[webkit-changes] [279755] trunk

Thu, 08 Jul 2021 15:14:55 -0700

Title: [279755] trunk
Revision
279755
Author
bfulg...@apple.com
Date
2021-07-08 15:13:59 -0700 (Thu, 08 Jul 2021)

Log Message

[Cocoa] Expose SPI to opt out of Extensible SSO authentication
https://bugs.webkit.org/show_bug.cgi?id=227729
<rdar://problem/75647892>

Reviewed by Tim Horton.

Source/WebKit:

WKWebView clients should be able to disable Extensible SSO authentication flows, so exposing the internal
mechanism as SPI. This is especially important for use cases where a WKWebView will be used to load content
without being attached to a Window, since a Window is required to present the Extensible SSO authentication
UI. Without a Window, WebKit will wait for a Window to be attached causing loads to timeout. By adopting this
API, developers can opt out of Extensible SSO, allowing loads to fail quickly rather than waiting for a timeout.

Tested by a new TestWebKitAPI test case: SOAuthorizationRedirect.DisableSSO

* UIProcess/API/Cocoa/WKPreferences.h:
* UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _extensibleSSOEnabled]): Add getter for new preference.
(-[WKPreferences _setExtensibleSSOEnabled:]): Add setter.
* UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:
(WebKit::NavigationSOAuthorizationSession::shouldStartInternal): Add new logging so developers can see when a WKWebView
without a Window is attempting to participate in Extensible SSO flows.
* UIProcess/Cocoa/SOAuthorization/PopUpSOAuthorizationSession.mm:
(WebKit::PopUpSOAuthorizationSession::initSecretWebView): Switch from SPI to API.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForNavigationAction): Ditto.
* UIProcess/WebPageProxy.h:

Source/WTF:

Create new WKPreference to allow WebKit clients to opt out of Extensible SSO authentication.

* Scripts/Preferences/WebPreferences.yaml:

Tools:

Add a new test to confirm that Extenstible SSO authentication flows are bypassed when the new WKPreference
is used. Updated other tests to confirm that the SSO delegate is called when expected.

* TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
(-[TestSOAuthorizationDelegate _webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:]):
(resetState):
(TestWebKitAPI::TEST):

Modified Paths

Diff

Modified: trunk/Source/WTF/ChangeLog (279754 => 279755)


--- trunk/Source/WTF/ChangeLog	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WTF/ChangeLog	2021-07-08 22:13:59 UTC (rev 279755)
@@ -1,3 +1,15 @@
+2021-07-08  Brent Fulgham  <bfulg...@apple.com>
+
+        [Cocoa] Expose SPI to opt out of Extensible SSO authentication
+        https://bugs.webkit.org/show_bug.cgi?id=227729
+        <rdar://problem/75647892>
+
+        Reviewed by Tim Horton.
+
+        Create new WKPreference to allow WebKit clients to opt out of Extensible SSO authentication.
+
+        * Scripts/Preferences/WebPreferences.yaml:
+
 2021-07-07  Alex Christensen  <achristen...@webkit.org>
 
         URL host setter should pass host to URLParser instead of trying to encode it itself

Modified: trunk/Source/WTF/Scripts/Preferences/WebPreferences.yaml (279754 => 279755)


--- trunk/Source/WTF/Scripts/Preferences/WebPreferences.yaml	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WTF/Scripts/Preferences/WebPreferences.yaml	2021-07-08 22:13:59 UTC (rev 279755)
@@ -759,6 +759,16 @@
     WebKit:
       default: false
 
+ExtensibleSSOEnabled:
+  type: bool
+  getter: isExtensibleSSOEnabled
+  webcoreBinding: none
+  condition: HAVE(APP_SSO)
+  exposed: [ WebKit ]
+  defaultValue:
+    WebKit:
+      default: true
+
 FTPDirectoryTemplatePath:
   type: String
   defaultValue:

Modified: trunk/Source/WebKit/ChangeLog (279754 => 279755)


