On Tue, Nov 17, 2020 at 12:50 pm, Michael Catanzaro
<mcatanz...@gnome.org> wrote:
Oh, I missed a very important point. There is a header we can use to
test: Google-Accounts-Check-OAuth-Login:true. I will try to figure
out how to hack up the libsoup backend to send that header with all
requests and see what happens....
I tested this hack:
diff --git a/Source/WebCore/platform/network/HTTPHeaderNames.in
b/Source/WebCore/platform/network/HTTPHeaderNames.in
index cbc470412f9f..eb19ab00a054 100644
--- a/Source/WebCore/platform/network/HTTPHeaderNames.in
+++ b/Source/WebCore/platform/network/HTTPHeaderNames.in
@@ -109,3 +109,5 @@ X-Temp-Tablet
// These headers are specific to GStreamer.
Icy-MetaInt
Icy-Metadata
+
+Google-Accounts-Check-OAuth-Login
diff --git a/Source/WebCore/platform/network/ResourceRequestBase.h
b/Source/WebCore/platform/network/ResourceRequestBase.h
index 6c9ce5cccefe..db234c37271f 100644
--- a/Source/WebCore/platform/network/ResourceRequestBase.h
+++ b/Source/WebCore/platform/network/ResourceRequestBase.h
@@ -206,6 +206,7 @@ protected:
, m_hiddenFromInspector(false)
, m_isTopSite(false)
{
+ addHTTPHeaderField(HTTPHeaderName::GoogleAccountsCheckOAuthLogin,
"true");
}
ResourceRequestBase(const URL& url, ResourceRequestCachePolicy
policy)
@@ -221,6 +222,7 @@ protected:
, m_hiddenFromInspector(false)
, m_isTopSite(false)
{
+ addHTTPHeaderField(HTTPHeaderName::GoogleAccountsCheckOAuthLogin,
"true");
}
void updatePlatformRequest(HTTPBodyUpdatePolicy =
HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody) const;
And confirmed in the web inspector to ensure the header is really sent.
Login still works. So... maybe we will be OK? I'm not sure. I tested
direct login via google.com. I'm confused as to how this change is in
any way related to OAuth. Maybe it will only break for third-party
websites that allow logging in with a Google account? I guess we'll
find out....
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev
