Changeset 201967 in webkit

Timestamp:

Jun 11, 2016, 4:09:54 AM (9 years ago)

Author:

Antti Koivisto

Message:

Vary:Cookie validation doesn't work in private browsing
​https://bugs.webkit.org/show_bug.cgi?id=158616
Source/WebCore:

rdar://problem/26755067

Reviewed by Darin Adler.

This wasn't implemented because there was no way to get NetworkStorageSession from
a SessionID on WebCore side.

The patch adds a simple WebCore level weak map that allows getting NetworkStorageSessions
from SessionID. This seemed like the cleanest way to do this without a big refactoring
around the currently WebKit2 level SessionTracker.

• CMakeLists.txt:
• WebCore.xcodeproj/project.pbxproj:
• platform/network/CacheValidation.cpp:

(WebCore::headerValueForVary):

Get NetworkStorageSession from SessionID for cookies

(WebCore::verifyVaryingRequestHeaders):

• platform/network/NetworkStorageSession.cpp: Added.

Add platform independent .cpp for NetworkStorageSession.
Implement a weak map for SessionID -> NetworkStorageSession.

(WebCore::sessionsMap):
(WebCore::NetworkStorageSession::NetworkStorageSession):
(WebCore::NetworkStorageSession::~NetworkStorageSession):
(WebCore::NetworkStorageSession::forSessionID):

Get NetworkStorageSession for sessionID.

• platform/network/NetworkStorageSession.h:

(WebCore::NetworkStorageSession::sessionID):
(WebCore::NetworkStorageSession::credentialStorage):

• platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::NetworkStorageSession::NetworkStorageSession):

Call to common constructor.

(WebCore::defaultNetworkStorageSession):

• platform/network/soup/NetworkStorageSessionSoup.cpp:

(WebCore::NetworkStorageSession::NetworkStorageSession):

Call to common constructor.

(WebCore::defaultSession):
(WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.

LayoutTests:

Reviewed by Darin Adler.

• http/tests/cache/disk-cache/disk-cache-vary-cookie-expected.txt:
• http/tests/cache/disk-cache/disk-cache-vary-cookie.html:

Exapand the existing test to cover memory cache and private browsing.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/cache/disk-cache/disk-cache-vary-cookie-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/cache/disk-cache/disk-cache-vary-cookie.html (modified) (1 diff)
• Source/WebCore/CMakeLists.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• Source/WebCore/platform/network/CacheValidation.cpp (modified) (2 diffs)
• Source/WebCore/platform/network/NetworkStorageSession.cpp (added)
• Source/WebCore/platform/network/NetworkStorageSession.h (modified) (4 diffs)
• Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp (modified) (3 diffs)
• Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-06-10  Antti Koivisto  <antti@apple.com>
+
+        Vary:Cookie validation doesn't work in private browsing
+        https://bugs.webkit.org/show_bug.cgi?id=158616
+
+        Reviewed by Darin Adler.
+
+        * http/tests/cache/disk-cache/disk-cache-vary-cookie-expected.txt:
+        * http/tests/cache/disk-cache/disk-cache-vary-cookie.html:
+
+        Exapand the existing test to cover memory cache and private browsing.
+
 2016-06-10  Benjamin Poulain  <bpoulain@apple.com>
 

trunk/LayoutTests/http/tests/cache/disk-cache/disk-cache-vary-cookie-expected.txt

@@ -1 @@
-Test that Vary: Cookie in response is handled by the disk cache.
+Test that Vary: Cookie in response is handled by caches.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
 
 
+Testing disk cache
 Setting cookie and loading
 response headers: {"Cache-control":"max-age=100"}
@@ -32 +33 @@
 response source: Disk cache
 
+Testing memory cache
+Setting cookie and loading
+response headers: {"Cache-control":"max-age=100"}
+response source: Network
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Network
+
+Loading again
+response headers: {"Cache-control":"max-age=100"}
+response source: Memory cache
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Memory cache
+
+Changing cookie and loading
+response headers: {"Cache-control":"max-age=100"}
+response source: Memory cache
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Network
+
+Loading again
+response headers: {"Cache-control":"max-age=100"}
+response source: Memory cache
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Memory cache
+
+Testing memory cache in private browsing
+Setting cookie and loading
+response headers: {"Cache-control":"max-age=100"}
+response source: Network
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Network
+
+Loading again
+response headers: {"Cache-control":"max-age=100"}
+response source: Memory cache
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Memory cache
+
+Changing cookie and loading
+response headers: {"Cache-control":"max-age=100"}
+response source: Memory cache
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Network
+
+Loading again
+response headers: {"Cache-control":"max-age=100"}
+response source: Memory cache
+
+response headers: {"Vary":"Cookie","Cache-control":"max-age=100"}
+response source: Memory cache
+
 PASS successfullyParsed is true
 

trunk/LayoutTests/http/tests/cache/disk-cache/disk-cache-vary-cookie.html

@@ -4 +4 @@
 <script>
 
-var tests =
-[
-  { responseHeaders: {'Cache-control': 'max-age=100'} },
-  { responseHeaders: {'Vary': 'Cookie', 'Cache-control': 'max-age=100'} },
-];
 
