[webkit-changes] [WebKit/WebKit] 5e4c68: REGRESSION (252706 at main): zillow.com shows a Recap...

Wenson Hsieh noreply at github.com
Wed Jan 18 10:49:08 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5e4c68005fe4b76b61be2e90bb7064226ce1f69d
      https://github.com/WebKit/WebKit/commit/5e4c68005fe4b76b61be2e90bb7064226ce1f69d
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2023-01-18 (Wed, 18 Jan 2023)

  Changed paths:
    A LayoutTests/http/tests/permissions/permission-state-for-notifications-in-ephemeral-session-expected.txt
    A LayoutTests/http/tests/permissions/permission-state-for-notifications-in-ephemeral-session.html
    M LayoutTests/http/tests/push-api/permissions-ephemeral-expected.txt
    M LayoutTests/http/tests/push-api/permissions-ephemeral.html
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebNotificationClient.cpp

  Log Message:
  -----------
  REGRESSION (252706 at main): zillow.com shows a Recaptcha interstitial in private browsing mode
https://bugs.webkit.org/show_bug.cgi?id=250686
rdar://103905006

Reviewed by Youenn Fablet and Ben Nham.

Currently, in private browsing mode (i.e. when using an ephemeral session) `Notification.permission`
unconditionally returns `"denied"` (with `Notification.requestPermission` also unconditionally
denying the request). However, the Permissions API (i.e. `navigator.permissions.query`) implements
inconsistent behavior, and instead returns `"prompt"` in this scenario. On zillow.com, this causes
a bot detection script to erroneously flag the UA as non-human in private browsing, and present
interstitial Recaptcha UI to the user.

Fix this by making the heuristics for "notifications" in `WebPageProxy::queryPermission` consistent
with the Notifications API, such that in an ephemeral session, we return "default" or "prompt"
unless the page has requested access (in which case we'll deny access, and then subsequently return
"denied").

Test: http/tests/permissions/permission-state-for-notifications-in-ephemeral-session.html

* LayoutTests/http/tests/permissions/permission-state-for-notifications-in-ephemeral-session-expected.txt:
* LayoutTests/http/tests/permissions/permission-state-for-notifications-in-ephemeral-session.html:
* LayoutTests/http/tests/push-api/permissions-ephemeral-expected.txt:
* LayoutTests/http/tests/push-api/permissions-ephemeral.html:

Rebaseline an existing layout test.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::queryPermission):
* Source/WebKit/WebProcess/WebCoreSupport/WebNotificationClient.cpp:
(WebKit::WebNotificationClient::checkPermission):

Canonical link: https://commits.webkit.org/259040@main

More information about the webkit-changes mailing list