Changeset 242517 in webkit


Ignore:
Timestamp:
Mar 5, 2019 3:36:56 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

[Curl] Implement Cookie Accept Policy.
https://bugs.webkit.org/show_bug.cgi?id=191645

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-03-05
Reviewed by Fujii Hironori.

Source/WebCore:

Make Curl network layer respect to coookie accept policy.
This patch fixes tests below on TestRunner, but doesn't fix tests on DumpRenderTree.

Tests: http/tests/cookies/only-accept-first-party-cookies.html

http/tests/cookies/third-party-cookie-relaxing.html
http/tests/security/cookies/third-party-cookie-blocking-redirect.html
http/tests/security/cookies/third-party-cookie-blocking-user-action.html
http/tests/security/cookies/third-party-cookie-blocking-xslt.xml
http/tests/security/cookies/third-party-cookie-blocking.html

  • platform/network/curl/CookieJarCurl.cpp:

(WebCore::cookiesForSession):
(WebCore::CookieJarCurl::setCookiesFromDOM const):
(WebCore::CookieJarCurl::setCookiesFromHTTPResponse const):
(WebCore::CookieJarCurl::setCookieAcceptPolicy const):
(WebCore::CookieJarCurl::cookieAcceptPolicy const):
(WebCore::CookieJarCurl::getRawCookies const):

  • platform/network/curl/CookieJarCurl.h:
  • platform/network/curl/CookieJarDB.cpp:

(WebCore::CookieJarDB::openDatabase):
(WebCore::CookieJarDB::isEnabled const):
(WebCore::CookieJarDB::checkCookieAcceptPolicy):
(WebCore::CookieJarDB::hasCookies):
(WebCore::CookieJarDB::searchCookies):
(WebCore::CookieJarDB::canAcceptCookie):
(WebCore::CookieJarDB::setCookie):
(WebCore::CookieJarDB::setEnabled): Deleted.

  • platform/network/curl/CookieJarDB.h:

(WebCore::CookieJarDB::setAcceptPolicy):
(WebCore::CookieJarDB::acceptPolicy const):

  • platform/network/curl/CookieUtil.cpp:

(WebCore::CookieUtil::parseCookieAttributes):
(WebCore::CookieUtil::parseCookieHeader):

  • platform/network/curl/CurlResourceHandleDelegate.cpp:

(WebCore::handleCookieHeaders):
(WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse):

Source/WebKit:

  • NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp:

(WebKit::WebCookieManager::platformSetHTTPCookieAcceptPolicy):
(WebKit::WebCookieManager::platformGetHTTPCookieAcceptPolicy):

  • NetworkProcess/curl/NetworkDataTaskCurl.cpp:

(WebKit::NetworkDataTaskCurl::curlDidReceiveResponse):
(WebKit::NetworkDataTaskCurl::handleCookieHeaders):

  • NetworkProcess/curl/NetworkDataTaskCurl.h:

Tools:

  • TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp:

(TestWebKitAPI::Curl::TEST_F):

LayoutTests:

  • platform/wincairo-wk1/TestExpectations:
  • platform/wincairo/TestExpectations:
Location:
trunk
Files:
16 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r242515 r242517  
     12019-03-05  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Implement Cookie Accept Policy.
     4        https://bugs.webkit.org/show_bug.cgi?id=191645
     5
     6        Reviewed by Fujii Hironori.
     7
     8        * platform/wincairo-wk1/TestExpectations:
     9        * platform/wincairo/TestExpectations:
     10
    1112019-03-05  Said Abou-Hallawa  <sabouhallawa@apple.com>
    212
  • trunk/LayoutTests/platform/wincairo-wk1/TestExpectations

    r241979 r242517  
    1313# Failures on WebKit Legacy
    1414
     15# Cookie policy only supported in WK2.
     16http/tests/cookies/only-accept-first-party-cookies.html [ Skip ]
     17http/tests/cookies/third-party-cookie-relaxing.html [ Skip ]
     18http/tests/security/cookies/third-party-cookie-blocking.html [ Skip ]
     19http/tests/security/cookies/third-party-cookie-blocking-redirect.html [ Skip ]
     20http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Skip ]
     21http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Skip ]
     22
    1523# There is not NetworkProcess in WK1, so it can't crash.
    1624http/tests/websocket/tests/hybi/network-process-crash-error.html [ Skip ]
  • trunk/LayoutTests/platform/wincairo/TestExpectations