--- trunk/Source/WebKit/ChangeLog	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/ChangeLog	2021-07-08 22:13:59 UTC (rev 279755)
@@ -1,3 +1,32 @@
+2021-07-08  Brent Fulgham  <bfulg...@apple.com>
+
+        [Cocoa] Expose SPI to opt out of Extensible SSO authentication
+        https://bugs.webkit.org/show_bug.cgi?id=227729
+        <rdar://problem/75647892>
+
+        Reviewed by Tim Horton.
+
+        WKWebView clients should be able to disable Extensible SSO authentication flows, so exposing the internal
+        mechanism as SPI. This is especially important for use cases where a WKWebView will be used to load content
+        without being attached to a Window, since a Window is required to present the Extensible SSO authentication
+        UI. Without a Window, WebKit will wait for a Window to be attached causing loads to timeout. By adopting this
+        API, developers can opt out of Extensible SSO, allowing loads to fail quickly rather than waiting for a timeout.
+
+        Tested by a new TestWebKitAPI test case: SOAuthorizationRedirect.DisableSSO
+
+        * UIProcess/API/Cocoa/WKPreferences.h:
+        * UIProcess/API/Cocoa/WKPreferences.mm:
+        (-[WKPreferences _extensibleSSOEnabled]): Add getter for new preference.
+        (-[WKPreferences _setExtensibleSSOEnabled:]): Add setter.
+        * UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm:
+        (WebKit::NavigationSOAuthorizationSession::shouldStartInternal): Add new logging so developers can see when a WKWebView
+        without a Window is attempting to participate in Extensible SSO flows.
+        * UIProcess/Cocoa/SOAuthorization/PopUpSOAuthorizationSession.mm:
+        (WebKit::PopUpSOAuthorizationSession::initSecretWebView): Switch from SPI to API.
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::decidePolicyForNavigationAction): Ditto.
+        * UIProcess/WebPageProxy.h:
+
 2021-07-08  Wenson Hsieh  <wenson_hs...@apple.com>
 
         [Live Text] Selection is misaligned on some images on twitter.com

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm (279754 => 279755)


--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm	2021-07-08 22:13:59 UTC (rev 279755)
@@ -1491,6 +1491,22 @@
     _preferences->setMediaSessionEnabled(mediaSessionEnabled);
 }
 
+- (BOOL)_isExtensibleSSOEnabled
+{
+#if HAVE(APP_SSO)
+    return _preferences->isExtensibleSSOEnabled();
+#else
+    return false;
+#endif
+}
+
+- (void)_setExtensibleSSOEnabled:(BOOL)extensibleSSOEnabled
+{
+#if HAVE(APP_SSO)
+    _preferences->setExtensibleSSOEnabled(extensibleSSOEnabled);
+#endif
+}
+
 @end

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h (279754 => 279755)


--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h	2021-07-08 22:13:59 UTC (rev 279755)
@@ -171,7 +171,9 @@
 @property (nonatomic, setter=_setPrivateClickMeasurementEnabled:) BOOL _privateClickMeasurementEnabled WK_API_AVAILABLE(macos(12.0), ios(15.0));
 @property (nonatomic, setter=_setPitchCorrectionAlgorithm:) _WKPitchCorrectionAlgorithm _pitchCorrectionAlgorithm WK_API_AVAILABLE(macos(12.0), ios(15.0));
 @property (nonatomic, setter=_setMediaSessionEnabled:) BOOL _mediaSessionEnabled WK_API_AVAILABLE(macos(12.0), ios(15.0));
+@property (nonatomic, getter=_isExtensibleSSOEnabled, setter=_setExtensibleSSOEnabled:) BOOL _extensibleSSOEnabled WK_API_AVAILABLE(macos(12.0), ios(15.0));
 
+
 #if !TARGET_OS_IPHONE
 @property (nonatomic, setter=_setWebGLEnabled:) BOOL _webGLEnabled WK_API_AVAILABLE(macos(10.13.4));
 @property (nonatomic, setter=_setJavaEnabledForLocalFiles:) BOOL _javaEnabledForLocalFiles WK_API_AVAILABLE(macos(10.13.4));