-description("Test that Vary: Cookie in response is handled by the disk cache.");
+description("Test that Vary: Cookie in response is handled by caches.");
 
-debug("Setting cookie and loading");
-document.cookie = "cookie=value";
-loadResources(tests, function () {
-    printResults(tests);
-    debug("Loading again");
-    loadResources(tests, function () {
+function testCookies(testDiskCache, completionHandler)
+{
+    var tests = [
+      { responseHeaders: {'Cache-control': 'max-age=100'} },
+      { responseHeaders: {'Vary': 'Cookie', 'Cache-control': 'max-age=100'} },
+    ];
+
+    var options = { "ClearMemoryCache" : testDiskCache };
+    debug("Setting cookie and loading");
+    document.cookie = "cookie=" + Math.floor((Math.random() * 1000000000000));
+    loadResourcesWithOptions(tests, options, function () {
         printResults(tests);
-        debug("Changing cookie and loading");
-        document.cookie = "cookie=othervalue";
-        loadResources(tests, function () {
+        debug("Loading again");
+        loadResourcesWithOptions(tests, options, function () {
             printResults(tests);
-            debug("Loading again");
-            loadResources(tests, function () {
-               printResults(tests);
-               finishJSTest();
+            debug("Changing cookie and loading");
+            document.cookie = "cookie" + Math.floor((Math.random() * 1000000000000));
+            loadResourcesWithOptions(tests, options, function () {
+                printResults(tests);
+                debug("Loading again");
+                loadResourcesWithOptions(tests, options, function () {
+                   printResults(tests);
+                   completionHandler();
+                });
             });
+        });
+    });
+}
+
+debug("Testing disk cache");
+testCookies(true, function () {
+    debug("Testing memory cache");
+    testCookies(false, function () {
+        debug("Testing memory cache in private browsing");
+        testRunner.setPrivateBrowsingEnabled(true);
+        testCookies(false, function () {
+            finishJSTest();
         });
     });

trunk/Source/WebCore/CMakeLists.txt

@@ -2339 +2339 @@
     platform/network/MIMEHeader.cpp
     platform/network/NetworkStateNotifier.cpp
+    platform/network/NetworkStorageSession.cpp
     platform/network/ParsedContentRange.cpp
     platform/network/ParsedContentType.cpp

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-06-10  Antti Koivisto  <antti@apple.com>
+
+        Vary:Cookie validation doesn't work in private browsing
+        https://bugs.webkit.org/show_bug.cgi?id=158616
+        rdar://problem/26755067
+
+        Reviewed by Darin Adler.
+
+        This wasn't implemented because there was no way to get NetworkStorageSession from
+        a SessionID on WebCore side.
+
+        The patch adds a simple WebCore level weak map that allows getting NetworkStorageSessions
+        from SessionID. This seemed like the cleanest way to do this without a big refactoring
+        around the currently WebKit2 level SessionTracker.
+
+        * CMakeLists.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * platform/network/CacheValidation.cpp:
+        (WebCore::headerValueForVary):
+
+            Get NetworkStorageSession from SessionID for cookies
+
+        (WebCore::verifyVaryingRequestHeaders):
+        * platform/network/NetworkStorageSession.cpp: Added.
+
+            Add platform independent .cpp for NetworkStorageSession.
+            Implement a weak map for SessionID -> NetworkStorageSession.
+
+        (WebCore::sessionsMap):
+        (WebCore::NetworkStorageSession::NetworkStorageSession):
+        (WebCore::NetworkStorageSession::~NetworkStorageSession):
+        (WebCore::NetworkStorageSession::forSessionID):
+
+            Get NetworkStorageSession for sessionID.
+
+        * platform/network/NetworkStorageSession.h:
+        (WebCore::NetworkStorageSession::sessionID):
+        (WebCore::NetworkStorageSession::credentialStorage):
+        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
+        (WebCore::NetworkStorageSession::NetworkStorageSession):
+
+            Call to common constructor.
+
+        (WebCore::defaultNetworkStorageSession):
+        * platform/network/soup/NetworkStorageSessionSoup.cpp:
+        (WebCore::NetworkStorageSession::NetworkStorageSession):
+
+            Call to common constructor.
+
+        (WebCore::defaultSession):
+        (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
+
 2016-06-10  Ada Chan  <adachan@apple.com>
 

