Changeset 127470 in webkit
- Timestamp:
- Sep 4, 2012 8:47:25 AM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r127469 r127470 1 2012-09-04 Otto Derek Cheung <otcheung@rim.com> 2 3 [BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection 4 https://bugs.webkit.org/show_bug.cgi?id=95747 5 6 PR199729 7 8 Reviewed by Rob Buis. 9 Internally Reviewed by Joe Mason. 10 11 If the browser has never saved a secure protocol cookie in its mapping before, 12 and it tries to set and retreive a secure cookie over a non-secure 13 protocol, it will not show up because the link between the secure and 14 non-secure mapping isn't created until a cookie (sent through secure) is set. 15 16 The fix is to also check for the linkage in getRawCookies. Note that we cannot 17 map the secure CookieMap to the non-secure one because getRawCookies is a const 18 function. 19 20 Manually tested using our Browser Test suite. 21 22 * platform/blackberry/CookieManager.cpp: 23 (WebCore::CookieManager::getRawCookies): 24 1 25 2012-09-04 Philippe Normand <pnormand@igalia.com> 2 26 -
trunk/Source/WebCore/platform/blackberry/CookieManager.cpp
r127150 r127470 208 208 Vector<CookieMap*> protocolsToSearch; 209 209 210 // Special Case: If a server sets a "secure" cookie over a non-secure channel and tries to access the cookie 211 // over a secure channel, it will not succeed because the secure protocol isn't mapped to the insecure protocol yet. 212 // Set the map to the non-secure version, so it'll search the mapping for a secure cookie. 213 CookieMap* targetMap = m_managerMap.get(requestURL.protocol()); 214 if (!targetMap && isConnectionSecure) { 215 CookieLog("CookieManager - special case: secure protocol are not linked yet."); 216 if (requestURL.protocolIs("https")) 217 targetMap = m_managerMap.get("http"); 218 else if (requestURL.protocolIs("wss")) 219 targetMap = m_managerMap.get("ws"); 220 } 221 210 222 if (specialCaseForLocal) 211 223 copyValuesToVector(m_managerMap, protocolsToSearch); 212 224 else { 213 protocolsToSearch.append( m_managerMap.get(requestURL.protocol()));225 protocolsToSearch.append(targetMap); 214 226 // FIXME: this is a hack for webworks apps; RFC 6265 says "Cookies do not provide isolation by scheme" 215 227 // so we should not be checking protocols at all. See PR 135595
Note: See TracChangeset
for help on using the changeset viewer.