[webkit-reviews] review granted: [Bug 208676] [WebAuthn] Avoid Apple Attestation when attestation = "none" : [Attachment 392653] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 6 12:30:55 PST 2020
Brent Fulgham <bfulgham at webkit.org> has granted Jiewen Tan
<jiewen_tan at apple.com>'s request for review:
Bug 208676: [WebAuthn] Avoid Apple Attestation when attestation = "none"
https://bugs.webkit.org/show_bug.cgi?id=208676
Attachment 392653: Patch
https://bugs.webkit.org/attachment.cgi?id=392653&action=review
--- Comment #3 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 392653
--> https://bugs.webkit.org/attachment.cgi?id=392653
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=392653&action=review
> Source/WebKit/ChangeLog:3
> + [WebAuthn] Avoid Apple Attestation when attestation = "none"
Maybe call this "Do not perform Attestation with type is 'none'"?
> Source/WebKit/ChangeLog:10
> + accesses to Apple Attestation for now. The whitelist includes file
URL,
"... to restrict access until validation is complete. The whitelist allows file
URLs and test-related domains."
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:101
> +// FIXME<rdar://problem/60108131>: Remove this whitelist before shipping.
I think its enough just say:
// FIXME(<rdar://problem/60108131>): Remove this whitelist once testing is
complete.
> LayoutTests/ChangeLog:3
> + [WebAuthn] Avoid Apple Attestation when attestation = "none"
Ditto (change title).
More information about the webkit-reviews
mailing list