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -6734 +6734 @@
                 E4F9EEF2156D9FFA00D23E7E /* StyleSheetContents.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E4F9EEF0156D84C400D23E7E /* StyleSheetContents.cpp */; };
                 E4F9EEF3156DA00700D23E7E /* StyleSheetContents.h in Headers */ = {isa = PBXBuildFile; fileRef = E4F9EEF1156D84C400D23E7E /* StyleSheetContents.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                E4FD02041D0AF2C100D8E57E /* NetworkStorageSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E4FD02031D0AF2C100D8E57E /* NetworkStorageSession.cpp */; };
                 E51A81DF17298D7700BFCA61 /* JSPerformance.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E51A81DE17298D7700BFCA61 /* JSPerformance.cpp */; };
                 E526AF3F1727F8F200E41781 /* Performance.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E526AF3E1727F8F200E41781 /* Performance.cpp */; };
@@ -14819 +14820 @@
                 E4F9EEF0156D84C400D23E7E /* StyleSheetContents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StyleSheetContents.cpp; sourceTree = "<group>"; };
                 E4F9EEF1156D84C400D23E7E /* StyleSheetContents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StyleSheetContents.h; sourceTree = "<group>"; };
+                E4FD02031D0AF2C100D8E57E /* NetworkStorageSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NetworkStorageSession.cpp; sourceTree = "<group>"; };
                 E51A81DE17298D7700BFCA61 /* JSPerformance.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSPerformance.cpp; sourceTree = "<group>"; };
                 E526AF3E1727F8F200E41781 /* Performance.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Performance.cpp; sourceTree = "<group>"; };
@@ -17807 +17809 @@
                                 1A7FA61A0DDA3BBE0028F8A5 /* NetworkStateNotifier.cpp */,
                                 1A7FA6180DDA3B3A0028F8A5 /* NetworkStateNotifier.h */,
+                                E4FD02031D0AF2C100D8E57E /* NetworkStorageSession.cpp */,
                                 E13EF3421684ECF40034C83F /* NetworkStorageSession.h */,
                                 CDCD41E51C3DDB0900965D99 /* ParsedContentRange.cpp */,
@@ -32191 +32194 @@
                                 A3E2643014748991005A8588 /* WorkerEventQueue.cpp in Sources */,
                                 2E4346480F546A8200B0F1BA /* WorkerGlobalScope.cpp in Sources */,
+                                E4FD02041D0AF2C100D8E57E /* NetworkStorageSession.cpp in Sources */,
                                 418C395A1C8DD6990051C8A3 /* WorkerGlobalScopeFetch.cpp in Sources */,
                                 5185FCB31BB4C4E80012898F /* WorkerGlobalScopeIndexedDatabase.cpp in Sources */,

trunk/Source/WebCore/platform/network/CacheValidation.cpp

@@ -339 +339 @@
     // is a blocking operation. This should be sufficient to cover reasonable cases.
     if (headerName == httpHeaderNameString(HTTPHeaderName::Cookie)) {
-        if (sessionID != SessionID::defaultSessionID()) {
-            // FIXME: Don't know how to get the cookie. There should be a global way to get NetworkStorageSession from sessionID.
-            return "";
-        }
-        auto& session = NetworkStorageSession::defaultStorageSession();
+        auto& session = NetworkStorageSession::forSessionID(sessionID);
         auto* cookieStrategy = platformStrategies() ? platformStrategies()->cookiesStrategy() : nullptr;
         if (!cookieStrategy)
@@ -375 +371 @@
         if (varyingRequestHeader.first == "*")
             return false;
-        if (sessionID != SessionID::defaultSessionID() && varyingRequestHeader.first == httpHeaderNameString(HTTPHeaderName::Cookie)) {
-            // FIXME: See the comment in headerValueForVary.
-            return false;
-        }
         String headerValue = headerValueForVary(request, varyingRequestHeader.first, sessionID);
         if (headerValue != varyingRequestHeader.second)

trunk/Source/WebCore/platform/network/NetworkStorageSession.h

@@ -38 +38 @@
 namespace WebCore {
 
-class NetworkingContext;
 class ResourceRequest;
 class SoupNetworkSession;
@@ -50 +49 @@
     WEBCORE_EXPORT static void switchToNewTestingSession();
 
+    static NetworkStorageSession& forSessionID(SessionID);
+
+    WEBCORE_EXPORT ~NetworkStorageSession();
+
     SessionID sessionID() const { return m_sessionID; }
     CredentialStorage& credentialStorage() { return m_credentialStorage; }
 
 #if PLATFORM(COCOA) || USE(CFNETWORK)
-    NetworkStorageSession(SessionID, RetainPtr<CFURLStorageSessionRef>);
+    NetworkStorageSession(SessionID, RetainPtr<CFURLStorageSessionRef>&&);
 
