Changeset 242517 in webkit
- Timestamp:
- Mar 5, 2019 3:36:56 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r242515 r242517 1 2019-03-05 Takashi Komori <Takashi.Komori@sony.com> 2 3 [Curl] Implement Cookie Accept Policy. 4 https://bugs.webkit.org/show_bug.cgi?id=191645 5 6 Reviewed by Fujii Hironori. 7 8 * platform/wincairo-wk1/TestExpectations: 9 * platform/wincairo/TestExpectations: 10 1 11 2019-03-05 Said Abou-Hallawa <sabouhallawa@apple.com> 2 12 -
trunk/LayoutTests/platform/wincairo-wk1/TestExpectations
r241979 r242517 13 13 # Failures on WebKit Legacy 14 14 15 # Cookie policy only supported in WK2. 16 http/tests/cookies/only-accept-first-party-cookies.html [ Skip ] 17 http/tests/cookies/third-party-cookie-relaxing.html [ Skip ] 18 http/tests/security/cookies/third-party-cookie-blocking.html [ Skip ] 19 http/tests/security/cookies/third-party-cookie-blocking-redirect.html [ Skip ] 20 http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Skip ] 21 http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Skip ] 22 15 23 # There is not NetworkProcess in WK1, so it can't crash. 16 24 http/tests/websocket/tests/hybi/network-process-crash-error.html [ Skip ] -
trunk/LayoutTests/platform/wincairo/TestExpectations
r242207 r242517 863 863 http/tests/cookies/multiple-cookies.html [ Pass Failure ] 864 864 http/tests/cookies/multiple-redirect-and-set-cookie.php [ Pass Failure ] 865 http/tests/cookies/only-accept-first-party-cookies.html [ Pass ] 865 866 http/tests/cookies/private-cookie-storage.html [ Skip ] 866 867 http/tests/cookies/same-site [ Skip ] … … 870 871 http/tests/cookies/single-quoted-value.html [ Pass Failure ] 871 872 http/tests/cookies/sync-xhr-set-cookie-invalidates-cache.html [ Pass Failure ] 872 http/tests/cookies/third-party-cookie-relaxing.html [ Failure ]873 873 874 874 [ Debug ] http/tests/cookies/js-get-and-set-http-only-cookie.html [ Skip ] … … 940 940 http/tests/security [ Skip ] 941 941 http/tests/security/401-logout/401-logout.php [ Pass ] 942 http/tests/security/cookies/third-party-cookie-blocking.html [ Pass ] 943 http/tests/security/cookies/third-party-cookie-blocking-redirect.html [ Pass ] 944 http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Pass ] 945 http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Pass ] 942 946 943 947 http/tests/ssl [ Skip ] -
trunk/Source/WebCore/ChangeLog
r242516 r242517 1 2019-03-05 Takashi Komori <Takashi.Komori@sony.com> 2 3 [Curl] Implement Cookie Accept Policy. 4 https://bugs.webkit.org/show_bug.cgi?id=191645 5 6 Reviewed by Fujii Hironori. 7 8 Make Curl network layer respect to coookie accept policy. 9 This patch fixes tests below on TestRunner, but doesn't fix tests on DumpRenderTree. 10 11 Tests: http/tests/cookies/only-accept-first-party-cookies.html 12 http/tests/cookies/third-party-cookie-relaxing.html 13 http/tests/security/cookies/third-party-cookie-blocking-redirect.html 14 http/tests/security/cookies/third-party-cookie-blocking-user-action.html 15 http/tests/security/cookies/third-party-cookie-blocking-xslt.xml 16 http/tests/security/cookies/third-party-cookie-blocking.html 17 18 * platform/network/curl/CookieJarCurl.cpp: 19 (WebCore::cookiesForSession): 20 (WebCore::CookieJarCurl::setCookiesFromDOM const): 21 (WebCore::CookieJarCurl::setCookiesFromHTTPResponse const): 22 (WebCore::CookieJarCurl::setCookieAcceptPolicy const): 23 (WebCore::CookieJarCurl::cookieAcceptPolicy const): 24 (WebCore::CookieJarCurl::getRawCookies const): 25 * platform/network/curl/CookieJarCurl.h: 26 * platform/network/curl/CookieJarDB.cpp: 27 (WebCore::CookieJarDB::openDatabase): 28 (WebCore::CookieJarDB::isEnabled const): 29 (WebCore::CookieJarDB::checkCookieAcceptPolicy): 30 (WebCore::CookieJarDB::hasCookies): 31 (WebCore::CookieJarDB::searchCookies): 32 (WebCore::CookieJarDB::canAcceptCookie): 33 (WebCore::CookieJarDB::setCookie): 34 (WebCore::CookieJarDB::setEnabled): Deleted. 