WebAuthn enums should be DOMStrings
Categories
(Core :: DOM: Web Authentication, defect, P2)
Tracking
()
People
(Reporter: nsatragno, Assigned: jschanck)
Details
Attachments
(8 files)
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
Steps to reproduce:
Run
navigator.credentials.create({
publicKey: {
challenge: new Uint8Array(),
authenticatorSelection: {
authenticatorAttachment: "not a valid member",
},
rp: { name: "rp" },
user: { displayName: "display", name: "user", id: new Uint8Array() },
pubKeyCredParams: [],
}
})
Actual results:
Uncaught (in promise) TypeError: CredentialsContainer.create: 'not a valid member' (value of 'authenticatorAttachment' member of AuthenticatorSelectionCriteria) is not a valid value for enumeration AuthenticatorAttachment.
<anonymous> debugger eval code:1
Expected results:
The bad value should be ignored and the default applied instead. See https://github.com/w3c/webauthn/issues/1738
The AuthenticatorAttachment
, ResidentKeyRequirement
, UserVerificationRequirement
, AttestationConveyancePreference
enums should all be DOMStrings instead, and invalid values considered the default. It might also be worth it issuing a warning if an invalid value is detected.
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'DevTools::Debugger' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 4•2 years ago
|
||
Assignee | ||
Comment 5•2 years ago
|
||
Depends on D167746
Assignee | ||
Comment 6•2 years ago
|
||
Depends on D167747
Assignee | ||
Comment 7•2 years ago
|
||
Depends on D167748
Assignee | ||
Comment 8•2 years ago
|
||
Depends on D167749
Assignee | ||
Comment 9•2 years ago
|
||
Depends on D167750
Assignee | ||
Comment 10•2 years ago
|
||
Assignee | ||
Comment 11•2 years ago
|
||
Comment 12•2 years ago
|
||
Comment 13•2 years ago
|
||
Backed out for causing multiple failures
- Backout link
- Push with failures
- Failure Log
- Failure line: TEST-UNEXPECTED-FAIL | dom/webauthn/tests/u2f/test_webauthn_get_assertion.html | Expecting a TypeError, got InvalidStateError: An attempt was made to use an object that is not, or is no longer, usable
Build bustages: https://treeherder.mozilla.org/logviewer?job_id=403556801&repo=autoland
Assignee | ||
Updated•2 years ago
|
Comment 14•2 years ago
|
||
Comment 15•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/add0d611bf3a
https://hg.mozilla.org/mozilla-central/rev/2effc5a02677
https://hg.mozilla.org/mozilla-central/rev/43bae636e48c
https://hg.mozilla.org/mozilla-central/rev/3c4258bfcc1e
https://hg.mozilla.org/mozilla-central/rev/35f1aa6782f2
https://hg.mozilla.org/mozilla-central/rev/55680d666baa
https://hg.mozilla.org/mozilla-central/rev/90d4cdf53000
https://hg.mozilla.org/mozilla-central/rev/ef6ac6942132
Updated•2 years ago
|
Reproducible on a 2023-01-25 Nightly build on macOS 12.
Verified as fixed on Firefox 111.0b4(build ID: 20230221190142) and Nightly 112.0a1(build ID: 20230222094403) on macOS 12, Windows 10, Ubuntu 22.
Description
•