    r242207 r242517  
    863863http/tests/cookies/multiple-cookies.html [ Pass Failure ]
    864864http/tests/cookies/multiple-redirect-and-set-cookie.php [ Pass Failure ]
     865http/tests/cookies/only-accept-first-party-cookies.html [ Pass ]
    865866http/tests/cookies/private-cookie-storage.html [ Skip ]
    866867http/tests/cookies/same-site [ Skip ]
     
    870871http/tests/cookies/single-quoted-value.html [ Pass Failure ]
    871872http/tests/cookies/sync-xhr-set-cookie-invalidates-cache.html [ Pass Failure ]
    872 http/tests/cookies/third-party-cookie-relaxing.html [ Failure ]
    873873
    874874[ Debug ] http/tests/cookies/js-get-and-set-http-only-cookie.html [ Skip ]
     
    940940http/tests/security [ Skip ]
    941941http/tests/security/401-logout/401-logout.php [ Pass ]
     942http/tests/security/cookies/third-party-cookie-blocking.html [ Pass ]
     943http/tests/security/cookies/third-party-cookie-blocking-redirect.html [ Pass ]
     944http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Pass ]
     945http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Pass ]
    942946
    943947http/tests/ssl [ Skip ]
  • trunk/Source/WebCore/ChangeLog

    r242516 r242517  
     12019-03-05  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Implement Cookie Accept Policy.
     4        https://bugs.webkit.org/show_bug.cgi?id=191645
     5
     6        Reviewed by Fujii Hironori.
     7
     8        Make Curl network layer respect to coookie accept policy.
     9        This patch fixes tests below on TestRunner, but doesn't fix tests on DumpRenderTree.
     10
     11        Tests: http/tests/cookies/only-accept-first-party-cookies.html
     12               http/tests/cookies/third-party-cookie-relaxing.html
     13               http/tests/security/cookies/third-party-cookie-blocking-redirect.html
     14               http/tests/security/cookies/third-party-cookie-blocking-user-action.html
     15               http/tests/security/cookies/third-party-cookie-blocking-xslt.xml
     16               http/tests/security/cookies/third-party-cookie-blocking.html
     17
     18        * platform/network/curl/CookieJarCurl.cpp:
     19        (WebCore::cookiesForSession):
     20        (WebCore::CookieJarCurl::setCookiesFromDOM const):
     21        (WebCore::CookieJarCurl::setCookiesFromHTTPResponse const):
     22        (WebCore::CookieJarCurl::setCookieAcceptPolicy const):
     23        (WebCore::CookieJarCurl::cookieAcceptPolicy const):
     24        (WebCore::CookieJarCurl::getRawCookies const):
     25        * platform/network/curl/CookieJarCurl.h:
     26        * platform/network/curl/CookieJarDB.cpp:
     27        (WebCore::CookieJarDB::openDatabase):
     28        (WebCore::CookieJarDB::isEnabled const):
     29        (WebCore::CookieJarDB::checkCookieAcceptPolicy):
     30        (WebCore::CookieJarDB::hasCookies):
     31        (WebCore::CookieJarDB::searchCookies):
     32        (WebCore::CookieJarDB::canAcceptCookie):
     33        (WebCore::CookieJarDB::setCookie):
     34        (WebCore::CookieJarDB::setEnabled): Deleted.
     35        * platform/network/curl/CookieJarDB.h:
     36        (WebCore::CookieJarDB::setAcceptPolicy):
     37        (WebCore::CookieJarDB::acceptPolicy const):
     38        * platform/network/curl/CookieUtil.cpp:
     39        (WebCore::CookieUtil::parseCookieAttributes):
     40        (WebCore::CookieUtil::parseCookieHeader):
     41        * platform/network/curl/CurlResourceHandleDelegate.cpp:
     42        (WebCore::handleCookieHeaders):
     43        (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse):
     44
    1452019-03-05  Zalan Bujtas  <zalan@apple.com>
    246
  • trunk/Source/WebCore/platform/network/curl/CookieJarCurl.cpp

