Changeset 248273 in webkit
- Timestamp:
- Aug 5, 2019 2:33:51 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
- 2 moved
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r248269 r248273 1 2019-08-05 John Wilander <wilander@apple.com> 2 3 Resource Load Statistics: Re-introduce latch mode for subresource cookie blocking 4 https://bugs.webkit.org/show_bug.cgi?id=200395 5 <rdar://problem/53869611> 6 7 Reviewed by Darin Adler. 8 9 Back when we had a relaxation of cookie blocking 24 hours after first-party user 10 interaction, we made sure cookie blocking could be turned on and off in subresource 11 redirect chains. The 24 hour window is now long gone. This patch simplifies the 12 cookie blocking so that once a subresource request is denied cookies, any 13 subsequent redirect of that request will also be denied cookies, regardless of the 14 classification status of the domains involved. I call it latch mode. 15 16 * http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/remove-blocking-in-redirect-expected.txt. 17 * http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html: Renamed from LayoutTests/http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html. 18 Changed to expect no removal of blocking in the redirect and renamed accordingly. 19 * platform/ios/TestExpectations: 20 Renamed. 21 * platform/mac-wk2/TestExpectations: 22 Renamed. 23 * platform/wk2/TestExpectations: 24 Renamed. 25 1 26 2019-08-05 Youenn Fablet <youenn@apple.com> 2 27 -
trunk/LayoutTests/http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect-expected.txt
r248272 r248273 1 Tests that blocking is removed mid-flight in redirects.1 Tests that blocking is not removed mid-flight in redirects. 2 2 3 3 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". … … 45 45 Frame: '<!--frame5-->' 46 46 -------- 47 Redirect case 2, should receive first-party cookie for 127.0.0.1.48 Receivedcookie named 'firstPartyCookieIP'.47 Redirect case 2, should not receive first-party cookie for 127.0.0.1. 48 Did not receive cookie named 'firstPartyCookieIP'. 49 49 Did not receive cookie named 'firstPartyCookieLocalhost'. 50 50 Did not receive cookie named 'thirdPartyCookie'. -
trunk/LayoutTests/http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html
r248272 r248273 8 8 <body> 9 9 <script> 10 description("Tests that blocking is removed mid-flight in redirects.");10 description("Tests that blocking is not removed mid-flight in redirects."); 11 11 jsTestIsAsync = true; 12 12 … … 38 38 if (document.location.origin === thirdPartyOrigin) { 39 39 document.cookie = firstPartyCookieNameLocalhost + "=localhost;path='/'"; 40 document.location.href = "http://127.0.0.1:8000/resourceLoadStatistics/ remove-blocking-in-redirect.html#step2";40 document.location.href = "http://127.0.0.1:8000/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html#step2"; 41 41 } else { 42 42 document.cookie = firstPartyCookieNameIP + "=127.0.0.1;path='/'"; 43 document.location.href = "http://localhost:8000/resourceLoadStatistics/ remove-blocking-in-redirect.html#step1";43 document.location.href = "http://localhost:8000/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html#step1"; 44 44 } 45 45 break; … … 76 76 // Load an iframe in a redirect chain that starts with localhost and ends with 127.0.0.1. Expect a cookie for 127.0.0.1. 77 77 document.location.hash = "step8"; 78 openIframe(redirectChainUrl + "&message=Redirect case 2, should receive first-party cookie for 127.0.0.1.", runTest);78 openIframe(redirectChainUrl + "&message=Redirect case 2, should not receive first-party cookie for 127.0.0.1.", runTest); 79 79 break; 80 80 case "#step8": -
trunk/LayoutTests/platform/ios/TestExpectations
r248080 r248273 2784 2784 http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html [ Pass ] 2785 2785 http/tests/resourceLoadStatistics/add-blocking-to-redirect.html [ Pass ] 2786 http/tests/resourceLoadStatistics/ remove-blocking-in-redirect.html [ Pass ]2786 http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html [ Pass ] 2787 2787 http/tests/resourceLoadStatistics/grandfathering.html [ Pass ] 2788 2788 http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html [ Pass ] -
trunk/LayoutTests/platform/mac-wk2/TestExpectations
r247566 r248273 792 792 [ HighSierra+ ] http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html [ Pass ] 793 793 [ HighSierra+ ] http/tests/resourceLoadStatistics/add-blocking-to-redirect.html [ Pass ] 794 [ HighSierra+ ] http/tests/resourceLoadStatistics/ remove-blocking-in-redirect.html [ Pass ]794 [ HighSierra+ ] http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html [ Pass ] 795 795 [ HighSierra+ ] http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html [ Pass ] 796 796 [ HighSierra+ ] http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store-one-hour.html [ Pass ] -
trunk/LayoutTests/platform/wk2/TestExpectations
r248097 r248273 737 737 http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Skip ] 738 738 http/tests/resourceLoadStatistics/add-blocking-to-redirect.html [ Skip ] 739 http/tests/resourceLoadStatistics/ remove-blocking-in-redirect.html [ Skip ]739 http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html [ Skip ] 740 740 http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html [ Skip ] 741 741 http/tests/resourceLoadStatistics/cap-cache-max-age-for-prevalent-resource.html [ Skip ] -
trunk/Source/WebKit/ChangeLog
