[webkit-reviews] review denied: [Bug 196870] Add a WebsiteDataStore delegate to handle AuthenticationChallenge that do not come from pages : [Attachment 367351] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 22 15:10:59 PDT 2019

Alex Christensen <achristensen at apple.com> has denied youenn fablet
<youennf at gmail.com>'s request for review:
Bug 196870: Add a WebsiteDataStore delegate to handle AuthenticationChallenge
that do not come from pages

Attachment 367351: Patch


--- Comment #7 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 367351
  --> https://bugs.webkit.org/attachment.cgi?id=367351

View in context: https://bugs.webkit.org/attachment.cgi?id=367351&action=review

I think this needs an API test that verifies this delegate is being called
under the correct circumstances and the credentials are used as expected.

> Source/WebKit/NetworkProcess/PingLoad.cpp:135
> -	  
completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, {
> +	  
ticationChallenge(m_parameters.sessionID, 0, 0, challenge,

We almost certainly don't want ping loads to handle authentication challenges. 
Then there would be random popups asking for credentials.

> Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:82
> +	   case NSURLSessionAuthChallengeUseCredential:

This is duplicate code with NavigationState.mm

> LayoutTests/ChangeLog:8
> +	   *

Wouldn't this changed test have passed before because we performed default
behavior?  Now we're just performing default behavior in a different place, so
this test does not verify the change works.

More information about the webkit-reviews mailing list