Bug 239275 - Safari freezes on WebAuthn navigator.credentials.get() when users interacts with security key not in allowCredentials
Summary: Safari freezes on WebAuthn navigator.credentials.get() when users interacts w...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: Safari 15
Hardware: Mac (Apple Silicon) macOS 12
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-04-12 22:00 PDT by matthew
Modified: 2022-04-13 14:21 PDT (History)
4 users (show)

See Also:

Attachments
Video reproducing the issue (4.22 MB, video/quicktime)
2022-04-12 22:00 PDT, matthew 		no flags Details
Screenshot of Safari showing version (132.20 KB, image/png)
2022-04-12 22:03 PDT, matthew 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description matthew 2022-04-12 22:00:50 PDT 
Created attachment 457507 [details]
Video reproducing the issue

Safari Version 15.4 (17613.1.17.1.13) on macOS 12.3.1 enters a "disabled" state when `navigator.credentials.get()` is called with a security key credential (i.e. transports are set to "usb" and "nfc") in `allowCredentials`, but then the user interacts with a security key that does not match the credential.

By "disabled" state I mean the window becomes almost completely unresponsive to left clicks, and right clicks bring up context menus with all options disabled. Additionally the red close button on the windows's "stoplights" turns grey and cannot be used to close the window. At this point the only way to close the window is to Force Quit out of Safari.

See attached video for a demonstration, and screenshot for proof of Safari version.

## Reproduction:

The issue can be reproduced with the following HTML + JavaScript hosted at http://localhost:

```
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Safari Bug Repro - WebAuthn Authentication Browser Crash</title>
</head>
<body>
  <h1>
    Safari Bug Repro - WebAuthn Authentication Browser Crash
  </h1>
  <button id="startAuth">Authenticate</button>
  <h2>Context</h2>
  <p>
    A single credential with a random ID has been set to <strong>allowCredentials</strong> with
    security key transports <strong>"usb"</strong> and <strong>"nfc"</strong>.
  </p>
  <h2>Reproduction Steps</h2>
  <ol>
    <li>
      Click the <strong>Authenticate</strong> button above to call navigator.credentials.get().
    </li>
    <li>
      Select <strong>Security Key</strong> from the WebAuthn browser modal.
    </li>
    <li>
      Interact with any available security key.
    </li>
    <li>
      Observe the browser becomes unresponsive to almost all input, and the close button in the
      upper-left enters a disabled state.
    </li>
  </ol>
  <script>
    document.getElementById('startAuth').addEventListener('click', async (event) => {
      event.preventDefault();

      try {
        console.log('Calling navigator.credentials.get()');
        const res = await navigator.credentials.get({
          publicKey: {
            rpId: 'localhost',
            allowCredentials: [
              { id: new Uint8Array(32).fill(1), type: "public-key", transports: ["usb", "nfc"] }
            ],
            challenge: new Uint8Array(32).fill(1),
          },
        });
        console.log('Response:', res);
      } catch (err) {
        alert(err);
      }
    });
  </script>
</body>
</html>
```
Comment 1 matthew 2022-04-12 22:03:26 PDT 
Created attachment 457508 [details]
Screenshot of Safari showing version
Comment 2 Radar WebKit Bug Importer 2022-04-13 12:48:46 PDT 
<rdar://problem/91708885>
Comment 3 pascoe@apple.com 2022-04-13 14:21:12 PDT 
Hi. Thank you for the report. This issue has been fixed in the 12.4 beta released last week.