35 * platform/network/curl/CookieJarDB.h: 36 (WebCore::CookieJarDB::setAcceptPolicy): 37 (WebCore::CookieJarDB::acceptPolicy const): 38 * platform/network/curl/CookieUtil.cpp: 39 (WebCore::CookieUtil::parseCookieAttributes): 40 (WebCore::CookieUtil::parseCookieHeader): 41 * platform/network/curl/CurlResourceHandleDelegate.cpp: 42 (WebCore::handleCookieHeaders): 43 (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): 44 1 45 2019-03-05 Zalan Bujtas <zalan@apple.com> 2 46 -
trunk/Source/WebCore/platform/network/curl/CookieJarCurl.cpp
r239427 r242517 40 40 namespace WebCore { 41 41 42 static String cookiesForSession(const NetworkStorageSession& session, const URL& , const URL& url, bool forHTTPHeader)42 static String cookiesForSession(const NetworkStorageSession& session, const URL& firstParty, const URL& url, bool forHTTPHeader) 43 43 { 44 44 StringBuilder cookies; … … 48 48 auto secure = url.protocolIs("https") ? WTF::nullopt : Optional<bool> {false}; 49 49 50 if (auto result = cookieJarDB.searchCookies( url.string(), searchHTTPOnly, secure, WTF::nullopt)) {50 if (auto result = cookieJarDB.searchCookies(firstParty, url, searchHTTPOnly, secure, WTF::nullopt)) { 51 51 for (auto& cookie : *result) { 52 52 if (!cookies.isEmpty()) … … 64 64 UNUSED_PARAM(frameID); 65 65 UNUSED_PARAM(pageID); 66 UNUSED_PARAM(firstParty);67 66 68 67 CookieJarDB& cookieJarDB = session.cookieDatabase(); 69 cookieJarDB.setCookie( url.string(), value, CookieJarDB::Source::Script);68 cookieJarDB.setCookie(firstParty, url, value, CookieJarDB::Source::Script); 70 69 } 71 70 72 void CookieJarCurl::setCookiesFromHTTPResponse(const NetworkStorageSession& session, const URL& url, const String& value) const71 void CookieJarCurl::setCookiesFromHTTPResponse(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& value) const 73 72 { 74 73 CookieJarDB& cookieJarDB = session.cookieDatabase(); 75 cookieJarDB.setCookie( url.string(), value, CookieJarDB::Source::Network);74 cookieJarDB.setCookie(firstParty, url, value, CookieJarDB::Source::Network); 76 75 } 77 76 … … 99 98 } 100 99 100 void CookieJarCurl::setCookieAcceptPolicy(const NetworkStorageSession& session, CookieAcceptPolicy policy) const 101 { 102 auto& cookieJarDB = session.cookieDatabase(); 103 cookieJarDB.setAcceptPolicy(policy); 104 } 105 106 CookieAcceptPolicy CookieJarCurl::cookieAcceptPolicy(const NetworkStorageSession& session) const 107 { 108 return session.cookieDatabase().acceptPolicy(); 109 } 110 101 111 bool CookieJarCurl::cookiesEnabled(const NetworkStorageSession& session) const 102 112 { … … 110 120 111 121 CookieJarDB& cookieJarDB = session.cookieDatabase(); 112 if (auto cookies = cookieJarDB.searchCookies(firstParty .string(), WTF::nullopt, WTF::nullopt, WTF::nullopt)) {122 if (auto cookies = cookieJarDB.searchCookies(firstParty, firstParty, WTF::nullopt, WTF::nullopt, WTF::nullopt)) { 113 123 rawCookies = WTFMove(*cookies); 114 124 return true; -
trunk/Source/WebCore/platform/network/curl/CookieJarCurl.h