Modified: trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm (279754 => 279755)


--- trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/NavigationSOAuthorizationSession.mm	2021-07-08 22:13:59 UTC (rev 279755)
@@ -57,6 +57,7 @@
     ASSERT(page);
     beforeStart();
     if (!page->isInWindow()) {
+        AUTHORIZATIONSESSION_RELEASE_LOG("shouldStartInternal: Starting Extensible SSO authentication for a web view that is not attached to a window. Loading will pause until a window is attached.");
         setState(State::Waiting);
         page->addObserver(*this);
         ASSERT(page->mainFrame());

Modified: trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/PopUpSOAuthorizationSession.mm (279754 => 279755)


--- trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/PopUpSOAuthorizationSession.mm	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/PopUpSOAuthorizationSession.mm	2021-07-08 22:13:59 UTC (rev 279755)
@@ -189,7 +189,7 @@
     [m_secretWebView setUIDelegate:m_secretDelegate.get()];
     [m_secretWebView setNavigationDelegate:m_secretDelegate.get()];
 
-    m_secretWebView->_page->setShouldSuppressSOAuthorizationInAllNavigationPolicyDecision();
+    m_secretWebView->_page->preferences().setExtensibleSSOEnabled(false);
     WTFLogAlways("SecretWebView is created.");
 }

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (279754 => 279755)


--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2021-07-08 22:13:59 UTC (rev 279755)
@@ -5433,7 +5433,7 @@
         m_policyClient->decidePolicyForNavigationAction(*this, &frame, WTFMove(navigationAction), originatingFrame, originalRequest, WTFMove(request), WTFMove(listener), process->transformHandlesToObjects(userData.object()).get());
     else {
 #if HAVE(APP_SSO)
-        if (m_shouldSuppressSOAuthorizationInNextNavigationPolicyDecision || m_shouldSuppressSOAuthorizationInAllNavigationPolicyDecision)
+        if (m_shouldSuppressSOAuthorizationInNextNavigationPolicyDecision || !m_preferences->isExtensibleSSOEnabled())
             navigationAction->unsetShouldPerformSOAuthorization();
 #endif

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (279754 => 279755)


--- trunk/Source/WebKit/UIProcess/WebPageProxy.h	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h	2021-07-08 22:13:59 UTC (rev 279755)
@@ -1778,7 +1778,6 @@
     void webViewDidMoveToWindow();
 
 #if HAVE(APP_SSO)
-    void setShouldSuppressSOAuthorizationInAllNavigationPolicyDecision() { m_shouldSuppressSOAuthorizationInAllNavigationPolicyDecision = true; }
     void setShouldSuppressSOAuthorizationInNextNavigationPolicyDecision() { m_shouldSuppressSOAuthorizationInNextNavigationPolicyDecision = true; }
     void decidePolicyForSOAuthorizationLoad(const String&, CompletionHandler<void(SOAuthorizationLoadPolicy)>&&);
 #endif
@@ -2732,7 +2731,6 @@
 
 #if HAVE(APP_SSO)
     bool m_shouldSuppressSOAuthorizationInNextNavigationPolicyDecision { false };
-    bool m_shouldSuppressSOAuthorizationInAllNavigationPolicyDecision { false };
 #endif
 
     std::unique_ptr<WebWheelEventCoalescer> m_wheelEventCoalescer;

Modified: trunk/Tools/ChangeLog (279754 => 279755)


