Changeset 230052 in webkit

Timestamp:

Mar 28, 2018 2:27:44 PM (6 years ago)

Author:

dbates@webkit.org

Message:

WebSocket cookie incorrectly stored
​https://bugs.webkit.org/show_bug.cgi?id=184100
<rdar://problem/37928715>

Reviewed by Brent Fulgham.

Source/WebCore:

A cookie received in a WebSocket response should be stored with respect to the
origin of the WebSocket server in order for it to be sent in a subsequent request.

Also removed a FIXME about implementing support for the long since
deprecated Set-Cookie2 header.

Test: http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html

• Modules/websockets/WebSocketChannel.cpp:

(WebCore::WebSocketChannel::processBuffer):

• Modules/websockets/WebSocketHandshake.h:

LayoutTests:

• http/tests/websocket/tests/hybi/cookie_wsh.py: Added. Downloaded from

<​https://github.com/w3c/pywebsocket/blob/b2e1d11086fdf00b33a0d30c504f227e7d4fa86b/src/example/cookie_wsh.py>.
(_add_set_cookie):
(web_socket_do_extra_handshake):
(web_socket_transfer_data):

• http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt: Added.
• http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/cookie_wsh.py (added)
• LayoutTests/http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt (added)
• LayoutTests/http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/websockets/WebSocketChannel.cpp (modified) (1 diff)
• Source/WebCore/Modules/websockets/WebSocketHandshake.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-03-28  Daniel Bates  <dabates@apple.com>
+
+        WebSocket cookie incorrectly stored
+        https://bugs.webkit.org/show_bug.cgi?id=184100
+        <rdar://problem/37928715>
+
+        Reviewed by Brent Fulgham.
+
+        * http/tests/websocket/tests/hybi/cookie_wsh.py: Added. Downloaded from
+        <https://github.com/w3c/pywebsocket/blob/b2e1d11086fdf00b33a0d30c504f227e7d4fa86b/src/example/cookie_wsh.py>.
+        (_add_set_cookie):
+        (web_socket_do_extra_handshake):
+        (web_socket_transfer_data):
+        * http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt: Added.
+        * http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html: Added.
+
 2018-03-28  Matt Lewis  <jlewis3@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-03-28  Daniel Bates  <dabates@apple.com>
+
+        WebSocket cookie incorrectly stored
+        https://bugs.webkit.org/show_bug.cgi?id=184100
+        <rdar://problem/37928715>
+
+        Reviewed by Brent Fulgham.
+
+        A cookie received in a WebSocket response should be stored with respect to the
+        origin of the WebSocket server in order for it to be sent in a subsequent request.
+
+        Also removed a FIXME about implementing support for the long since
+        deprecated Set-Cookie2 header.
+
+        Test: http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html
+
+        * Modules/websockets/WebSocketChannel.cpp:
+        (WebCore::WebSocketChannel::processBuffer):
+        * Modules/websockets/WebSocketHandshake.h:
+
 2018-03-28  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp

@@ -444 +444 @@
             if (m_identifier)
                 InspectorInstrumentation::didReceiveWebSocketHandshakeResponse(m_document, m_identifier, m_handshake->serverHandshakeResponse());
-            if (!m_handshake->serverSetCookie().isEmpty()) {
-                if (m_document && cookiesEnabled(*m_document)) {
-                    // Exception (for sandboxed documents) ignored.
-                    m_document->setCookie(m_handshake->serverSetCookie());
-                }
+            String serverSetCookie = m_handshake->serverSetCookie();
+            if (!serverSetCookie.isEmpty()) {
+                if (m_document && cookiesEnabled(*m_document))
+                    setCookies(*m_document, m_handshake->httpURLForAuthenticationAndCookies(), serverSetCookie);
             }
-            // FIXME: handle set-cookie2.
             LOG(Network, "WebSocketChannel %p Connected", this);
             skipBuffer(headerLength);

trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.h

@@ -53 +53 @@
     const URL& url() const;
     void setURL(const URL&);
+    URL httpURLForAuthenticationAndCookies() const;
     const String host() const;
 
@@ -87 +88 @@
 
 private:
-    URL httpURLForAuthenticationAndCookies() const;
 
     int readStatusLine(const char* header, size_t headerLength, int& statusCode, String& statusText);