r239427 r242517 38 38 struct CookieRequestHeaderFieldProxy; 39 39 struct SameSiteInfo; 40 enum class CookieAcceptPolicy; 40 41 41 42 class CookieJarCurl { … … 43 44 std::pair<String, bool> cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const; 44 45 void setCookiesFromDOM(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, const String&) const; 45 void setCookiesFromHTTPResponse(const NetworkStorageSession&, const URL&, const String&) const; 46 void setCookiesFromHTTPResponse(const NetworkStorageSession&, const URL& firstParty, const URL&, const String&) const; 47 void setCookieAcceptPolicy(const NetworkStorageSession&, CookieAcceptPolicy) const; 48 CookieAcceptPolicy cookieAcceptPolicy(const NetworkStorageSession&) const; 46 49 bool cookiesEnabled(const NetworkStorageSession&) const; 47 50 std::pair<String, bool> cookieRequestHeaderFieldValue(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const; -
trunk/Source/WebCore/platform/network/curl/CookieJarDB.cpp
r242256 r242517 28 28 #include "CookieUtil.h" 29 29 #include "Logging.h" 30 #include "RegistrableDomain.h" 30 31 #include "SQLiteFileSystem.h" 31 32 #include <wtf/FileSystem.h> … … 33 34 #include <wtf/URL.h> 34 35 #include <wtf/text/StringConcatenateNumbers.h> 35 36 #if ENABLE(PUBLIC_SUFFIX_LIST)37 #include "PublicSuffix.h"38 #endif39 36 40 37 namespace WebCore { … … 62 59 #define CREATE_PATH_INDEX_SQL \ 63 60 "CREATE INDEX IF NOT EXISTS path_index ON Cookie(path);" 61 #define CHECK_EXISTS_COOKIE_SQL \ 62 "SELECT domain FROM Cookie WHERE ((domain = ?) OR (domain GLOB ?));" 64 63 #define CHECK_EXISTS_HTTPONLY_COOKIE_SQL \ 65 64 "SELECT name FROM Cookie WHERE (name = ?) AND (domain = ?) AND (path = ?) AND (httponly = 1);" … … 82 81 static constexpr int schemaVersion = 1; 83 82 84 85 void CookieJarDB::setEnabled(bool enable)86 {87 m_isEnabled = enable;88 }89 83 90 84 CookieJarDB::CookieJarDB(const String& databasePath) … … 163 157 // create prepared statements 164 158 createPrepareStatement(SET_COOKIE_SQL); 159 createPrepareStatement(CHECK_EXISTS_COOKIE_SQL); 165 160 createPrepareStatement(CHECK_EXISTS_HTTPONLY_COOKIE_SQL); 166 161 createPrepareStatement(DELETE_COOKIE_BY_NAME_DOMAIN_PATH_SQL); … … 310 305 return false; 311 306 312 return m_isEnabled; 313 } 314 315 Optional<Vector<Cookie>> CookieJarDB::searchCookies(const String& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session) 307 return (m_acceptPolicy == CookieAcceptPolicy::Always || m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain || m_acceptPolicy == CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain); 308 } 309 310 bool CookieJarDB::checkCookieAcceptPolicy(const URL& firstParty, const URL& url) 311 { 312 if (m_acceptPolicy == CookieAcceptPolicy::Always) 313 return true; 314 315 // See https://bugs.webkit.org/show_bug.cgi?id=193458#c0 316 if (m_acceptPolicy != CookieAcceptPolicy::OnlyFromMainDocumentDomain && m_acceptPolicy != CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain) 317 return false; 318 319 if (firstParty.host() == url.host()) 320 return true; 321 322 if (RegistrableDomain(firstParty).matches(url)) 323 return true; 324 325 // third-party resources can read or write cookies if they have pre-existing cookies. 326 if (m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain && hasCookies(url)) 327 return true; 328 329 return false; 330 } 331 332 bool CookieJarDB::hasCookies(const URL& url) 333 { 334 String host = url.host().convertToASCIILowercase(); 335 if (host.isEmpty()) 336 return false; 337 338 if (isPublicSuffix(host)) 339 return false; 340 341 RegistrableDomain registrableDomain { url }; 342 auto& statement = preparedStatement(CHECK_EXISTS_COOKIE_SQL); 343 344 if (CookieUtil::isIPAddress(host) || !host.contains('.') || registrableDomain.isEmpty()) { 345 statement.bindText(1, host); 346 statement.bindNull(2); 347 } else { 348 statement.bindText(1, registrableDomain.string()); 349 statement.bindText(2, String("*.") + registrableDomain.string()); 350 } 351 352 return statement.step() == SQLITE_ROW; 353 } 354 355 