     // May be null, in which case a Foundation default should be used.
@@ -61 +64 @@
 #elif USE(SOUP)
     NetworkStorageSession(SessionID, std::unique_ptr<SoupNetworkSession>);
-    ~NetworkStorageSession();
 
     SoupNetworkSession& soupNetworkSession() const;
     void setSoupNetworkSession(std::unique_ptr<SoupNetworkSession>);
-#else
-    NetworkStorageSession(SessionID, NetworkingContext*);
-    ~NetworkStorageSession();
-
-    NetworkingContext* context() const;
 #endif
 
 private:
+    explicit NetworkStorageSession(SessionID);
+
+    static void replaceDefaultSession(std::unique_ptr<NetworkStorageSession>);
+
     SessionID m_sessionID;
 
@@ -79 +80 @@
 #elif USE(SOUP)
     std::unique_ptr<SoupNetworkSession> m_session;
-#else
-    RefPtr<NetworkingContext> m_context;
 #endif
 

trunk/Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp

@@ -42 +42 @@
 namespace WebCore {
 
-NetworkStorageSession::NetworkStorageSession(SessionID sessionID, RetainPtr<CFURLStorageSessionRef> platformSession)
-    : m_sessionID(sessionID)
-    , m_platformSession(platformSession)
+NetworkStorageSession::NetworkStorageSession(SessionID sessionID, RetainPtr<CFURLStorageSessionRef>&& platformSession)
+    : NetworkStorageSession(sessionID)
 {
-}
-
-static std::unique_ptr<NetworkStorageSession>& defaultNetworkStorageSession()
-{
-    ASSERT(isMainThread());
-    static NeverDestroyed<std::unique_ptr<NetworkStorageSession>> session;
-    return session;
+    m_platformSession = WTFMove(platformSession);
 }
 
@@ -60 +53 @@
     String sessionName = String::format("WebKit Test-%u", static_cast<uint32_t>(getCurrentProcessID()));
 #if PLATFORM(COCOA)
-    defaultNetworkStorageSession() = std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), adoptCF(wkCreatePrivateStorageSession(sessionName.createCFString().get())));
+    replaceDefaultSession(std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), adoptCF(wkCreatePrivateStorageSession(sessionName.createCFString().get()))));
 #else
-    defaultNetworkStorageSession() = std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), adoptCF(wkCreatePrivateStorageSession(sessionName.createCFString().get(), defaultNetworkStorageSession()->platformSession())));
+    replaceDefaultSession(std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), adoptCF(wkCreatePrivateStorageSession(sessionName.createCFString().get(), defaultNetworkStorageSession()->platformSession()))));
 #endif
-}
-
-NetworkStorageSession& NetworkStorageSession::defaultStorageSession()
-{
-    if (!defaultNetworkStorageSession())
-        defaultNetworkStorageSession() = std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), nullptr);
-    return *defaultNetworkStorageSession();
 }
 
@@ -80 +66 @@
     auto session = std::make_unique<NetworkStorageSession>(sessionID, adoptCF(wkCreatePrivateStorageSession(cfIdentifier.get())));
 #else
-    auto session = std::make_unique<NetworkStorageSession>(sessionID, adoptCF(wkCreatePrivateStorageSession(cfIdentifier.get(), defaultNetworkStorageSession()->platformSession())));
+    auto session = std::make_unique<NetworkStorageSession>(sessionID, adoptCF(wkCreatePrivateStorageSession(cfIdentifier.get(), defaultStorageSession().platformSession())));
 #endif
 

trunk/Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp

@@ -38 +38 @@
 
 NetworkStorageSession::NetworkStorageSession(SessionID sessionID, std::unique_ptr<SoupNetworkSession> session)
-    : m_sessionID(sessionID)
-    , m_session(WTFMove(session))
+    : NetworkStorageSession(sessionID)
 {
-}
-
-NetworkStorageSession::~NetworkStorageSession()
-{
-}
-
-static std::unique_ptr<NetworkStorageSession>& defaultSession()
-{
-    ASSERT(isMainThread());
-    static NeverDestroyed<std::unique_ptr<NetworkStorageSession>> session;
-    return session;
-}
-
-NetworkStorageSession& NetworkStorageSession::defaultStorageSession()
-{
-    if (!defaultSession())
-        defaultSession() = std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), nullptr);
-    return *defaultSession();
+    m_session = WTFMove(session);
 }
 
@@ -69 +51 @@
 void NetworkStorageSession::switchToNewTestingSession()
 {
-    defaultSession() = std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), SoupNetworkSession::createTestingSession());
+    replaceDefaultSession(std::make_unique<NetworkStorageSession>(SessionID::defaultSessionID(), SoupNetworkSession::createTestingSession()));
 }