Adding upstream version 127.0.upstream/127.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 20 insertions, 0 deletions

diff --git a/dom/webauthn/MacOSWebAuthnService.mm b/dom/webauthn/MacOSWebAuthnService.mm
index fc08ee1a48..24fad770c8 100644
--- a/dom/webauthn/MacOSWebAuthnService.mm
+++ b/dom/webauthn/MacOSWebAuthnService.mm
@@ -941,6 +941,17 @@ void MacOSWebAuthnService::DoGetAssertion(
           Unused << aArgs->GetAllowList(allowList);
           Unused << aArgs->GetAllowListTransports(allowListTransports);
         }
+        // Compute the union of the transport sets.
+        uint8_t transports = 0;
+        for (uint8_t credTransports : allowListTransports) {
+          if (credTransports == 0) {
+            // treat the empty transport set as "all transports".
+            transports = ~0;
+            break;
+          }
+          transports |= credTransports;
+        }
+
         NSMutableArray* platformAllowedCredentials =
             [[NSMutableArray alloc] init];
         for (const auto& allowedCredentialId : allowList) {
@@ -999,6 +1010,15 @@ void MacOSWebAuthnService::DoGetAssertion(
           platformAssertionRequest.userVerificationPreference =
               *userVerificationPreference;
         }
+        if (__builtin_available(macos 13.5, *)) {
+          // Show the hybrid transport option if (1) we have no transport hints
+          // or (2) at least one allow list entry lists the hybrid transport.
+          bool shouldShowHybridTransport =
+              !transports ||
+              (transports & MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_ID_HYBRID);
+          platformAssertionRequest.shouldShowHybridTransport =
+              shouldShowHybridTransport;
+        }
 
         // Initialize the cross-platform provider with the rpId.
         ASAuthorizationSecurityKeyPublicKeyCredentialProvider*