Optional<Vector<Cookie>> CookieJarDB::searchCookies(const URL& firstParty, const URL& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session) 316 356 { 317 357 if (!isEnabled() || !m_database.isOpen()) 318 358 return WTF::nullopt; 319 359 320 URL requestUrlObj({ }, requestUrl); 321 String requestHost(requestUrlObj.host().toString().convertToASCIILowercase()); 322 String requestPath(requestUrlObj.path().convertToASCIILowercase()); 323 360 String requestHost = requestUrl.host().convertToASCIILowercase(); 324 361 if (requestHost.isEmpty()) 325 362 return WTF::nullopt; 326 363 364 if (!checkCookieAcceptPolicy(firstParty, requestUrl)) 365 return WTF::nullopt; 366 367 String requestPath = requestUrl.path(); 327 368 if (requestPath.isEmpty()) 328 369 requestPath = "/"; 370 371 RegistrableDomain registrableDomain { requestUrl }; 329 372 330 373 const String sql = … … 347 390 pstmt->bindText(4, requestHost); 348 391 349 if (CookieUtil::isIPAddress(requestHost) || !requestHost.contains('.') )392 if (CookieUtil::isIPAddress(requestHost) || !requestHost.contains('.') || registrableDomain.isEmpty()) 350 393 pstmt->bindNull(5); 351 else { 352 #if ENABLE(PUBLIC_SUFFIX_LIST) 353 String topPrivateDomain = topPrivatelyControlledDomain(requestHost); 354 if (!topPrivateDomain.isEmpty()) 355 pstmt->bindText(5, String("*.") + topPrivateDomain); 356 else 357 pstmt->bindNull(5); 358 #else 359 // Fallback to glob for cookies under the second level domain e.g. *.domain.com 360 // This will return too many cookies under multilevel tlds such as *.co.uk, but they will get filtered out later. 361 size_t topLevelSeparator = requestHost.reverseFind('.'); 362 size_t secondLevelSeparator = requestHost.reverseFind('.', topLevelSeparator-1); 363 String localDomain = secondLevelSeparator == notFound ? requestHost : requestHost.substring(secondLevelSeparator+1); 364 365 ASSERT(!localDomain.isEmpty()); 366 pstmt->bindText(5, String("*.") + localDomain); 367 #endif 368 } 394 else 395 pstmt->bindText(5, String("*.") + registrableDomain.string()); 369 396 370 397 if (!pstmt) … … 381 408 String cookieValue = pstmt->getColumnText(1); 382 409 String cookieDomain = pstmt->getColumnText(2).convertToASCIILowercase(); 383 String cookiePath = pstmt->getColumnText(3) .convertToASCIILowercase();410 String cookiePath = pstmt->getColumnText(3); 384 411 double cookieExpires = (double)pstmt->getColumnInt64(4) * 1000; 385 412 bool cookieHttpOnly = (pstmt->getColumnInt(5) == 1); … … 425 452 } 426 453 427 bool CookieJarDB::canAcceptCookie(const Cookie& cookie, const String& host, CookieJarDB::Source source) 428 { 429 #if ENABLE(PUBLIC_SUFFIX_LIST) 454 bool CookieJarDB::canAcceptCookie(const Cookie& cookie, const URL& firstParty, const URL& url, CookieJarDB::Source source) 455 { 430 456 if (isPublicSuffix(cookie.domain)) 431 457 return false; 432 #endif433 458 434 459 bool fromJavaScript = source == CookieJarDB::Source::Script; … … 436 461 return false; 437 462 438 if (!CookieUtil::domainMatch(cookie.domain, host)) 463 if (!CookieUtil::domainMatch(cookie.domain, url.host().convertToASCIILowercase())) 464 return false; 465 466 if (!checkCookieAcceptPolicy(firstParty, url)) 439 467 return false; 440 468 … … 462 490 } 463 491 464 bool CookieJarDB::setCookie(const String& url, const String& body, CookieJarDB::Source source)492 bool CookieJarDB::setCookie(const URL& firstParty, const URL& url, const String& body, CookieJarDB::Source source) 465 493 { 466 494 if (!isEnabled() || !m_database.isOpen()) … … 469 497 if (url.isEmpty() || body.isEmpty()) 470 498 return false; 471 472 URL urlObj({ }, url);473 String host(urlObj.host().toString());474 String path(urlObj.path());475 499 476 500 auto cookie = CookieUtil::parseCookieHeader(body); … … 479 503 480 504 if (cookie->domain.isEmpty()) 481 cookie->domain = String(host);505 cookie->domain = url.host().convertToASCIILowercase(); 482 506 483 507 if (cookie->path.isEmpty()) 484 cookie->path = CookieUtil::defaultPathForURL(url Obj);485 486 if (!canAcceptCookie(*cookie, host, source))508 cookie->path = CookieUtil::defaultPathForURL(url); 509 510 if (!canAcceptCookie(*cookie, firstParty, url, source)) 487 511 return false; 488 512 -