--- trunk/Tools/ChangeLog	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Tools/ChangeLog	2021-07-08 22:13:59 UTC (rev 279755)
@@ -1,3 +1,19 @@
+2021-07-08  Brent Fulgham  <bfulg...@apple.com>
+
+        [Cocoa] Expose SPI to opt out of Extensible SSO authentication
+        https://bugs.webkit.org/show_bug.cgi?id=227729
+        <rdar://problem/75647892>
+
+        Reviewed by Tim Horton.
+
+        Add a new test to confirm that Extenstible SSO authentication flows are bypassed when the new WKPreference
+        is used. Updated other tests to confirm that the SSO delegate is called when expected.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
+        (-[TestSOAuthorizationDelegate _webView:decidePolicyForSOAuthorizationLoadWithCurrentPolicy:forExtension:completionHandler:]):
+        (resetState):
+        (TestWebKitAPI::TEST):
+
 2021-07-08  Kate Cheney  <katherine_che...@apple.com>
 
         Clean up App Privacy Report code

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm (279754 => 279755)


--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm	2021-07-08 21:15:40 UTC (rev 279754)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm	2021-07-08 22:13:59 UTC (rev 279755)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2021 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -36,6 +36,7 @@
 #import <WebKit/WKNavigationActionPrivate.h>
 #import <WebKit/WKNavigationDelegatePrivate.h>
 #import <WebKit/WKNavigationPrivate.h>
+#import <WebKit/WKPreferencesPrivate.h>
 #import <WebKit/WKWebViewPrivate.h>
 #import <pal/cocoa/AppSSOSoftLink.h>
 #import <pal/spi/cocoa/AuthKitSPI.h>
@@ -47,6 +48,7 @@
 #import <wtf/text/WTFString.h>
 
 static bool navigationCompleted = false;
+static bool policyForAppSSOPerformed = false;
 static bool authorizationPerformed = false;
 static bool authorizationCancelled = false;
 static bool uiShowed = false;
@@ -193,6 +195,7 @@
 {
     EXPECT_EQ(policy, _WKSOAuthorizationLoadPolicyAllow);
     EXPECT_TRUE([extension isEqual:@"Test"]);
+    policyForAppSSOPerformed = true;
     if (!self.isAsyncExecution) {
         if (self.allowSOAuthorizationLoad)
             completionHandler(policy);
@@ -327,6 +330,7 @@
 static void resetState()
 {
     navigationCompleted = false;
+    policyForAppSSOPerformed = false;
     authorizationPerformed = false;
     authorizationCancelled = false;
     uiShowed = false;
@@ -384,9 +388,37 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationCompleted);
 
+    EXPECT_FALSE(policyForAppSSOPerformed);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
 }
 
+TEST(SOAuthorizationRedirect, DisableSSO)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler4(PAL::getSOAuthorizationClass(), @selector(getAuthorizationHintsWithURL:responseCode:completion:), reinterpret_cast<IMP>(overrideGetAuthorizationHintsWithURL));
+
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    auto preferences = configuration.get().preferences;
+    EXPECT_TRUE(preferences._isExtensibleSSOEnabled);
+
+    preferences._extensibleSSOEnabled = NO;
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500) configuration:configuration.get()]);
+    auto delegate = adoptNS([[TestSOAuthorizationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get(), OpenExternalSchemesPolicy::Allow);
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&navigationCompleted);
+
+    EXPECT_FALSE(policyForAppSSOPerformed);
+    EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
+}
+
 TEST(SOAuthorizationRedirect, InterceptionError)
 {
     resetState();
@@ -402,6 +434,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationCompleted);
 
+    EXPECT_TRUE(policyForAppSSOPerformed);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
 }
 
