Bug 215626

Summary: WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=215640
Attachments:
Description Flags
Patch
none
Patch none

Description Alex Christensen 2020-08-18 14:27:30 PDT 
WKWebViews using fastServerTrustEvaluationEnabled should only allow legacy TLS for main resource loads
Comment 1 Alex Christensen 2020-08-18 14:38:20 PDT 
Created attachment 406811 [details]
Patch
Comment 2 Darin Adler 2020-08-18 14:41:02 PDT 
Comment on attachment 406811 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=406811&action=review

> Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:397
> +    if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes
> +        && fastServerTrustEvaluationEnabled
> +        && !isTopLevelNavigation())
> +        return completionHandler(AuthenticationChallengeDisposition::Cancel, { });

Why not do this in NetworkSessionCocoa::continueDidReceiveChallenge rather than passing more state through?
Comment 3 Alex Christensen 2020-08-18 14:50:58 PDT 
Created attachment 406813 [details]
Patch
Comment 4 Alex Christensen 2020-08-18 14:51:35 PDT 
Comment on attachment 406813 [details]
Patch

Great idea!
Comment 5 EWS 2020-08-18 15:18:25 PDT 
Committed r265835: <https://trac.webkit.org/changeset/265835>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 406813 [details].
Comment 6 Radar WebKit Bug Importer 2020-08-18 15:19:18 PDT 
<rdar://problem/67356569>
Comment 7 Alex Christensen 2020-08-19 18:50:48 PDT 
http://trac.webkit.org/r265930