[webkit-reviews] review granted: [Bug 234809] Make sure secure websocket connections in service workers can trigger authentication challenge callbacks : [Attachment 448250] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 4 09:21:13 PST 2022


Chris Dumez <cdumez at apple.com> has granted youenn fablet <youennf at gmail.com>'s
request for review:
Bug 234809: Make sure secure websocket connections in service workers can
trigger authentication challenge callbacks
https://bugs.webkit.org/show_bug.cgi?id=234809

Attachment 448250: Patch

https://bugs.webkit.org/attachment.cgi?id=448250&action=review




--- Comment #7 from Chris Dumez <cdumez at apple.com> ---
Comment on attachment 448250
  --> https://bugs.webkit.org/attachment.cgi?id=448250
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448250&action=review

r=me

> Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h:73
> +    const std::optional<WebCore::SecurityOriginData>& topOrigin() const {
return m_topOrigin; }

SecurityOriginData has an "empty" state so we could use a SecurityOriginData as
data members (instead of a std::optional<>) and have the call sites check
SecurityOriginData::isEmpty().

> Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:51
> +    if (clientOrigin.topOrigin == clientOrigin.clientOrigin)

This could use a comment to explain why we only initialize m_topOrigin if
topOrigin is the same as clientOrigin.

> Source/WebKit/WebProcess/Network/WebSocketChannel.cpp:121
> +   
MessageSender::send(Messages::NetworkConnectionToWebProcess::CreateSocketChanne
l { *request, protocol, m_identifier, m_webPageProxyID, ClientOrigin {
m_document->topOrigin().data(), m_document->securityOrigin().data() } });

I bet we have this logic in several places and it may be worth having a getter
on Document that returns a ClientOrigin at this point.


More information about the webkit-reviews mailing list