@@ -422,6 +455,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorizationDidNotHandle:gAuthorization];
     Util::run(&navigationCompleted);
@@ -446,6 +480,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorizationDidCancel:gAuthorization];
     // FIXME: Find a delegate method that can detect load cancels.
@@ -470,6 +505,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorizationDidComplete:gAuthorization];
     Util::run(&navigationCompleted);
@@ -494,6 +530,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorization:gAuthorization didCompleteWithHTTPAuthorizationHeaders:adoptNS([[NSDictionary alloc] init]).get()];
     Util::run(&navigationCompleted);
@@ -519,6 +556,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_FALSE(policyForAppSSOPerformed); // The delegate isn't registered, so this won't be set.
 #if PLATFORM(MAC)
     EXPECT_TRUE(gAuthorization.enableEmbeddedAuthorizationViewController);
 #elif PLATFORM(IOS)
@@ -563,6 +601,7 @@
 #elif PLATFORM(IOS)
     checkAuthorizationOptions(true, "null", 0);
 #endif
+    EXPECT_FALSE(policyForAppSSOPerformed); // The delegate isn't registered, so this won't be set.
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -599,6 +638,7 @@
 #elif PLATFORM(IOS)
     checkAuthorizationOptions(true, "null", 0);
 #endif
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -627,6 +667,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -656,6 +697,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:400 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
@@ -681,6 +723,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Set-Cookie" : @"sessionid=38afes7a8;", @"Location" : [redirectURL absoluteString] }]);
@@ -717,6 +760,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Set-Cookie" : @"sessionid=38afes7a8, qwerty=219ffwef9w0f, id=a3fWa;", @"Location" : [redirectURL absoluteString] }]);
@@ -762,6 +806,7 @@
 #elif PLATFORM(IOS)
     checkAuthorizationOptions(true, "null", 0);
 #endif
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Set-Cookie" : @"sessionid=38afes7a8;", @"Location" : [redirectURL absoluteString] }]);
@@ -794,6 +839,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto redirectURL = URL(URL(), "https://www.example.com");
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:redirectURL statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : redirectURL.string() }]);
@@ -820,6 +866,7 @@
     [webView removeFromSuperview];
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationPolicyDecided);
+    EXPECT_FALSE(policyForAppSSOPerformed);
     EXPECT_FALSE(authorizationPerformed);
 
     // Should activate the session.
@@ -826,6 +873,7 @@
     [webView addToTestWindow];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -857,6 +905,7 @@
     [webView removeFromSuperview];
     [webView loadRequest:[NSURLRequest requestWithURL:testURL1.get()]];
     Util::run(&navigationPolicyDecided);
+    EXPECT_FALSE(policyForAppSSOPerformed);
     EXPECT_FALSE(authorizationPerformed);
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL2.get()]];
@@ -865,6 +914,7 @@
 
     // The waiting session should be aborted as the previous navigation is overwritten by a new navigation.
     Util::run(&navigationCompleted);
+    EXPECT_FALSE(policyForAppSSOPerformed);
     EXPECT_FALSE(authorizationPerformed);
 }
 
@@ -885,6 +935,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Should be a no op.
     [webView addToTestWindow];
@@ -916,9 +967,11 @@
 
     for (int i = 0; i < 2; i++) {
         authorizationPerformed = false;
+        policyForAppSSOPerformed = false;
         [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
         Util::run(&authorizationPerformed);
         checkAuthorizationOptions(false, "", 0);
+        EXPECT_TRUE(policyForAppSSOPerformed);
 
         navigationCompleted = false;
         RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
@@ -951,13 +1004,16 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Suppress the last active session.
     authorizationPerformed = false;
+    policyForAppSSOPerformed = false;
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationCancelled);
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -989,6 +1045,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationPolicyDecided);
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_FALSE(policyForAppSSOPerformed);
 
     // Suppress the last waiting session.
     navigationPolicyDecided = false;
@@ -995,11 +1052,13 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationPolicyDecided);
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_FALSE(policyForAppSSOPerformed);
 
     // Activate the last session.
     [webView addToTestWindow];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -1034,6 +1093,7 @@
     [webView loadRequest:request.get()];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Pass a HTTP 200 response with a html to mimic a SAML response.
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
@@ -1062,6 +1122,7 @@
     // PSON: file:/// => example.com
     [webView loadRequest:[NSURLRequest requestWithURL:(NSURL *)testURL]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     navigationCompleted = false;
     // Pass a HTTP 200 response with a html to mimic a SAML response.
@@ -1071,8 +1132,10 @@
 