trunk/Source/WebCore/platform/network/curl/CookieJarDB.h
r239427 r242517 37 37 namespace WebCore { 38 38 39 enum class CookieAcceptPolicy { 40 Always, 41 Never, 42 OnlyFromMainDocumentDomain, 43 ExclusivelyFromMainDocumentDomain 44 }; 45 39 46 class CookieJarDB { 40 47 WTF_MAKE_NONCOPYABLE(CookieJarDB); … … 45 52 Script 46 53 }; 54 47 55 void open(); 48 56 bool isEnabled() const; 49 void setEnabled(bool);50 57 51 Optional<Vector<Cookie>> searchCookies(const String& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session); 52 bool setCookie(const String& url, const String& cookie, Source); 58 void setAcceptPolicy(CookieAcceptPolicy policy) { m_acceptPolicy = policy; } 59 CookieAcceptPolicy acceptPolicy() const { return m_acceptPolicy; } 60 61 Optional<Vector<Cookie>> searchCookies(const URL& firstParty, const URL& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session); 62 bool setCookie(const URL& firstParty, const URL&, const String& cookie, Source); 53 63 bool setCookie(const Cookie&); 54 64 … … 61 71 62 72 private: 63 64 bool m_isEnabled { true }; 73 CookieAcceptPolicy m_acceptPolicy { CookieAcceptPolicy::Always }; 65 74 String m_databasePath; 66 75 … … 89 98 bool deleteCookieInternal(const String& name, const String& domain, const String& path); 90 99 bool hasHttpOnlyCookie(const String& name, const String& domain, const String& path); 91 bool canAcceptCookie(const Cookie&, const String& host, CookieJarDB::Source); 100 bool canAcceptCookie(const Cookie&, const URL& firstParty, const URL&, CookieJarDB::Source); 101 bool checkCookieAcceptPolicy(const URL& firstParty, const URL&); 102 bool hasCookies(const URL&); 92 103 93 104 SQLiteDatabase m_database; -
trunk/Source/WebCore/platform/network/curl/CookieUtil.cpp
r239427 r242517 114 114 attributeValue = "." + attributeValue; 115 115 116 result.domain = attributeValue ;116 result.domain = attributeValue.convertToASCIILowercase(); 117 117 118 118 } else if (equalIgnoringASCIICase(attributeName, "max-age")) { … … 151 151 String cookieName; 152 152 String cookieValue; 153 size_t assignmentPosition = cookie Line.find('=');153 size_t assignmentPosition = cookiePair.find('='); 154 154 155 155 // RFC6265 says to ignore cookies pairs with empty names or no assignment character -
trunk/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp
r240345 r242517 86 86 } 87 87 88 static void handleCookieHeaders(ResourceHandleInternal* d, const CurlResponse& response)88 static void handleCookieHeaders(ResourceHandleInternal* d, const ResourceRequest& request, const CurlResponse& response) 89 89 { 90 90 static const auto setCookieHeader = "set-cookie: "; … … 95 95 if (header.startsWithIgnoringASCIICase(setCookieHeader)) { 96 96 const auto contents = header.right(header.length() - strlen(setCookieHeader)); 97 cookieJar.setCookiesFromHTTPResponse(storageSession, re sponse.url, contents);97 cookieJar.setCookiesFromHTTPResponse(storageSession, request.firstPartyForCookies(), response.url, contents); 98 98 } 99 99 } … … 113 113 m_response.setDeprecatedNetworkLoadMetrics(request.networkLoadMetrics().isolatedCopy()); 114 114 115 handleCookieHeaders(d(), re ceivedResponse);115 handleCookieHeaders(d(), request.resourceRequest(), receivedResponse); 116 116 117 117 if (m_response.shouldRedirect()) { -