    r239427 r242517  
    4040namespace WebCore {
    4141
    42 static String cookiesForSession(const NetworkStorageSession& session, const URL&, const URL& url, bool forHTTPHeader)
     42static String cookiesForSession(const NetworkStorageSession& session, const URL& firstParty, const URL& url, bool forHTTPHeader)
    4343{
    4444    StringBuilder cookies;
     
    4848    auto secure = url.protocolIs("https") ? WTF::nullopt : Optional<bool> {false};
    4949
    50     if (auto result = cookieJarDB.searchCookies(url.string(), searchHTTPOnly, secure, WTF::nullopt)) {
     50    if (auto result = cookieJarDB.searchCookies(firstParty, url, searchHTTPOnly, secure, WTF::nullopt)) {
    5151        for (auto& cookie : *result) {
    5252            if (!cookies.isEmpty())
     
    6464    UNUSED_PARAM(frameID);
    6565    UNUSED_PARAM(pageID);
    66     UNUSED_PARAM(firstParty);
    6766
    6867    CookieJarDB& cookieJarDB = session.cookieDatabase();
    69     cookieJarDB.setCookie(url.string(), value, CookieJarDB::Source::Script);
     68    cookieJarDB.setCookie(firstParty, url, value, CookieJarDB::Source::Script);
    7069}
    7170
    72 void CookieJarCurl::setCookiesFromHTTPResponse(const NetworkStorageSession& session, const URL& url, const String& value) const
     71void CookieJarCurl::setCookiesFromHTTPResponse(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& value) const
    7372{
    7473    CookieJarDB& cookieJarDB = session.cookieDatabase();
    75     cookieJarDB.setCookie(url.string(), value, CookieJarDB::Source::Network);
     74    cookieJarDB.setCookie(firstParty, url, value, CookieJarDB::Source::Network);
    7675}
    7776
     
    9998}
    10099
     100void CookieJarCurl::setCookieAcceptPolicy(const NetworkStorageSession& session, CookieAcceptPolicy policy) const
     101{
     102    auto& cookieJarDB = session.cookieDatabase();
     103    cookieJarDB.setAcceptPolicy(policy);
     104}
     105
     106CookieAcceptPolicy CookieJarCurl::cookieAcceptPolicy(const NetworkStorageSession& session) const
     107{
     108    return session.cookieDatabase().acceptPolicy();
     109}
     110
    101111bool CookieJarCurl::cookiesEnabled(const NetworkStorageSession& session) const
    102112{
     
    110120
    111121    CookieJarDB& cookieJarDB = session.cookieDatabase();
    112     if (auto cookies = cookieJarDB.searchCookies(firstParty.string(), WTF::nullopt, WTF::nullopt, WTF::nullopt)) {
     122    if (auto cookies = cookieJarDB.searchCookies(firstParty, firstParty, WTF::nullopt, WTF::nullopt, WTF::nullopt)) {
    113123        rawCookies = WTFMove(*cookies);
    114124        return true;
  • trunk/Source/WebCore/platform/network/curl/CookieJarCurl.h

    r239427 r242517  
    3838struct CookieRequestHeaderFieldProxy;
    3939struct SameSiteInfo;
     40enum class CookieAcceptPolicy;
    4041
    4142class CookieJarCurl {
     
    4344    std::pair<String, bool> cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const;
    4445    void setCookiesFromDOM(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, const String&) const;
    45     void setCookiesFromHTTPResponse(const NetworkStorageSession&, const URL&, const String&) const;
     46    void setCookiesFromHTTPResponse(const NetworkStorageSession&, const URL& firstParty, const URL&, const String&) const;
     47    void setCookieAcceptPolicy(const NetworkStorageSession&, CookieAcceptPolicy) const;
     48    CookieAcceptPolicy cookieAcceptPolicy(const NetworkStorageSession&) const;
    4649    bool cookiesEnabled(const NetworkStorageSession&) const;
    4750    std::pair<String, bool> cookieRequestHeaderFieldValue(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const;
  • trunk/Source/WebCore/platform/network/curl/CookieJarDB.cpp

    r242256 r242517  
    2828#include "CookieUtil.h"
    2929#include "Logging.h"
     30#include "RegistrableDomain.h"
    3031#include "SQLiteFileSystem.h"
    3132#include <wtf/FileSystem.h>
     
