On Tue, Nov 17, 2020 at 12:50 pm, Michael Catanzaro <mcatanzaro@gnome.org> wrote:
Oh, I missed a very important point. There is a header we can use to test: Google-Accounts-Check-OAuth-Login:true. I will try to figure out how to hack up the libsoup backend to send that header with all requests and see what happens....
I tested this hack: diff --git a/Source/WebCore/platform/network/HTTPHeaderNames.in b/Source/WebCore/platform/network/HTTPHeaderNames.in index cbc470412f9f..eb19ab00a054 100644 --- a/Source/WebCore/platform/network/HTTPHeaderNames.in +++ b/Source/WebCore/platform/network/HTTPHeaderNames.in @@ -109,3 +109,5 @@ X-Temp-Tablet // These headers are specific to GStreamer. Icy-MetaInt Icy-Metadata + +Google-Accounts-Check-OAuth-Login diff --git a/Source/WebCore/platform/network/ResourceRequestBase.h b/Source/WebCore/platform/network/ResourceRequestBase.h index 6c9ce5cccefe..db234c37271f 100644 --- a/Source/WebCore/platform/network/ResourceRequestBase.h +++ b/Source/WebCore/platform/network/ResourceRequestBase.h @@ -206,6 +206,7 @@ protected: , m_hiddenFromInspector(false) , m_isTopSite(false) { + addHTTPHeaderField(HTTPHeaderName::GoogleAccountsCheckOAuthLogin, "true"); } ResourceRequestBase(const URL& url, ResourceRequestCachePolicy policy) @@ -221,6 +222,7 @@ protected: , m_hiddenFromInspector(false) , m_isTopSite(false) { + addHTTPHeaderField(HTTPHeaderName::GoogleAccountsCheckOAuthLogin, "true"); } void updatePlatformRequest(HTTPBodyUpdatePolicy = HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody) const; And confirmed in the web inspector to ensure the header is really sent. Login still works. So... maybe we will be OK? I'm not sure. I tested direct login via google.com. I'm confused as to how this change is in any way related to OAuth. Maybe it will only break for third-party websites that allow logging in with a Google account? I guess we'll find out....