trunk/Source/WebKit/ChangeLog
r242503 r242517 1 2019-03-05 Takashi Komori <Takashi.Komori@sony.com> 2 3 [Curl] Implement Cookie Accept Policy. 4 https://bugs.webkit.org/show_bug.cgi?id=191645 5 6 Reviewed by Fujii Hironori. 7 8 * NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp: 9 (WebKit::WebCookieManager::platformSetHTTPCookieAcceptPolicy): 10 (WebKit::WebCookieManager::platformGetHTTPCookieAcceptPolicy): 11 * NetworkProcess/curl/NetworkDataTaskCurl.cpp: 12 (WebKit::NetworkDataTaskCurl::curlDidReceiveResponse): 13 (WebKit::NetworkDataTaskCurl::handleCookieHeaders): 14 * NetworkProcess/curl/NetworkDataTaskCurl.h: 15 1 16 2019-03-05 Youenn Fablet <youenn@apple.com> 2 17 -
trunk/Source/WebKit/NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp
r239624 r242517 27 27 #include "WebCookieManager.h" 28 28 29 #include "NetworkProcess.h" 30 #include <WebCore/NetworkStorageSession.h> 31 29 32 namespace WebKit { 30 33 31 34 using namespace WebCore; 32 35 33 void WebCookieManager::platformSetHTTPCookieAcceptPolicy(HTTPCookieAcceptPolicy )36 void WebCookieManager::platformSetHTTPCookieAcceptPolicy(HTTPCookieAcceptPolicy policy) 34 37 { 38 CookieAcceptPolicy curlPolicy = CookieAcceptPolicy::OnlyFromMainDocumentDomain; 39 switch (policy) { 40 case HTTPCookieAcceptPolicyAlways: 41 curlPolicy = CookieAcceptPolicy::Always; 42 break; 43 case HTTPCookieAcceptPolicyNever: 44 curlPolicy = CookieAcceptPolicy::Never; 45 break; 46 case HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain: 47 curlPolicy = CookieAcceptPolicy::OnlyFromMainDocumentDomain; 48 break; 49 case HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain: 50 curlPolicy = CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain; 51 break; 52 } 53 54 m_process.forEachNetworkStorageSession([curlPolicy] (const auto& networkStorageSession) { 55 networkStorageSession.cookieStorage().setCookieAcceptPolicy(networkStorageSession, curlPolicy); 56 }); 35 57 } 36 58 37 59 HTTPCookieAcceptPolicy WebCookieManager::platformGetHTTPCookieAcceptPolicy() 38 60 { 61 const auto& networkStorageSession = m_process.defaultStorageSession(); 62 switch (networkStorageSession.cookieStorage().cookieAcceptPolicy(networkStorageSession)) { 63 case CookieAcceptPolicy::Always: 64 return HTTPCookieAcceptPolicyAlways; 65 case CookieAcceptPolicy::Never: 66 return HTTPCookieAcceptPolicyNever; 67 case CookieAcceptPolicy::OnlyFromMainDocumentDomain: 68 return HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain; 69 case CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain: 70 return HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain; 71 } 72 73 ASSERT_NOT_REACHED(); 39 74 return HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain; 40 75 } -
trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
r242092 r242517 150 150 m_response.setDeprecatedNetworkLoadMetrics(request.networkLoadMetrics().isolatedCopy()); 151 151 152 handleCookieHeaders(re ceivedResponse);152 handleCookieHeaders(request.resourceRequest(), receivedResponse); 153 153 154 154 if (m_response.shouldRedirect()) { … … 428 428 } 429 429 430 void NetworkDataTaskCurl::handleCookieHeaders(const CurlResponse& response)430 void NetworkDataTaskCurl::handleCookieHeaders(const WebCore::ResourceRequest& request, const CurlResponse& response) 431 431 { 432 432 static const auto setCookieHeader = "set-cookie: "; … … 437 437 if (header.startsWithIgnoringASCIICase(setCookieHeader)) { 438 438 String setCookieString = header.right(header.length() - strlen(setCookieHeader)); 439 cookieJar.setCookiesFromHTTPResponse(storageSession, re sponse.url, setCookieString);439 cookieJar.setCookiesFromHTTPResponse(storageSession, request.firstPartyForCookies(), response.url, setCookieString); 440 440 } 441 441 } -
trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h
r242092 r242517 80 80 81 81 void appendCookieHeader(WebCore::ResourceRequest&); 82 void handleCookieHeaders(const WebCore:: CurlResponse&);82 void handleCookieHeaders(const WebCore::ResourceRequest&, const WebCore::CurlResponse&); 83 83 84 84 State m_state { State::Suspended }; -
trunk/Tools/ChangeLog
r242497 r242517 1 2019-03-05 Takashi Komori <Takashi.Komori@sony.com> 2 3 [Curl] Implement Cookie Accept Policy. 4 https://bugs.webkit.org/show_bug.cgi?id=191645 5 6 Reviewed by Fujii Hironori. 7 8 * TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp: 9 (TestWebKitAPI::Curl::TEST_F): 10 1 11 2019-03-05 Youenn Fablet <youenn@apple.com> 2 12 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp
r240437 r242517 47 47 m_cookieJar = std::make_unique<WebCore::CookieJarDB>(FileSystem::pathByAppendingComponent(m_cookieDirectory, "cookiedb.sql")); 48 48 m_cookieJar->open(); 49 m_cookieJar->set Enabled(true);49 m_cookieJar->setAcceptPolicy(CookieAcceptPolicy::Always); 50 50 } 51 51 … … 65 65 TEST_F(CurlCookies, RejectTailmatchFailureDomain) 66 66 { 67 URL url(URL(), "http://example.com"); 68 67 69 // success: domain match 68 EXPECT_TRUE(m_cookieJar->setCookie( "http://example.com", "foo=bar; Domain=example.com", CookieJarDB::Source::Network));70 EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=example.com", CookieJarDB::Source::Network)); 69 71 // success: wildcard of domains 70 EXPECT_TRUE(m_cookieJar->setCookie( "http://example.com", "foo=bar; Domain=.example.com", CookieJarDB::Source::Network));72 EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=.example.com", CookieJarDB::Source::Network)); 71 73 // failure: specific sub domain 72 EXPECT_FALSE(m_cookieJar->setCookie( "http://example.com", "foo=bar; Domain=www.example.com", CookieJarDB::Source::Network));74 EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=www.example.com", CookieJarDB::Source::Network)); 73 75 // failure: different domain 74 EXPECT_FALSE(m_cookieJar->setCookie( "http://example.com", "foo=bar; Domain=sample.com", CookieJarDB::Source::Network));76 EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=sample.com", CookieJarDB::Source::Network)); 75 77 } 76 78 77 79 TEST_F(CurlCookies, TestHttpOnlyCase) 78 80 { 81 URL url(URL(), "http://example.com"); 82 79 83 // success: from network 80 EXPECT_TRUE(m_cookieJar->setCookie( "http://example.com", "foo=bar; HttpOnly", CookieJarDB::Source::Network));84 EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; HttpOnly", CookieJarDB::Source::Network)); 81 85 // success: wildcard of domains 82 EXPECT_TRUE(m_cookieJar->setCookie( "http://example.com", "bingo=bongo;", CookieJarDB::Source::Script));86 EXPECT_TRUE(m_cookieJar->setCookie(url, url, "bingo=bongo;", CookieJarDB::Source::Script)); 83 87 // failure: foo is already stored as HttpOnly 84 EXPECT_FALSE(m_cookieJar->setCookie( "http://example.com", "foo=bar;", CookieJarDB::Source::Script));88 EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar;", CookieJarDB::Source::Script)); 85 89 // failure: inconsistent. Source is Script, but attribute says HttpOnly 86 EXPECT_FALSE(m_cookieJar->setCookie( "http://example.com", "foo=bar; HttpOnly", CookieJarDB::Source::Script));90 EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; HttpOnly", CookieJarDB::Source::Script)); 87 91 } 88 92
Note: See TracChangeset
for help on using the changeset viewer.