    3334#include <wtf/URL.h>
    3435#include <wtf/text/StringConcatenateNumbers.h>
    35 
    36 #if ENABLE(PUBLIC_SUFFIX_LIST)
    37 #include "PublicSuffix.h"
    38 #endif
    3936
    4037namespace WebCore {
     
    6259#define CREATE_PATH_INDEX_SQL \
    6360    "CREATE INDEX IF NOT EXISTS path_index ON Cookie(path);"
     61#define CHECK_EXISTS_COOKIE_SQL \
     62    "SELECT domain FROM Cookie WHERE ((domain = ?) OR (domain GLOB ?));"
    6463#define CHECK_EXISTS_HTTPONLY_COOKIE_SQL \
    6564    "SELECT name FROM Cookie WHERE (name = ?) AND (domain = ?) AND (path = ?) AND (httponly = 1);"
     
    8281static constexpr int schemaVersion = 1;
    8382
    84 
    85 void CookieJarDB::setEnabled(bool enable)
    86 {
    87     m_isEnabled = enable;
    88 }
    8983
    9084CookieJarDB::CookieJarDB(const String& databasePath)
     
    163157    // create prepared statements
    164158    createPrepareStatement(SET_COOKIE_SQL);
     159    createPrepareStatement(CHECK_EXISTS_COOKIE_SQL);
    165160    createPrepareStatement(CHECK_EXISTS_HTTPONLY_COOKIE_SQL);
    166161    createPrepareStatement(DELETE_COOKIE_BY_NAME_DOMAIN_PATH_SQL);
     
    310305        return false;
    311306
    312     return m_isEnabled;
    313 }
    314 
    315 Optional<Vector<Cookie>> CookieJarDB::searchCookies(const String& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session)
     307    return (m_acceptPolicy == CookieAcceptPolicy::Always || m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain || m_acceptPolicy == CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain);
     308}
     309
     310bool CookieJarDB::checkCookieAcceptPolicy(const URL& firstParty, const URL& url)
     311{
     312    if (m_acceptPolicy == CookieAcceptPolicy::Always)
     313        return true;
     314
     315    // See https://bugs.webkit.org/show_bug.cgi?id=193458#c0
     316    if (m_acceptPolicy != CookieAcceptPolicy::OnlyFromMainDocumentDomain && m_acceptPolicy != CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain)
     317        return false;
     318
     319    if (firstParty.host() == url.host())
     320        return true;
     321
     322    if (RegistrableDomain(firstParty).matches(url))
     323        return true;
     324
     325    // third-party resources can read or write cookies if they have pre-existing cookies.
     326    if (m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain && hasCookies(url))
     327        return true;
     328
     329    return false;
     330}
     331
     332bool CookieJarDB::hasCookies(const URL& url)
     333{
     334    String host = url.host().convertToASCIILowercase();
     335    if (host.isEmpty())
     336        return false;
     337
     338    if (isPublicSuffix(host))
     339        return false;
     340
     341    RegistrableDomain registrableDomain { url };
     342    auto& statement = preparedStatement(CHECK_EXISTS_COOKIE_SQL);
     343
     344    if (CookieUtil::isIPAddress(host) || !host.contains('.') || registrableDomain.isEmpty()) {
     345        statement.bindText(1, host);
     346        statement.bindNull(2);
     347    } else {
     348        statement.bindText(1, registrableDomain.string());
     349        statement.bindText(2, String("*.") + registrableDomain.string());
     350    }
     351
     352    return statement.step() == SQLITE_ROW;
     353}
     354
     355Optional<Vector<Cookie>> CookieJarDB::searchCookies(const URL& firstParty, const URL& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session)
    316356{
    317357    if (!isEnabled() || !m_database.isOpen())
    318358        return WTF::nullopt;
    319359
    320     URL requestUrlObj({ }, requestUrl);
    321     String requestHost(requestUrlObj.host().toString().convertToASCIILowercase());
    322     String requestPath(requestUrlObj.path().convertToASCIILowercase());
    323 
     360    String requestHost = requestUrl.host().convertToASCIILowercase();
    324361    if (requestHost.isEmpty())
    325362        return WTF::nullopt;
    326363
     364    if (!checkCookieAcceptPolicy(firstParty, requestUrl))
     365        return WTF::nullopt;
     366
     367    String requestPath = requestUrl.path();
    327368    if (requestPath.isEmpty())
    328369        requestPath = "/";
     370
     371    RegistrableDomain registrableDomain { requestUrl };
    329372
    330373    const String sql =
     
