264263 – [GTK] libwebkit2gtk broke SAML auth on Linux

Bug 264263 - [GTK] libwebkit2gtk broke SAML auth on Linux

Summary: [GTK] libwebkit2gtk broke SAML auth on Linux

Status:	RESOLVED DUPLICATE of bug 262777

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	WebKit Nightly Build
Hardware:	PC Linux

Importance:	P3 Major
Assignee:	Nobody

URL:
Keywords:	Gtk

Depends on:
Blocks:

Reported:	2023-11-06 09:04 PST by Sean
Modified:	2023-11-06 09:22 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sean 2023-11-06 09:04:11 PST

After upgrading to version 2.4.1 of libwebkit2gtk we see some embedded browser failures. At first, this seemed to be an IDP issue but we're getting reports of many IDPs(Duo, Okta) with the same errors. During testing, we see that the user attempts to log in via SAML to an IDP and the site just refreshes and nothing happens. In the console logs we see this being logged:

[Warning] [blocked] The page at
[IDP LOGIN URL...] <IDP LOGIN URL...>
was not allowed to display insecure content from
blob:https://cisco.login.duosecurity.com/5d947f3c-4c16-4067-867d-72149959feb1.
(login.js, line 2)


Downgrading seems to fix this issue. Were there any changes to these policies that we can handle differently? 

Please let me know if there is any further information I can add or reproduction steps you need.

Comment 1 Michael Catanzaro 2023-11-06 09:15:43 PST

Hi there, this is bug #262777. It will be fixed in 2.42.2, which is coming soon.

*** This bug has been marked as a duplicate of bug 262777 ***

Comment 2 Sean 2023-11-06 09:18:40 PST

What is the bug ID of the duplicate so I can take a look?

Comment 3 Sean 2023-11-06 09:22:09 PST

(In reply to Sean from comment #2)
> What is the bug ID of the duplicate so I can take a look?

Ignore this, didn't realized it linked