ +1 @@
+2019-06-25  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Implement a new SPI to inform clients about AppSSO
+        https://bugs.webkit.org/show_bug.cgi?id=199085
+        <rdar://problem/50028246>
+
+        Reviewed by Geoffrey Garen.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
+        (-[TestSOAuthorizationBasicDelegate webView:didFinishNavigation:]):
+        (-[TestSOAuthorizationNavigationDelegate init]):
+        (-[TestSOAuthorizationNavigationDelegate _webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:]):
+        (TestWebKitAPI::TEST):
+
 2019-06-25  Aakash Jain  <aakash_jain@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm

@@ -121 +121 @@
 "</html>";
 
+@interface TestSOAuthorizationBasicDelegate : NSObject <WKNavigationDelegate>
+@end
+
+@implementation TestSOAuthorizationBasicDelegate
+
+- (void)webView:(WKWebView *)webView didFinishNavigation:(WKNavigation *)navigation
+{
+    EXPECT_FALSE(navigationCompleted);
+    navigationCompleted = true;
+    finalURL = navigation._request.URL.absoluteString;
+}
+
+@end
+
 @interface TestSOAuthorizationNavigationDelegate : NSObject <WKNavigationDelegate, WKUIDelegate>
 @property bool isDefaultPolicy;
 @property bool shouldOpenExternalSchemes;
+@property bool allowSOAuthorizationLoad;
+@property bool isAsyncExecution;
 - (instancetype)init;
 @end
@@ -134 +150 @@
         self.isDefaultPolicy = true;
         self.shouldOpenExternalSchemes = false;
+        self.allowSOAuthorizationLoad = true;
+        self.isAsyncExecution = false;
     }
     return self;
@@ -162 +180 @@
     [gNewWindow setNavigationDelegate:self];
     return gNewWindow.get();
+}
+
+- (void)_webView:(WKWebView *)webView decidePolicyForSOAuthorizationLoadWithCurrentPolicy:(_WKSOAuthorizationLoadPolicy)policy forExtension:(NSString *)extension completionHandler:(void (^)(_WKSOAuthorizationLoadPolicy policy))completionHandler
+{
+    EXPECT_EQ(policy, _WKSOAuthorizationLoadPolicyAllow);
+    EXPECT_TRUE([extension isEqual:@""]);
+    if (!self.isAsyncExecution) {
+        if (self.allowSOAuthorizationLoad)
+            completionHandler(policy);
+        else
+            completionHandler(_WKSOAuthorizationLoadPolicyIgnore);
+        return;
+    }
+
+    auto allowSOAuthorizationLoad = self.allowSOAuthorizationLoad;
+    dispatch_async(dispatch_get_main_queue(), ^() {
+        if (allowSOAuthorizationLoad)
+            completionHandler(_WKSOAuthorizationLoadPolicyAllow);
+        else
+            completionHandler(_WKSOAuthorizationLoadPolicyIgnore);
+    });
 }
 
@@ -417 +456 @@
 
     auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
-    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
-    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    auto delegate = adoptNS([[TestSOAuthorizationBasicDelegate alloc] init]);
+    [webView setNavigationDelegate:delegate.get()];
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
@@ -444 +483 @@
 
     auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
-    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
-    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    auto delegate = adoptNS([[TestSOAuthorizationBasicDelegate alloc] init]);
+    [webView setNavigationDelegate:delegate.get()];
 
     // Force App Links with a request.URL that has a different host than the current one (empty host) and ShouldOpenExternalURLsPolicy::ShouldAllow.
@@ -957 +996 @@
     [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] init]).get()];
 }
+
+TEST(SOAuthorizationRedirect, SOAuthorizationLoadPolicyIgnore)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    [delegate setAllowSOAuthorizationLoad:false];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&navigationCompleted);
+
+    EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
+}
+
+TEST(SOAuthorizationRedirect, SOAuthorizationLoadPolicyAllowAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&authorizationPerformed);
+    checkAuthorizationOptions(false, "", 0);
+
+    RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+    auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
+    [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] init]).get()];
+    Util::run(&navigationCompleted);
+#if PLATFORM(IOS)
+    navigationCompleted = false;
+    Util::run(&navigationCompleted);
+#endif
+    EXPECT_WK_STREQ(redirectURL.get().absoluteString, finalURL);
+}
+
+TEST(SOAuthorizationRedirect, SOAuthorizationLoadPolicyIgnoreAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+    [delegate setAllowSOAuthorizationLoad:false];
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&navigationCompleted);
+
+    EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
+}
+
 