     authorizationPerformed = false;
     navigationPolicyDecided = false;
+    policyForAppSSOPerformed = false;
     [webView _evaluateJavaScriptWithoutUserGesture:@"location = 'http://www.example.com'" completionHandler:nil];
     Util::run(&navigationPolicyDecided);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationRedirect, AuthorizationOptions)
@@ -1094,6 +1157,7 @@
     [webView evaluateJavaScript: @"location = 'http://www.example.com'" completionHandler:nil];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "http://www.webkit.org", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationRedirect, InterceptionDidNotHandleTwice)
@@ -1112,6 +1176,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Test passes if no crashes.
     [gDelegate authorizationDidNotHandle:gAuthorization];
@@ -1134,6 +1199,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Test passes if no crashes.
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
@@ -1158,6 +1224,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationCompleted);
 
+    EXPECT_TRUE(policyForAppSSOPerformed);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
 }
 
@@ -1178,6 +1245,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(false, "", 0);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     RetainPtr<NSURL> redirectURL = [[NSBundle mainBundle] URLForResource:@"simple2" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:302 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Location" : [redirectURL absoluteString] }]);
@@ -1207,6 +1275,7 @@
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&navigationCompleted);
 
+    EXPECT_TRUE(policyForAppSSOPerformed);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
 }
 
@@ -1229,6 +1298,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1263,6 +1333,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1296,6 +1367,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1329,6 +1401,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1343,6 +1416,7 @@
     authorizationPerformed = false;
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationCancelled);
+    EXPECT_TRUE(policyForAppSSOPerformed);
     Util::run(&authorizationPerformed);
     EXPECT_FALSE(uiShowed);
 
@@ -1369,6 +1443,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1407,6 +1482,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1439,6 +1515,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1481,6 +1558,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1523,6 +1601,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController1 = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view1 = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1546,8 +1625,10 @@
 
     // Load another AppSSO request.
     authorizationPerformed = false;
+    policyForAppSSOPerformed = false;
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // UI is only dimissed after the hostApp is unhidden.
     [hostWindow deminiaturize:hostWindow];
@@ -1570,6 +1651,7 @@
 
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto viewController = adoptNS([[TestSOAuthorizationViewController alloc] init]);
     auto view = adoptNS([[NSView alloc] initWithFrame:NSZeroRect]);
@@ -1593,8 +1675,10 @@
 
     // Load another AppSSO request.
     authorizationPerformed = false;
+    policyForAppSSOPerformed = false;
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // UI is only dimissed after the hostApp is unhidden.
     [NSApp unhide:NSApp];
@@ -1625,6 +1709,7 @@
 #endif
     Util::run(&newWindowCreated);
     Util::run(&navigationCompleted);
+    EXPECT_FALSE(policyForAppSSOPerformed);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
 }
 
@@ -1653,6 +1738,7 @@
     // The new window will not navigate to the testURL as the iframe has unique origin.
     [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
     Util::run(&newWindowCreated);
+    EXPECT_FALSE(policyForAppSSOPerformed);
     EXPECT_FALSE(authorizationPerformed);
 }
 #endif
@@ -1676,6 +1762,7 @@
     [webView _evaluateJavaScriptWithoutUserGesture: @"window.open('http://www.example.com')" completionHandler:nil];
     Util::run(&newWindowCreated);
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_FALSE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationPopUp, InterceptionError)
@@ -1705,14 +1792,17 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     authorizationPerformed = false;
     navigationCompleted = false;
+    policyForAppSSOPerformed = false;
     [gDelegate authorization:gAuthorization didCompleteWithError:adoptNS([[NSError alloc] initWithDomain:NSCocoaErrorDomain code:0 userInfo:nil]).get()];
     Util::run(&newWindowCreated);
     Util::run(&navigationCompleted);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
     EXPECT_FALSE(authorizationPerformed); // Don't intercept the first navigation in the new window.
+    EXPECT_FALSE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationPopUp, InterceptionCancel)
@@ -1741,6 +1831,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // The secret WKWebView needs to be destroyed right the way.
     @autoreleasepool {
@@ -1775,6 +1866,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "window.close();").utf8(); // The pop up closes itself.
@@ -1812,6 +1904,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "").utf8();
@@ -1849,6 +1942,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "").utf8();
@@ -1887,10 +1981,12 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Will fallback to web path.
     navigationCompleted = false;
     authorizationPerformed = false;
+    policyForAppSSOPerformed = false;
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:400 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "").utf8();
     [gDelegate authorization:gAuthorization didCompleteWithHTTPResponse:response.get() httpBody:adoptNS([[NSData alloc] initWithBytes:resonseHtmlCString.data() length:resonseHtmlCString.length()]).get()];
@@ -1898,6 +1994,7 @@
     Util::run(&navigationCompleted);
     EXPECT_WK_STREQ(testURL.get().absoluteString, finalURL);
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_FALSE(policyForAppSSOPerformed);
 }
 