r248269 r248273 1 2019-08-05 John Wilander <wilander@apple.com> 2 3 Resource Load Statistics: Re-introduce latch mode for subresource cookie blocking 4 https://bugs.webkit.org/show_bug.cgi?id=200395 5 <rdar://problem/53869611> 6 7 Reviewed by Darin Adler. 8 9 Back when we had a relaxation of cookie blocking 24 hours after first-party user 10 interaction, we made sure cookie blocking could be turned on and off in subresource 11 redirect chains. The 24 hour window is now long gone. This patch simplifies the 12 cookie blocking so that once a subresource request is denied cookies, any 13 subsequent redirect of that request will also be denied cookies, regardless of the 14 classification status of the domains involved. I call it latch mode. 15 16 * NetworkProcess/cocoa/NetworkDataTaskCocoa.h: 17 * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: 18 (WebKit::NetworkDataTaskCocoa::blockCookies): 19 (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): 20 (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection): 21 (WebKit::NetworkDataTaskCocoa::applyCookieBlockingPolicy): Deleted. 22 1 23 2019-08-05 Youenn Fablet <youenn@apple.com> 2 24 -
trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
r247831 r248273 85 85 #if ENABLE(RESOURCE_LOAD_STATISTICS) 86 86 static NSHTTPCookieStorage *statelessCookieStorage(); 87 void applyCookieBlockingPolicy(bool shouldBlock);87 void blockCookies(); 88 88 #endif 89 89 bool isThirdPartyRequest(const WebCore::ResourceRequest&); -
trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
r248190 r248273 132 132 } 133 133 134 void NetworkDataTaskCocoa:: applyCookieBlockingPolicy(bool shouldBlock)134 void NetworkDataTaskCocoa::blockCookies() 135 135 { 136 136 ASSERT(hasProcessPrivilege(ProcessPrivilege::CanAccessRawCookies)); 137 137 138 if (shouldBlock == m_hasBeenSetToUseStatelessCookieStorage) 139 return; 140 141 NSHTTPCookieStorage *storage = nil; 142 if (shouldBlock) 143 storage = statelessCookieStorage(); 144 else if (auto* storageSession = m_session->networkStorageSession()) 145 storage = storageSession->nsCookieStorage(); 146 if (storage) { 147 [m_task _setExplicitCookieStorage:storage._cookieStorage]; 148 m_hasBeenSetToUseStatelessCookieStorage = shouldBlock; 149 } 138 if (m_hasBeenSetToUseStatelessCookieStorage) 139 return; 140 141 [m_task _setExplicitCookieStorage:statelessCookieStorage()._cookieStorage]; 142 m_hasBeenSetToUseStatelessCookieStorage = true; 150 143 } 151 144 #endif … … 262 255 LOG(NetworkSession, "%llu Blocking cookies for URL %s", [m_task taskIdentifier], nsRequest.URL.absoluteString.UTF8String); 263 256 #endif 264 applyCookieBlockingPolicy(shouldBlockCookies);257 blockCookies(); 265 258 } 266 259 #endif … … 385 378 386 379 #if ENABLE(RESOURCE_LOAD_STATISTICS) 387 bool shouldBlockCookies = m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless 388 || (m_session->networkStorageSession() && m_session->networkStorageSession()->shouldBlockCookies(request, m_frameID, m_pageID)); 380 if (!m_hasBeenSetToUseStatelessCookieStorage) { 381 if (m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless 382 || (m_session->networkStorageSession() && m_session->networkStorageSession()->shouldBlockCookies(request, m_frameID, m_pageID))) 383 blockCookies(); 384 } 389 385 #if !RELEASE_LOG_DISABLED 390 386 if (m_session->shouldLogCookieInformation()) 391 RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - NetworkDataTaskCocoa::willPerformHTTPRedirection::logCookieInformation: pageID = %llu, frameID = %llu, taskID = %lu: %s cookies for redirect URL %s", this, m_pageID.toUInt64(), m_frameID, (unsigned long)[m_task taskIdentifier], ( shouldBlockCookies? "Blocking" : "Not blocking"), request.url().string().utf8().data());387 RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - NetworkDataTaskCocoa::willPerformHTTPRedirection::logCookieInformation: pageID = %llu, frameID = %llu, taskID = %lu: %s cookies for redirect URL %s", this, m_pageID.toUInt64(), m_frameID, (unsigned long)[m_task taskIdentifier], (m_hasBeenSetToUseStatelessCookieStorage ? "Blocking" : "Not blocking"), request.url().string().utf8().data()); 392 388 #else 393 LOG(NetworkSession, "%llu %s cookies for redirect URL %s", [m_task taskIdentifier], (shouldBlockCookies ? "Blocking" : "Not blocking"), request.url().string().utf8().data()); 394 #endif 395 #endif 396 397 #if ENABLE(RESOURCE_LOAD_STATISTICS) 398 // Always apply the policy since blocking may need to be turned on or off in a redirect. 399 applyCookieBlockingPolicy(shouldBlockCookies); 400 401 if (!shouldBlockCookies) { 402 #if !RELEASE_LOG_DISABLED 403 if (m_session->shouldLogCookieInformation()) 404 RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - NetworkDataTaskCocoa::willPerformHTTPRedirection::logCookieInformation: pageID = %llu, frameID = %llu, taskID = %lu: Not partitioning cookies for redirect URL %s", this, m_pageID.toUInt64(), m_frameID, (unsigned long)[m_task taskIdentifier], request.url().string().utf8().data()); 405 #else 406 LOG(NetworkSession, "%llu Not partitioning cookies for redirect URL %s", [m_task taskIdentifier], request.url().string().utf8().data()); 407 #endif 408 } 389 LOG(NetworkSession, "%llu %s cookies for redirect URL %s", [m_task taskIdentifier], (m_hasBeenSetToUseStatelessCookieStorage ? "Blocking" : "Not blocking"), request.url().string().utf8().data()); 390 #endif 409 391 #endif 410 392
Note: See TracChangeset
for help on using the changeset viewer.