    347390    pstmt->bindText(4, requestHost);
    348391
    349     if (CookieUtil::isIPAddress(requestHost) || !requestHost.contains('.'))
     392    if (CookieUtil::isIPAddress(requestHost) || !requestHost.contains('.') || registrableDomain.isEmpty())
    350393        pstmt->bindNull(5);
    351     else {
    352 #if ENABLE(PUBLIC_SUFFIX_LIST)
    353         String topPrivateDomain = topPrivatelyControlledDomain(requestHost);
    354         if (!topPrivateDomain.isEmpty())
    355             pstmt->bindText(5, String("*.") + topPrivateDomain);
    356         else
    357             pstmt->bindNull(5);
    358 #else
    359         // Fallback to glob for cookies under the second level domain e.g. *.domain.com
    360         // This will return too many cookies under multilevel tlds such as *.co.uk, but they will get filtered out later.
    361         size_t topLevelSeparator = requestHost.reverseFind('.');
    362         size_t secondLevelSeparator = requestHost.reverseFind('.', topLevelSeparator-1);
    363         String localDomain = secondLevelSeparator == notFound ? requestHost : requestHost.substring(secondLevelSeparator+1);
    364 
    365         ASSERT(!localDomain.isEmpty());
    366         pstmt->bindText(5, String("*.") + localDomain);
    367 #endif
    368     }
     394    else
     395        pstmt->bindText(5, String("*.") + registrableDomain.string());
    369396
    370397    if (!pstmt)
     
    381408        String cookieValue = pstmt->getColumnText(1);
    382409        String cookieDomain = pstmt->getColumnText(2).convertToASCIILowercase();
    383         String cookiePath = pstmt->getColumnText(3).convertToASCIILowercase();
     410        String cookiePath = pstmt->getColumnText(3);
    384411        double cookieExpires = (double)pstmt->getColumnInt64(4) * 1000;
    385412        bool cookieHttpOnly = (pstmt->getColumnInt(5) == 1);
     
    425452}
    426453
    427 bool CookieJarDB::canAcceptCookie(const Cookie& cookie, const String& host, CookieJarDB::Source source)
    428 {
    429 #if ENABLE(PUBLIC_SUFFIX_LIST)
     454bool CookieJarDB::canAcceptCookie(const Cookie& cookie, const URL& firstParty, const URL& url, CookieJarDB::Source source)
     455{
    430456    if (isPublicSuffix(cookie.domain))
    431457        return false;
    432 #endif
    433458
    434459    bool fromJavaScript = source == CookieJarDB::Source::Script;
     
    436461        return false;
    437462
    438     if (!CookieUtil::domainMatch(cookie.domain, host))
     463    if (!CookieUtil::domainMatch(cookie.domain, url.host().convertToASCIILowercase()))
     464        return false;
     465
     466    if (!checkCookieAcceptPolicy(firstParty, url))
    439467        return false;
    440468
     
    462490}
    463491
    464 bool CookieJarDB::setCookie(const String& url, const String& body, CookieJarDB::Source source)
     492bool CookieJarDB::setCookie(const URL& firstParty, const URL& url, const String& body, CookieJarDB::Source source)
    465493{
    466494    if (!isEnabled() || !m_database.isOpen())
     