 // Setting cookie is ensured by other tests. Here is to cover if the whole authentication handshake can be completed.
@@ -1927,6 +2024,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Set-Cookie" : @"sessionid=38afes7a8;"}]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "").utf8();
@@ -1959,6 +2057,7 @@
 
     for (int i = 0; i < 2; i++) {
         authorizationPerformed = false;
+        policyForAppSSOPerformed = false;
 #if PLATFORM(MAC)
         [webView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
 #elif PLATFORM(IOS)
@@ -1966,6 +2065,7 @@
 #endif
         Util::run(&authorizationPerformed);
         checkAuthorizationOptions(true, "file://", 1);
+        EXPECT_TRUE(policyForAppSSOPerformed);
 
         auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
         auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "").utf8();
@@ -2005,6 +2105,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Suppress the last active session.
     auto newWebView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 400, 400) configuration:webView.get().configuration]);
@@ -2015,6 +2116,7 @@
     Util::run(&navigationCompleted);
 
     authorizationPerformed = false;
+    policyForAppSSOPerformed = false;
 #if PLATFORM(MAC)
     [newWebView sendClicksAtPoint:NSMakePoint(200, 200) numberOfClicks:1];
 #elif PLATFORM(IOS)
@@ -2023,6 +2125,7 @@
     Util::run(&authorizationCancelled);
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     navigationCompleted = false;
     [webView evaluateJavaScript: @"newWindow" completionHandler:^(id result, NSError *) {
@@ -2067,6 +2170,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "").utf8();
@@ -2103,6 +2207,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "http://www.webkit.org", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyIgnore)
@@ -2129,6 +2234,7 @@
 #endif
     Util::run(&newWindowCreated);
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationPopUp, SOAuthorizationLoadPolicyAllowAsync)
@@ -2158,6 +2264,7 @@
 #endif
     Util::run(&authorizationPerformed);
     checkAuthorizationOptions(true, "file://", 1);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto resonseHtmlCString = generateHtml(newWindowResponseTemplate, "window.close();").utf8(); // The pop up closes itself.
@@ -2195,6 +2302,7 @@
 #endif
     Util::run(&newWindowCreated);
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationSubFrame, NoInterceptions)
@@ -2210,6 +2318,7 @@
 
     [webView loadHTMLString:testHtml baseURL:baseURL.get()];
     [webView waitForMessage:@""];
+    EXPECT_FALSE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationSubFrame, NoInterceptionsNonAppleFirstPartyMainFrame)
@@ -2231,6 +2340,7 @@
     Util::sleep(0.5);
     // Make sure we don't intercept the iframe.
     EXPECT_FALSE(authorizationPerformed);
+    EXPECT_FALSE(policyForAppSSOPerformed);
 }
 
