Prevent password from being used on safari biometric unlock (#13289)

2025-12-12 14:23:32 +00:00 · 2025-03-04 12:06:57 +01:00
parent 56c8c2ccc8
commit 0d68d22b98
1 changed files with 9 additions and 1 deletions
--- a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
+++ b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
@@ -164,7 +164,15 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
                break
            }

-            guard let accessControl = SecAccessControlCreateWithFlags(nil, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, [.privateKeyUsage, .userPresence], nil) else {
+            var flags: SecAccessControlCreateFlags = [.privateKeyUsage];
+            // https://developer.apple.com/documentation/security/secaccesscontrolcreateflags/biometryany
+            if #available(macOS 10.13.4, *) {
+                flags.insert(.biometryAny)
+            } else {
+                flags.insert(.touchIDAny)
+            }
+
+            guard let accessControl = SecAccessControlCreateWithFlags(nil, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, flags, nil) else {
                let messageId = message?["messageId"] as? Int
                response.userInfo = [
                    SFExtensionMessageKey: [