-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
login: Use valid selectors when testing for :is() / :where() support. #17726
Conversation
Rejecting CSS.supports(":is()") is the correct thing to do per w3c/csswg-drafts#7280 Fixes cockpit-project#17724.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for spotting this! Confirmed working here.
This is a critical fix that should go into all backports, as it prevents upcoming browsers from signing into Cockpit.
@TomasTomecek, @lachmanfrantisek : According to https://copr.fedorainfracloud.org/coprs/packit/cockpit-project-cockpit-17726/build/4832346/ the COPR builds succeeded, but somehow packit and the PR don't pick that up? Is it worth retrying? |
I have tested this with Firefox 106.0a1 and everything checks out. I can reproduce the issue exactly, and this change makes everything work. Thanks! |
No. :-) |
@emilio it'd be good to get WPTs for no-parameter |
Is there any browser extension that adds support for :is() and :where()? Don't Edge and Chromium support extensons for third-party/custom JavaScript procedures? |
(No, there's no extension for this, nor should there be. It's simply not needed. Browsers have had this functionality for years already. Only extremely insecure browser versions don't support it.) Chromium and Edge have both supported https://caniuse.com/mdn-css_selectors_where (Jan 2021 for Blink based browsers, which includes Chromium and Edge. Even earlier for Firefox and WebKit.) This was fixed in Cockpit, along with backports in the middle of last year. (See dates above.) There was only a short week or two window when browsers updated their usage of Make sure you update your software: Update both your system that has Cockpit (including the Cockpit packages) and especially your browsers. If you're seeing this problem, then you're woefully out of date with Cockpit and your browser, and probably have security problems on your system (assuming your browser and/or your system are out of date — there have been many CVEs in various parts of all OSes and browsers since this timeframe). TL;DR (summary): Update your version of Cockpit (and your system too, as other packages are probably out of date as well) and make sure your browser is also up to date. |
Rejecting CSS.supports(":is()") is the correct thing to do per w3c/csswg-drafts#7280
Fixes #17724.
login: Adjust selectors when checking for
:is()
and:where()
supportNewer, upcoming browser versions have improved next-level support for
:is()
and:where()
selectors. Cockpit was checking for support an empty usage which passed on browsers in the earlier (current as of writing) implementation. However, browsers have recently updated their parsing support for "Forgiving Selector Parsing", which caused the newer development versions of Firefox, Chrome, and WebKit to fail this check, preventing the browsers from logging into Cockpit.The check has now been adjusted so current and upcoming browser versions all pass.
Additionally, hotfixes for older supported affected versions of Cockpit have been published for CentOS, Debian, and Ubuntu. If you have an error while trying to log in with a new browser on an older Cockpit version, please upgrade your version of Cockpit.
Huge thanks to Emilio Cobos Álvarez for bringing this to our attention and sending a PR with a fix!