Digital Credential: CredentialRequestCoordinator can remain non-Idle if AbortSignal races with picker result#56489
Merged
Merged
Conversation
Collaborator
|
EWS run on previous version of this PR (hash 6fb607f) Details
|
This was referenced Jan 13, 2026
6fb607f to
10f2360
Compare
Collaborator
|
EWS run on previous version of this PR (hash 10f2360) Details |
There was a problem hiding this comment.
Pull request overview
This PR fixes race conditions and state management issues in the Digital Credentials CredentialRequestCoordinator. The changes ensure that credential requests always settle promises after the picker UI has fully torn down, preventing the coordinator from remaining in a non-Idle state when AbortSignal races with picker results.
Changes:
- Defers promise settlement until after picker dismissal callback completes
- Improves abort handling during presentation and teardown by protecting JSValues across async boundaries
- Strengthens state transition validation and consistency checks
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Source/WebCore/Modules/identity/DigitalCredential.cpp | Updates function call from presentPicker to prepareCredentialRequest |
| Source/WebCore/Modules/identity/CredentialRequestCoordinator.h | Renames public method, adds dismissPickerAndSettle, removes move constructors/operators, adds deactivate() method |
| Source/WebCore/Modules/identity/CredentialRequestCoordinator.cpp | Refactors state management, promise settlement timing, and abort handling to prevent race conditions |
| LayoutTests/imported/w3c/web-platform-tests/digital-credentials/non-fully-active.https.html | Adds test for repeated abort scenarios |
| LayoutTests/imported/w3c/web-platform-tests/digital-credentials/non-fully-active.https-expected.txt | Updates test expectations with new passing test |
| LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get.tentative.https-expected.txt | Updates test expectations showing fixed race condition test |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pascoej
reviewed
Jan 15, 2026
10f2360 to
061668a
Compare
Collaborator
|
EWS run on previous version of this PR (hash 061668a) Details
|
061668a to
59ee609
Compare
Collaborator
|
EWS run on previous version of this PR (hash 59ee609) Details |
🛠 ios
Collaborator
Safer C++ Build #74741 (59ee609)
|
Contributor
Author
|
Addressing Safer c++ issue in #56812 |
59ee609 to
2d107c2
Compare
Collaborator
|
EWS run on current version of this PR (hash 2d107c2) Details |
pascoej
approved these changes
Jan 20, 2026
…if AbortSignal races with picker result rdar://163295172 https://bugs.webkit.org/show_bug.cgi?id=305363 Reviewed by Pascoe. Fix race and crash in CredentialRequestCoordinator by settling promises only after picker teardown and safely handling abort reasons. Ensure credential requests always settle after the picker UI has fully torn down. This change: - Defers promise settlement until the picker dismiss callback fires - Better handles aborts during presentation and teardown - Avoids capturing unprotected JSValues across async boundaries - Keeps coordinator state transitions more consistent (with better checks) It also more closely follows the spec: w3c-fedid/digital-credentials#420 w3c-fedid/digital-credentials#419 * LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get.tentative.https-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/digital-credentials/non-fully-active.https-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/digital-credentials/non-fully-active.https.html: * Source/WebCore/Modules/identity/CredentialRequestCoordinator.cpp: (WebCore::CredentialRequestCoordinator::PickerStateGuard::PickerStateGuard): (WebCore::CredentialRequestCoordinator::PickerStateGuard::~PickerStateGuard): (WebCore::CredentialRequestCoordinator::setState): (WebCore::CredentialRequestCoordinator::prepareCredentialRequest): (WebCore::CredentialRequestCoordinator::handleDigitalCredentialsPickerResult): (WebCore:: const): (WebCore::CredentialRequestCoordinator::dismissPickerAndSettle): (WebCore::CredentialRequestCoordinator::abortPicker): (WebCore::CredentialRequestCoordinator::contextDestroyed): (WebCore::CredentialRequestCoordinator::~CredentialRequestCoordinator): (): Deleted. (WebCore::CredentialRequestCoordinator::presentPicker): Deleted. (WebCore::CredentialRequestCoordinator::finalizeDigitalCredential): Deleted. * Source/WebCore/Modules/identity/CredentialRequestCoordinator.h: * Source/WebCore/Modules/identity/DigitalCredential.cpp: (WebCore::DigitalCredential::discoverFromExternalSource): * Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations: Canonical link: https://commits.webkit.org/305868@main
2d107c2 to
8a961b3
Compare
Collaborator
|
Committed 305868@main (8a961b3): https://commits.webkit.org/305868@main Reviewed commits have been landed. Closing PR #56489 and removing active labels. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
8a961b3
2d107c2