    469497    if (url.isEmpty() || body.isEmpty())
    470498        return false;
    471 
    472     URL urlObj({ }, url);
    473     String host(urlObj.host().toString());
    474     String path(urlObj.path());
    475499
    476500    auto cookie = CookieUtil::parseCookieHeader(body);
     
    479503
    480504    if (cookie->domain.isEmpty())
    481         cookie->domain = String(host);
     505        cookie->domain = url.host().convertToASCIILowercase();
    482506
    483507    if (cookie->path.isEmpty())
    484         cookie->path = CookieUtil::defaultPathForURL(urlObj);
    485 
    486     if (!canAcceptCookie(*cookie, host, source))
     508        cookie->path = CookieUtil::defaultPathForURL(url);
     509
     510    if (!canAcceptCookie(*cookie, firstParty, url, source))
    487511        return false;
    488512
  • trunk/Source/WebCore/platform/network/curl/CookieJarDB.h

    r239427 r242517  
    3737namespace WebCore {
    3838
     39enum class CookieAcceptPolicy {
     40    Always,
     41    Never,
     42    OnlyFromMainDocumentDomain,
     43    ExclusivelyFromMainDocumentDomain
     44};
     45
    3946class CookieJarDB {
    4047    WTF_MAKE_NONCOPYABLE(CookieJarDB);
     
    4552        Script
    4653    };
     54
    4755    void open();
    4856    bool isEnabled() const;
    49     void setEnabled(bool);
    5057
    51     Optional<Vector<Cookie>> searchCookies(const String& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session);
    52     bool setCookie(const String& url, const String& cookie, Source);
     58    void setAcceptPolicy(CookieAcceptPolicy policy) { m_acceptPolicy = policy; }
     59    CookieAcceptPolicy acceptPolicy() const { return m_acceptPolicy; }
     60
     61    Optional<Vector<Cookie>> searchCookies(const URL& firstParty, const URL& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session);
     62    bool setCookie(const URL& firstParty, const URL&, const String& cookie, Source);
    5363    bool setCookie(const Cookie&);
    5464
     
    6171
    6272private:
    63 
    64     bool m_isEnabled { true };
     73    CookieAcceptPolicy m_acceptPolicy { CookieAcceptPolicy::Always };
    6574    String m_databasePath;
    6675
     
    8998    bool deleteCookieInternal(const String& name, const String& domain, const String& path);
    9099    bool hasHttpOnlyCookie(const String& name, const String& domain, const String& path);
    91     bool canAcceptCookie(const Cookie&, const String& host, CookieJarDB::Source);
     100    bool canAcceptCookie(const Cookie&, const URL& firstParty, const URL&, CookieJarDB::Source);
     101    bool checkCookieAcceptPolicy(const URL& firstParty, const URL&);
     102    bool hasCookies(const URL&);
    92103
    93104    SQLiteDatabase m_database;
  • trunk/Source/WebCore/platform/network/curl/CookieUtil.cpp

    r239427 r242517  
    114114            attributeValue = "." + attributeValue;
    115115
    116         result.domain = attributeValue;
     116        result.domain = attributeValue.convertToASCIILowercase();
    117117
    118118    } else if (equalIgnoringASCIICase(attributeName, "max-age")) {
     
    151151    String cookieName;
    152152    String cookieValue;
    153     size_t assignmentPosition = cookieLine.find('=');
     153    size_t assignmentPosition = cookiePair.find('=');
    154154
    155155    // RFC6265 says to ignore cookies pairs with empty names or no assignment character
  • trunk/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp

    r240345 r242517  
    8686}
    8787
    88 static void handleCookieHeaders(ResourceHandleInternal* d, const CurlResponse& response)
     88static void handleCookieHeaders(ResourceHandleInternal* d, const ResourceRequest& request, const CurlResponse& response)
    8989{
    9090    static const auto setCookieHeader = "set-cookie: ";
     
