Changeset 265835 in webkit
- Timestamp:
- Aug 18, 2020 3:18:20 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r265816 r265835 1 2020-08-18 Alex Christensen <achristensen@webkit.org> 2 3 WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads 4 https://bugs.webkit.org/show_bug.cgi?id=215626 5 <rdar://problem/67268892> 6 7 Reviewed by Darin Adler. 8 9 We have introduced public API webView:authenticationChallenge:shouldAllowDeprecatedTLS: in WKNavigationDelegate to allow 10 applications to choose whether to allow TLS 1.0 or 1.1 connections. We don't want to break this API or break existing third party 11 apps that load pages that load third party subresources that use TLS 1.0 or 1.1. 12 13 However, we do want Safari, which uses fastServerTrustEvaluationEnabled SPI, to silently fail subresource loads that use TLS 1.0 or 1.1. 14 This matches the current behavior of Chrome and Firefox, which was not implemented in those other browsers when we decided to ask about subresources. 15 16 Covered by an API test. 17 18 * NetworkProcess/cocoa/NetworkSessionCocoa.mm: 19 (WebKit::NetworkSessionCocoa::continueDidReceiveChallenge): 20 1 21 2020-08-18 Jer Noble <jer.noble@apple.com> 2 22 -
trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
r265752 r265835 1547 1547 completionHandler(disposition, credential); 1548 1548 }; 1549 1550 if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes 1551 && fastServerTrustEvaluationEnabled() 1552 && !networkDataTask->isTopLevelNavigation()) 1553 return completionHandler(AuthenticationChallengeDisposition::Cancel, { }); 1554 1549 1555 networkDataTask->didReceiveChallenge(WTFMove(authenticationChallenge), negotiatedLegacyTLS, WTFMove(challengeCompletionHandler)); 1550 1556 } -
trunk/Tools/ChangeLog
r265817 r265835 1 2020-08-18 Alex Christensen <achristensen@webkit.org> 2 3 WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads 4 https://bugs.webkit.org/show_bug.cgi?id=215626 5 <rdar://problem/67268892> 6 7 Reviewed by Darin Adler. 8 9 * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm: 10 (TestWebKitAPI::TEST): 11 1 12 2020-08-17 Aakash Jain <aakash_jain@apple.com> 2 13 -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm
r265573 r265835 461 461 } 462 462 463 TEST(TLSVersion, LegacySubresources) 464 { 465 HTTPServer legacyServer({ 466 { "/frame", { "shouldn't load with fastServerTrustEvaluationEnabled" }} 467 }, HTTPServer::Protocol::HttpsWithLegacyTLS); 468 469 HTTPServer modernServer({ 470 { "/", { makeString("<iframe src='https://127.0.0.1:", legacyServer.port(), "/frame'/>") }} 471 }, HTTPServer::Protocol::Https); 472 473 auto dataStoreConfiguration = [[[_WKWebsiteDataStoreConfiguration alloc] initNonPersistentConfiguration] autorelease]; 474 dataStoreConfiguration.fastServerTrustEvaluationEnabled = YES; 475 auto webViewConfiguration = [[WKWebViewConfiguration new] autorelease]; 476 webViewConfiguration.websiteDataStore = [[[WKWebsiteDataStore alloc] _initWithConfiguration:dataStoreConfiguration] autorelease]; 477 auto webView = [[[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration] autorelease]; 478 479 auto delegate = [[TestNavigationDelegate new] autorelease]; 480 [delegate setDidReceiveAuthenticationChallenge:^(WKWebView *, NSURLAuthenticationChallenge *challenge, void (^callback)(NSURLSessionAuthChallengeDisposition, NSURLCredential *)) { 481 EXPECT_WK_STREQ(challenge.protectionSpace.authenticationMethod, NSURLAuthenticationMethodServerTrust); 482 callback(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]); 483 }]; 484 [webView setNavigationDelegate:delegate]; 485 486 [webView loadRequest:modernServer.request()]; 487 [delegate waitForDidFinishNavigation]; 488 489 EXPECT_EQ(legacyServer.totalRequests(), 0u); 490 EXPECT_EQ(modernServer.totalRequests(), 1u); 491 492 auto defaultWebView = [[WKWebView new] autorelease]; 493 [defaultWebView setNavigationDelegate:delegate]; 494 [defaultWebView loadRequest:modernServer.request()]; 495 [delegate waitForDidFinishNavigation]; 496 EXPECT_EQ(legacyServer.totalRequests(), 1u); 497 EXPECT_EQ(modernServer.totalRequests(), 2u); 498 } 499 463 500 #endif // HAVE(NETWORK_FRAMEWORK) && HAVE(TLS_PROTOCOL_VERSION_T) 464 501
Note: See TracChangeset
for help on using the changeset viewer.