[webkit-changes] [WebKit/WebKit] 75300d: [Lockdown Mode] Cannot log in to HBOMax.com

Myles C. Maxfield noreply at github.com
Thu Sep 15 01:28:22 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 75300d2d8279ee18682b26372a2f2eb07005c608
      https://github.com/WebKit/WebKit/commit/75300d2d8279ee18682b26372a2f2eb07005c608
  Author: Myles C. Maxfield <mmaxfield at apple.com>
  Date:   2022-09-15 (Thu, 15 Sep 2022)

  Changed paths:
    M Source/WebCore/css/CSSFontFace.h
    M Source/WebCore/css/FontFaceSet.cpp
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h

  Log Message:
  -----------
  [Lockdown Mode] Cannot log in to HBOMax.com
https://bugs.webkit.org/show_bug.cgi?id=244737
<rdar://problem/97456952>

Reviewed by Chris Dumez.

The situation is kind of complicated:
1. HBOMax.com is using the CSS Font Loading API to load fonts. This API exposes a Promise, and
       HBOMax.com is assuming the promise will be resolved (not rejected).
2. WebKit rejects the promise whenever any font is unable to be loaded. In lockdown mode, fonts
       intentionally fail to load - so we always reject the promise.
3. Because HBOMax.com doesn't have a handler set up to handle the rejected promise, the page
       doesn't make forward progress, and appears to hang with a black screen.
4. The spec https://drafts.csswg.org/css-font-loading-3/#dom-fontfaceset-load says that browsers
       shouldn't reject the promise.
5. However, both Chrome and Firefox both reject the promise just like we do.

There are a few different options we could choose among to fix this:
1. Change WebKit to match the spec, and break compatibility with Chrome & Firefox. I don't think
       we can do this, because it's more important to match other browsers than it is to match
       the spec.
2. Quirk HBOMax.com. This is the only site I know of which has this problem.
3. Put failed fonts into the Success state rather than the Failed state. This would be counter-
       intuitive and would probably break more content than it fixes.
3.5. Put fonts which were blocked from Lockdown Mode into the Success state rather than the
       Failed state. I think this has the same problems as above.
4. Just when lockdown mode is enabled, detect the case where lockdown mode caused all the fonts
       to fail, and then make just the Javascript API resolve the promise rather than reject it.
       No internal state would be changed.

I chose option 2 because it's the most targetted fix, to just this one website.

I also filed a spec issue to make the spec match browsers' behavior.
https://github.com/w3c/csswg-drafts/issues/7680.

No test because it's impossible to test quirks.

* Source/WebCore/css/CSSFontFace.h:
* Source/WebCore/css/FontFaceSet.cpp:
(WebCore::FontFaceSet::load):
* Source/WebCore/page/Quirks.cpp:
* Source/WebCore/page/Quirks.h:

Canonical link: https://commits.webkit.org/254508@main

More information about the webkit-changes mailing list