<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[279629] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/279629">279629</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2021-07-06 17:27:40 -0700 (Tue, 06 Jul 2021)</dd>
</dl>

<h3>Log Message</h3>
<pre>imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any*.html are crashing in debug
https://bugs.webkit.org/show_bug.cgi?id=227310

Patch by Alex Christensen <achristensen@webkit.org> on 2021-07-06
Reviewed by Chris Dumez.

Source/WebCore:

In <a href="http://trac.webkit.org/projects/webkit/changeset/228486">r228486</a> we blocked cross-origin requests from asking for credentials, and we wanted to add a console log for web developers
to see why they could no longer ask for credentials.  <a href="http://trac.webkit.org/projects/webkit/changeset/228703">r228703</a> loosened that to allow main resources to request credentials,
and it added an incorrect assertion before logging.  ResourceLoader::isAllowedToAskUserForCredentials has two other reasons
why credentials could be blocked, and there is no reason to log in those cases because that is standard web behavior, as seen by
running the tests in Chrome and Firefox and seeing no console log.  This removes the logs in cases where other browsers also
have the same behavior and do not log, and removes the incorrect assertion.

* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didBlockAuthenticationChallenge):

LayoutTests:

* TestExpectations:</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreloaderResourceLoadercpp">trunk/Source/WebCore/loader/ResourceLoader.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (279628 => 279629)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog      2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/LayoutTests/ChangeLog 2021-07-07 00:27:40 UTC (rev 279629)
</span><span class="lines">@@ -1,3 +1,12 @@
</span><ins>+2021-07-06  Alex Christensen  <achristensen@webkit.org>
+
+        imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any*.html are crashing in debug
+        https://bugs.webkit.org/show_bug.cgi?id=227310
+
+        Reviewed by Chris Dumez.
+
+        * TestExpectations:
+
</ins><span class="cx"> 2021-07-06  Chris Dumez  <cdumez@apple.com>
</span><span class="cx"> 
</span><span class="cx">         SubtleCrypto should only be exposed to secure contexts
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (279628 => 279629)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations       2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/LayoutTests/TestExpectations  2021-07-07 00:27:40 UTC (rev 279629)
</span><span class="lines">@@ -321,10 +321,6 @@
</span><span class="cx"> imported/w3c/web-platform-tests/service-workers/service-worker/nested-blob-url-workers.https.html [ Skip ]
</span><span class="cx"> imported/w3c/web-platform-tests/service-workers/service-worker/update-bytecheck-cors-import.https.html [ Skip ]
</span><span class="cx"> 
</span><del>-# Thee tests are crashing in Debug (https://bugs.webkit.org/show_bug.cgi?id=227310)
-[ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any.html [ Skip ]
-[ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any.worker.html [ Skip ]
-
</del><span class="cx"> # This test is a flaky timeout.
</span><span class="cx"> imported/w3c/web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-video-cache.https.html [ Skip ]
</span><span class="cx"> webkit.org/b/201666 imported/w3c/web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-video-with-range-request.https.html [ Skip ]
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (279628 => 279629)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog   2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/Source/WebCore/ChangeLog      2021-07-07 00:27:40 UTC (rev 279629)
</span><span class="lines">@@ -1,3 +1,20 @@
</span><ins>+2021-07-06  Alex Christensen  <achristensen@webkit.org>
+
+        imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic.any*.html are crashing in debug
+        https://bugs.webkit.org/show_bug.cgi?id=227310
+
+        Reviewed by Chris Dumez.
+
+        In r228486 we blocked cross-origin requests from asking for credentials, and we wanted to add a console log for web developers
+        to see why they could no longer ask for credentials.  r228703 loosened that to allow main resources to request credentials,
+        and it added an incorrect assertion before logging.  ResourceLoader::isAllowedToAskUserForCredentials has two other reasons
+        why credentials could be blocked, and there is no reason to log in those cases because that is standard web behavior, as seen by
+        running the tests in Chrome and Firefox and seeing no console log.  This removes the logs in cases where other browsers also
+        have the same behavior and do not log, and removes the incorrect assertion.
+
+        * loader/ResourceLoader.cpp:
+        (WebCore::ResourceLoader::didBlockAuthenticationChallenge):
+
</ins><span class="cx"> 2021-07-06  Chris Dumez  <cdumez@apple.com>
</span><span class="cx"> 
</span><span class="cx">         SubtleCrypto should only be exposed to secure contexts
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/ResourceLoader.cpp (279628 => 279629)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/ResourceLoader.cpp   2021-07-06 23:54:54 UTC (rev 279628)
+++ trunk/Source/WebCore/loader/ResourceLoader.cpp      2021-07-07 00:27:40 UTC (rev 279629)
</span><span class="lines">@@ -507,10 +507,8 @@
</span><span class="cx">     m_wasAuthenticationChallengeBlocked = true;
</span><span class="cx">     if (m_options.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials)
</span><span class="cx">         return;
</span><del>-    ASSERT(!shouldAllowResourceToAskForCredentials());
-    if (!m_frame)
-        return;
-    m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Blocked ", m_request.url().stringCenterEllipsizedToLength(), " from asking for credentials because it is a cross-origin request."));
</del><ins>+    if (m_frame && !shouldAllowResourceToAskForCredentials())
+        m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Blocked ", m_request.url().stringCenterEllipsizedToLength(), " from asking for credentials because it is a cross-origin request."));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void ResourceLoader::didReceiveResponse(const ResourceResponse& r, CompletionHandler<void()>&& policyCompletionHandler)
</span></span></pre>
</div>
</div>

</body>
</html>