    9595        if (header.startsWithIgnoringASCIICase(setCookieHeader)) {
    9696            const auto contents = header.right(header.length() - strlen(setCookieHeader));
    97             cookieJar.setCookiesFromHTTPResponse(storageSession, response.url, contents);
     97            cookieJar.setCookiesFromHTTPResponse(storageSession, request.firstPartyForCookies(), response.url, contents);
    9898        }
    9999    }
     
    113113    m_response.setDeprecatedNetworkLoadMetrics(request.networkLoadMetrics().isolatedCopy());
    114114
    115     handleCookieHeaders(d(), receivedResponse);
     115    handleCookieHeaders(d(), request.resourceRequest(), receivedResponse);
    116116
    117117    if (m_response.shouldRedirect()) {
  • trunk/Source/WebKit/ChangeLog

    r242503 r242517  
     12019-03-05  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Implement Cookie Accept Policy.
     4        https://bugs.webkit.org/show_bug.cgi?id=191645
     5
     6        Reviewed by Fujii Hironori.
     7
     8        * NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp:
     9        (WebKit::WebCookieManager::platformSetHTTPCookieAcceptPolicy):
     10        (WebKit::WebCookieManager::platformGetHTTPCookieAcceptPolicy):
     11        * NetworkProcess/curl/NetworkDataTaskCurl.cpp:
     12        (WebKit::NetworkDataTaskCurl::curlDidReceiveResponse):
     13        (WebKit::NetworkDataTaskCurl::handleCookieHeaders):
     14        * NetworkProcess/curl/NetworkDataTaskCurl.h:
     15
    1162019-03-05  Youenn Fablet  <youenn@apple.com>
    217
  • trunk/Source/WebKit/NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp

    r239624 r242517  
    2727#include "WebCookieManager.h"
    2828
     29#include "NetworkProcess.h"
     30#include <WebCore/NetworkStorageSession.h>
     31
    2932namespace WebKit {
    3033
    3134using namespace WebCore;
    3235
    33 void WebCookieManager::platformSetHTTPCookieAcceptPolicy(HTTPCookieAcceptPolicy)
     36void WebCookieManager::platformSetHTTPCookieAcceptPolicy(HTTPCookieAcceptPolicy policy)
    3437{
     38    CookieAcceptPolicy curlPolicy = CookieAcceptPolicy::OnlyFromMainDocumentDomain;
     39    switch (policy) {
     40    case HTTPCookieAcceptPolicyAlways:
     41        curlPolicy = CookieAcceptPolicy::Always;
     42        break;
     43    case HTTPCookieAcceptPolicyNever:
     44        curlPolicy = CookieAcceptPolicy::Never;
     45        break;
     46    case HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain:
     47        curlPolicy = CookieAcceptPolicy::OnlyFromMainDocumentDomain;
     48        break;
     49    case HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain:
     50        curlPolicy = CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain;
     51        break;
     52    }
     53
     54    m_process.forEachNetworkStorageSession([curlPolicy] (const auto& networkStorageSession) {
     55        networkStorageSession.cookieStorage().setCookieAcceptPolicy(networkStorageSession, curlPolicy);
     56    });
    3557}
    3658
    3759HTTPCookieAcceptPolicy WebCookieManager::platformGetHTTPCookieAcceptPolicy()
    3860{
     61    const auto& networkStorageSession = m_process.defaultStorageSession();
     62    switch (networkStorageSession.cookieStorage().cookieAcceptPolicy(networkStorageSession)) {
     63    case CookieAcceptPolicy::Always:
     64        return HTTPCookieAcceptPolicyAlways;
     65    case CookieAcceptPolicy::Never:
     66        return HTTPCookieAcceptPolicyNever;
     67    case CookieAcceptPolicy::OnlyFromMainDocumentDomain:
     68        return HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain;
     69    case CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain:
     70        return HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain;
     71    }
     72
     73    ASSERT_NOT_REACHED();
    3974    return HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain;
    4075}
  • trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp

    r242092 r242517  
    150150    m_response.setDeprecatedNetworkLoadMetrics(request.networkLoadMetrics().isolatedCopy());
    151151
    152     handleCookieHeaders(receivedResponse);
     152    handleCookieHeaders(request.resourceRequest(), receivedResponse);
    153153
    154154    if (m_response.shouldRedirect()) {
     