 // FIXME(175204): Enable the iOS tests once the bug is fixed.
@@ -1653 +1758 @@
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "http://www.webkit.org", 1);
+}
+
+TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyIgnore)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(openerTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.webkit.org")];
+    Util::run(&navigationCompleted);
+
+#if PLATFORM(MAC)
+    [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
+#elif PLATFORM(IOS)
+    [webView evaluateJavaScript: @"clickMe()" completionHandler:nil];
+#endif
+    Util::run(&newWindowCreated);
+    EXPECT_FALSE(authorizationPerformed);
+}
+
+TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyAllowAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+
+    RetainPtr<NSURL> baseURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(openerTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 400, 400)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:baseURL.get()];
+    Util::run(&navigationCompleted);
+
+#if PLATFORM(MAC)
+    [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
+#elif PLATFORM(IOS)
+    [webView evaluateJavaScript: @"clickMe()" completionHandler:nil];
+#endif
+    Util::run(&authorizationPerformed);
+    checkAuthorizationOptions(true, "file://", 1);
+
+    auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
+    auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "window.close();").utf8(); // The pop up closes itself.
+    // The secret WKWebView needs to be destroyed right the way.
+    @autoreleasepool {
+        [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] initWithBytes:resonseHtmlCString.data() length:resonseHtmlCString.length()]).get()];
+    }
+    [webView waitForMessage:@"Hello."];
+    [webView waitForMessage:@"WindowClosed."];
+}
+
+
+TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyIgnoreAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(openerTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.webkit.org")];
+    Util::run(&navigationCompleted);
+
+#if PLATFORM(MAC)
+    [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
+#elif PLATFORM(IOS)
+    [webView evaluateJavaScript: @"clickMe()" completionHandler:nil];
+#endif
+    Util::run(&newWindowCreated);
+    EXPECT_FALSE(authorizationPerformed);
 }
 
@@ -1862 +2056 @@
 }
 
+TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyIgnore)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(parentTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.apple.com")];
+    // Try to wait until the iframe load is finished.
+    Util::sleep(0.5);
+    // Make sure we don't intercept the iframe.
+    EXPECT_FALSE(authorizationPerformed);
+}
+
+TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyAllowAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+    ClassMethodSwizzler swizzler4([AKAuthorizationController class], @selector(isURLFromAppleOwnedDomain:), reinterpret_cast<IMP>(overrideIsURLFromAppleOwnedDomain));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(parentTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:nil];
+    [webView waitForMessage:@"http://www.example.com"];
+    [webView waitForMessage:@"SOAuthorizationDidStart"];
+    checkAuthorizationOptions(false, "null", 2);
+
+    auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
+    auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();
+    [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] initWithBytes:iframeHtmlCString.data() length:iframeHtmlCString.length()]).get()];
+    [webView waitForMessage:@"http://www.example.com"];
+    [webView waitForMessage:@"Hello."];
+}
+
+TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyIgnoreAsync)
+{
+    resetState();
+    ClassMethodSwizzler swizzler(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+
+    auto testURL = URL(URL(), "http://www.example.com");
+    auto testHtml = generateHtml(parentTemplate, testURL.string());
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+    [delegate setAllowSOAuthorizationLoad:false];
+    [delegate setIsAsyncExecution:true];
+
+    [webView loadHTMLString:testHtml baseURL:(NSURL *)URL(URL(), "http://www.apple.com")];
+    // Try to wait until the iframe load is finished.
+    Util::sleep(0.5);
+    // Make sure we don't intercept the iframe.
+    EXPECT_FALSE(authorizationPerformed);
+}
+
 } // namespace TestWebKitAPI