Changeset 127470 in webkit


Ignore:
Timestamp:
Sep 4, 2012 8:47:25 AM (12 years ago)
Author:
commit-queue@webkit.org
Message:

[BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection
https://bugs.webkit.org/show_bug.cgi?id=95747

PR199729

Patch by Otto Derek Cheung <otcheung@rim.com> on 2012-09-04
Reviewed by Rob Buis.
Internally Reviewed by Joe Mason.

If the browser has never saved a secure protocol cookie in its mapping before,
and it tries to set and retreive a secure cookie over a non-secure
protocol, it will not show up because the link between the secure and
non-secure mapping isn't created until a cookie (sent through secure) is set.

The fix is to also check for the linkage in getRawCookies. Note that we cannot
map the secure CookieMap to the non-secure one because getRawCookies is a const
function.

Manually tested using our Browser Test suite.

  • platform/blackberry/CookieManager.cpp:

(WebCore::CookieManager::getRawCookies):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r127469 r127470  
     12012-09-04  Otto Derek Cheung  <otcheung@rim.com>
     2
     3        [BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection
     4        https://bugs.webkit.org/show_bug.cgi?id=95747
     5
     6        PR199729
     7
     8        Reviewed by Rob Buis.
     9        Internally Reviewed by Joe Mason.
     10
     11        If the browser has never saved a secure protocol cookie in its mapping before,
     12        and it tries to set and retreive a secure cookie over a non-secure
     13        protocol, it will not show up because the link between the secure and
     14        non-secure mapping isn't created until a cookie (sent through secure) is set.
     15
     16        The fix is to also check for the linkage in getRawCookies. Note that we cannot
     17        map the secure CookieMap to the non-secure one because getRawCookies is a const
     18        function.
     19
     20        Manually tested using our Browser Test suite.
     21
     22        * platform/blackberry/CookieManager.cpp:
     23        (WebCore::CookieManager::getRawCookies):
     24
    1252012-09-04  Philippe Normand  <pnormand@igalia.com>
    226
  • trunk/Source/WebCore/platform/blackberry/CookieManager.cpp

    r127150 r127470  
    208208    Vector<CookieMap*> protocolsToSearch;
    209209
     210    // Special Case: If a server sets a "secure" cookie over a non-secure channel and tries to access the cookie
     211    // over a secure channel, it will not succeed because the secure protocol isn't mapped to the insecure protocol yet.
     212    // Set the map to the non-secure version, so it'll search the mapping for a secure cookie.
     213    CookieMap* targetMap = m_managerMap.get(requestURL.protocol());
     214    if (!targetMap && isConnectionSecure) {
     215        CookieLog("CookieManager - special case: secure protocol are not linked yet.");
     216        if (requestURL.protocolIs("https"))
     217            targetMap = m_managerMap.get("http");
     218        else if (requestURL.protocolIs("wss"))
     219            targetMap = m_managerMap.get("ws");
     220    }
     221
    210222    if (specialCaseForLocal)
    211223        copyValuesToVector(m_managerMap, protocolsToSearch);
    212224    else {
    213         protocolsToSearch.append(m_managerMap.get(requestURL.protocol()));
     225        protocolsToSearch.append(targetMap);
    214226        // FIXME: this is a hack for webworks apps; RFC 6265 says "Cookies do not provide isolation by scheme"
    215227        // so we should not be checking protocols at all. See PR 135595
Note: See TracChangeset for help on using the changeset viewer.