    428428}
    429429
    430 void NetworkDataTaskCurl::handleCookieHeaders(const CurlResponse& response)
     430void NetworkDataTaskCurl::handleCookieHeaders(const WebCore::ResourceRequest& request, const CurlResponse& response)
    431431{
    432432    static const auto setCookieHeader = "set-cookie: ";
     
    437437        if (header.startsWithIgnoringASCIICase(setCookieHeader)) {
    438438            String setCookieString = header.right(header.length() - strlen(setCookieHeader));
    439             cookieJar.setCookiesFromHTTPResponse(storageSession, response.url, setCookieString);
     439            cookieJar.setCookiesFromHTTPResponse(storageSession, request.firstPartyForCookies(), response.url, setCookieString);
    440440        }
    441441    }
  • trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h

    r242092 r242517  
    8080
    8181    void appendCookieHeader(WebCore::ResourceRequest&);
    82     void handleCookieHeaders(const WebCore::CurlResponse&);
     82    void handleCookieHeaders(const WebCore::ResourceRequest&, const WebCore::CurlResponse&);
    8383
    8484    State m_state { State::Suspended };
  • trunk/Tools/ChangeLog

    r242497 r242517  
     12019-03-05  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Implement Cookie Accept Policy.
     4        https://bugs.webkit.org/show_bug.cgi?id=191645
     5
     6        Reviewed by Fujii Hironori.
     7
     8        * TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp:
     9        (TestWebKitAPI::Curl::TEST_F):
     10
    1112019-03-05  Youenn Fablet  <youenn@apple.com>
    212
  • trunk/Tools/TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp

    r240437 r242517  
    4747        m_cookieJar = std::make_unique<WebCore::CookieJarDB>(FileSystem::pathByAppendingComponent(m_cookieDirectory, "cookiedb.sql"));
    4848        m_cookieJar->open();
    49         m_cookieJar->setEnabled(true);
     49        m_cookieJar->setAcceptPolicy(CookieAcceptPolicy::Always);
    5050    }
    5151
     
    6565TEST_F(CurlCookies, RejectTailmatchFailureDomain)
    6666{
     67    URL url(URL(), "http://example.com");
     68
    6769    // success: domain match
    68     EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=example.com", CookieJarDB::Source::Network));
     70    EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=example.com", CookieJarDB::Source::Network));
    6971    // success: wildcard of domains
    70     EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=.example.com", CookieJarDB::Source::Network));
     72    EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=.example.com", CookieJarDB::Source::Network));
    7173    // failure: specific sub domain
    72     EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=www.example.com", CookieJarDB::Source::Network));
     74    EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=www.example.com", CookieJarDB::Source::Network));
    7375    // failure: different domain
    74     EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=sample.com", CookieJarDB::Source::Network));
     76    EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=sample.com", CookieJarDB::Source::Network));
    7577}
    7678
    7779TEST_F(CurlCookies, TestHttpOnlyCase)
    7880{
     81    URL url(URL(), "http://example.com");
     82
    7983    // success: from network
    80     EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "foo=bar; HttpOnly", CookieJarDB::Source::Network));
     84    EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; HttpOnly", CookieJarDB::Source::Network));
    8185    // success: wildcard of domains
    82     EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "bingo=bongo;", CookieJarDB::Source::Script));
     86    EXPECT_TRUE(m_cookieJar->setCookie(url, url, "bingo=bongo;", CookieJarDB::Source::Script));
    8387    // failure: foo is already stored as HttpOnly
    84     EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar;", CookieJarDB::Source::Script));
     88    EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar;", CookieJarDB::Source::Script));
    8589    // failure: inconsistent. Source is Script, but attribute says HttpOnly
    86     EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar; HttpOnly", CookieJarDB::Source::Script));
     90    EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; HttpOnly", CookieJarDB::Source::Script));
    8791}
    8892
Note: See TracChangeset for help on using the changeset viewer.