 TEST(SOAuthorizationSubFrame, InterceptionError)
@@ -2254,6 +2364,7 @@
     [webView waitForMessage:@"null"];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
     checkAuthorizationOptions(false, "file://", 2);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorization:gAuthorization didCompleteWithError:adoptNS([[NSError alloc] initWithDomain:NSCocoaErrorDomain code:0 userInfo:nil]).get()];
     [webView waitForMessage:@"null"];
@@ -2286,6 +2397,7 @@
     [webView waitForMessage:@"null"];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
     checkAuthorizationOptions(false, "file://", 2);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorizationDidCancel:gAuthorization];
     [webView waitForMessage:@"null"];
@@ -2317,6 +2429,7 @@
     [webView waitForMessage:@"http://www.example.com"];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
     checkAuthorizationOptions(false, "null", 2);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();
@@ -2346,6 +2459,7 @@
     [webView waitForMessage:@"null"];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
     checkAuthorizationOptions(false, "file://", 2);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     // Will fallback to web path.
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL.get() statusCode:400 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
@@ -2381,6 +2495,7 @@
     [webView waitForMessage:@"http://www.example.com"];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
     checkAuthorizationOptions(false, "null", 2);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:@{ @"Set-Cookie" : @"sessionid=38afes7a8;"}]);
     auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();
@@ -2408,11 +2523,13 @@
     for (int i = 0; i < 2; i++) {
         authorizationPerformed = false;
         navigationCompleted = false;
+        policyForAppSSOPerformed = false;
 
         [webView loadHTMLString:testHtml baseURL:nil];
         [webView waitForMessage:@"http://www.example.com"];
         [webView waitForMessage:@"SOAuthorizationDidStart"];
         checkAuthorizationOptions(false, "null", 2);
+        EXPECT_TRUE(policyForAppSSOPerformed);
 
         auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
         auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();
@@ -2463,6 +2580,11 @@
     Util::sleep(0.5);
     // Make sure we don't intercept the iframe.
     EXPECT_FALSE(authorizationPerformed);
+#if PLATFORM(MAC)
+    EXPECT_TRUE(policyForAppSSOPerformed);
+#else
+    EXPECT_FALSE(policyForAppSSOPerformed);
+#endif
 }
 
 TEST(SOAuthorizationSubFrame, SOAuthorizationLoadPolicyAllowAsync)
@@ -2486,6 +2608,7 @@
     [webView waitForMessage:@"http://www.example.com"];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
     checkAuthorizationOptions(false, "null", 2);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();
@@ -2514,6 +2637,11 @@
     Util::sleep(0.5);
     // Make sure we don't intercept the iframe.
     EXPECT_FALSE(authorizationPerformed);
+#if PLATFORM(MAC)
+    EXPECT_TRUE(policyForAppSSOPerformed);
+#else
+    EXPECT_FALSE(policyForAppSSOPerformed);
+#endif
 }
 
 TEST(SOAuthorizationSubFrame, InterceptionErrorWithReferrer)
@@ -2555,6 +2683,7 @@
     [webView _loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:(id)origin]] shouldOpenExternalURLs:NO];
     [webView waitForMessage:(id)origin];
     [webView waitForMessage:@"SOAuthorizationDidStart"];
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     [gDelegate authorization:gAuthorization didCompleteWithError:adoptNS([[NSError alloc] initWithDomain:NSCocoaErrorDomain code:0 userInfo:nil]).get()];
     [webView waitForMessage:(id)origin];
@@ -2585,6 +2714,7 @@
 
     [webView loadHTMLString:testHtml baseURL:baseURL.get()];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
     [gDelegate authorization:gAuthorization didCompleteWithError:adoptNS([[NSError alloc] initWithDomain:NSCocoaErrorDomain code:0 userInfo:nil]).get()];
     Util::run(&allMessagesReceived);
 }
@@ -2611,6 +2741,7 @@
 
     [webView loadHTMLString:testHtml baseURL:nil];
     Util::run(&authorizationPerformed);
+    EXPECT_TRUE(policyForAppSSOPerformed);
 
     auto response = adoptNS([[NSHTTPURLResponse alloc] initWithURL:testURL statusCode:200 HTTPVersion:@"HTTP/1.1" headerFields:nil]);
     auto iframeHtmlCString = generateHtml(iframeTemplate, "").utf8();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to