[webkit-changes] [WebKit/WebKit] c0e1cd: [WebAuthn] Navigator matches excludedCredentials f...

Commit Queue noreply at github.com
Tue Mar 5 14:59:56 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c0e1cd6ea54e260139397056ccc5cf2f199aa7f0
      https://github.com/WebKit/WebKit/commit/c0e1cd6ea54e260139397056ccc5cf2f199aa7f0
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

  Log Message:
  -----------
  [WebAuthn] Navigator matches excludedCredentials for deleted passkeys in 30 day grace period
https://bugs.webkit.org/show_bug.cgi?id=264097
rdar://118182303

Reviewed by Charlie Wolfe.

In order to avoid matching recently deleted passkeys in the local authenticator, we match only
against the group "com.apple.webkit.webauthn." This works because recently deleted passkeys
are moved to another group, "com.apple.webkit.webauthn-recently-deleted."

* Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
(WebKit::LocalAuthenticatorInternal::getExistingCredentials):

Canonical link: https://commits.webkit.org/275711@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list