The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fefcfdfc9de7e7e9040ed98a99b21544a4f8bbbd

commit fefcfdfc9de7e7e9040ed98a99b21544a4f8bbbd
Author: Kim Paulhamus <kpaulhamus@chromium.org>
Date: Fri Feb 16 06:18:33 2018

[webauthn] Don't terminate operations early that return NotAllowedError.

NotAllowedError responses should not be returned until after the
timer has expired in order to prevent a leak of possibly-identifying
user information.

See https://w3c.github.io/webauthn/#createCredential step 21.

Bug:  809104 
Change-Id: I3655f4c9cac29dc29c68c234c2e0b8ea00f1c5c2
Reviewed-on: https://chromium-review.googlesource.com/912149
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537229}
[modify] https://crrev.com/fefcfdfc9de7e7e9040ed98a99b21544a4f8bbbd/content/browser/webauth/authenticator_impl.cc
[modify] https://crrev.com/fefcfdfc9de7e7e9040ed98a99b21544a4f8bbbd/content/browser/webauth/authenticator_impl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/445d610b4607e30fdfb124be42b957e13f14d413

commit 445d610b4607e30fdfb124be42b957e13f14d413
Author: Yoshifumi Inoue <yosin@chromium.org>
Date: Fri Feb 16 06:38:38 2018

Revert "[webauthn] Don't terminate operations early that return NotAllowedError."

This reverts commit fefcfdfc9de7e7e9040ed98a99b21544a4f8bbbd.

Reason for revert:

WinMSVC64(dbg) bot error:
https://ci.chromium.org/buildbot/chromium.win/WinMSVC64%20(dbg)/2965

c:\b\c\b\win\src\content\browser\webauth\authenticator_impl.cc(393) : error C2220: warning treated as error - no 'object' file generated
c:\b\c\b\win\src\content\browser\webauth\authenticator_impl.cc(393) : warning C4702: unreachable code





Original change's description:
> [webauthn] Don't terminate operations early that return NotAllowedError.
> 
> NotAllowedError responses should not be returned until after the
> timer has expired in order to prevent a leak of possibly-identifying
> user information.
> 
> See https://w3c.github.io/webauthn/#createCredential step 21.
> 
> Bug:  809104 
> Change-Id: I3655f4c9cac29dc29c68c234c2e0b8ea00f1c5c2
> Reviewed-on: https://chromium-review.googlesource.com/912149
> Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
> Reviewed-by: Balazs Engedy <engedy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#537229}

TBR=engedy@chromium.org,kpaulhamus@chromium.org

Change-Id: I022d8586c26a9201c5d80a025b2a954cca3fe5d4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  809104 
Reviewed-on: https://chromium-review.googlesource.com/923223
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Commit-Queue: Yoshifumi Inoue <yosin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537232}
[modify] https://crrev.com/445d610b4607e30fdfb124be42b957e13f14d413/content/browser/webauth/authenticator_impl.cc
[modify] https://crrev.com/445d610b4607e30fdfb124be42b957e13f14d413/content/browser/webauth/authenticator_impl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4ed73de1158373d5f5885772f8d43be671e5f53f

commit 4ed73de1158373d5f5885772f8d43be671e5f53f
Author: Kim Paulhamus <kpaulhamus@chromium.org>
Date: Thu Feb 22 17:31:36 2018

[webauthn] Don't terminate operations early that return NotAllowedError.

Lacking user consent (i.e. no test-of-user-presence), NotAllowedError
responses should not be returned until after the timer has expired in
order to prevent a leak of possibly-identifying user information.

See https://w3c.github.io/webauthn/#createCredential step 21.

This is a heavily reworked reland of https://crrev.com/c/912149, which
was reverted due to unreachable code.

Bug:  809104 
Change-Id: I8c33c8cef7865b4cb32459d4c8e3eef7eaabe635
Reviewed-on: https://chromium-review.googlesource.com/923715
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#538470}
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/components/password_manager/content/common/credential_manager_mojom_traits.cc
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/content/browser/webauth/authenticator_impl.cc
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/content/browser/webauth/authenticator_impl.h
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/content/browser/webauth/authenticator_impl_unittest.cc
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-create-basics.html
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-get-basics.html
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/third_party/WebKit/Source/modules/credentialmanager/CredentialManagerTypeConverters.cpp
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/third_party/WebKit/public/platform/modules/credentialmanager/credential_manager.mojom
[modify] https://crrev.com/4ed73de1158373d5f5885772f8d43be671e5f53f/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom