icecat: add release icecat-140.6.0-1gnu1 for aramo

2026-01-17 18:56:47 -06:00 · 2026-01-17 18:56:47 -06:00 · 17ba0259bf
commit 17ba0259bf
parent 92fef42cd6
3382 changed files with 457689 additions and 569094 deletions
--- a/icecat/dom/webauthn/WebAuthnService.cpp
+++ b/icecat/dom/webauthn/WebAuthnService.cpp
@ -31,14 +31,12 @@ void WebAuthnService::ShowAttestationConsentPrompt(
      NS_NewRunnableFunction(__func__, [self, aTransactionId]() {
        self->SetHasAttestationConsent(
            aTransactionId,
-            StaticPrefs::
-                security_webauth_webauthn_testing_allow_direct_attestation());
+            StaticPrefs::security_webauthn_always_allow_direct_attestation());
      }));
 #else
  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
      __func__, [self, aOrigin, aTransactionId, aBrowsingContextId]() {
-        if (StaticPrefs::
-                security_webauth_webauthn_testing_allow_direct_attestation()) {
+        if (StaticPrefs::security_webauthn_always_allow_direct_attestation()) {
          self->SetHasAttestationConsent(aTransactionId, true);
          return;
        }
@ -115,10 +113,18 @@ WebAuthnService::MakeCredential(uint64_t aTransactionId,
            }

            nsIWebAuthnRegisterResult* result = aValue.ResolveValue();
-            // If the RP requested attestation, we need to show a consent prompt
-            // before returning any identifying information. The platform may
-            // have already done this for us, so we need to inspect the
-            // attestation object at this point.
+            // We can return whatever result we have if the authenticator
+            // handled attestation consent for us.
+            bool attestationConsentPromptShown = false;
+            Unused << result->GetAttestationConsentPromptShown(
+                &attestationConsentPromptShown);
+            if (attestationConsentPromptShown) {
+              guard->ref().parentRegisterPromise.ref()->Resolve(result);
+              guard->reset();
+              return;
+            }
+            // If the RP requested attestation and the response contains
+            // identifying information, then we need to show a consent prompt.
            bool resultIsIdentifying = true;
            Unused << result->HasIdentifyingAttestation(&resultIsIdentifying);
            if (attestationRequested && resultIsIdentifying) {
@ -127,6 +133,7 @@ WebAuthnService::MakeCredential(uint64_t aTransactionId,
                                                 aBrowsingContextId);
              return;
            }
+            // In all other cases we strip out identifying information.
            result->Anonymize();
            guard->ref().parentRegisterPromise.ref()->Resolve(result);
            guard->reset();