Changeset 251663 in webkit


Ignore:
Timestamp:
Oct 28, 2019 12:45:03 PM (4 years ago)
Author:
wilander@apple.com
Message:

Storage Access API: Make the API work with the experimental 3rd-party cookie blocking
https://bugs.webkit.org/show_bug.cgi?id=203428
<rdar://problem/56626949>

Reviewed by Alex Christensen.

Source/WebKit:

Tests: http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking.html

http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking.html
http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie.html
http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie.html

This patch adds Storage Access API support for the experimental 3rd-party cookie blocking that
landed in <https://trac.webkit.org/changeset/251467>.

There are three policies at play because it can be changed with the experimental setting:

  1. The underlying cookie policy.
  2. Shipping ITP.
  3. The off by default, experimental 3rd-party cookie blocking.

To support them all, a CookieAccess enum was added to encode how the API should respond.
The enum has these values:
CannotRequest - This third-party cannot request storage access based on the current policy.
BasedOnCookiePolicy – This third-party should be treated according to the underlying cookie policy.
OnlyIfGranted – This third-party can and must get access through the Storage Access API.

Here's the truth table I used to work through the logic for both
document.hasStorageAccess() and document.requestStorageAccess():

Access | Is | User | Has | 3rd-party | |
granted | prevalent | interaction | cookie | cookie block | RESULT |


| | | |  | | false |


| | | |  | true | false |


| | | | true | | true |


| | | | true | true | false |


| | | true |  | | false |


| | | true |  | true | false |


| | | true | true | | true |


| | | true | true | true | false |


| | true | !care | !care | !care | false |


| true | !care | !care | !care | !care | true |


  • NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:

(WebKit::ResourceLoadStatisticsDatabaseStore::cookieAccess const):
(WebKit::ResourceLoadStatisticsDatabaseStore::hasStorageAccess):
(WebKit::ResourceLoadStatisticsDatabaseStore::requestStorageAccess):
(WebKit::ResourceLoadStatisticsDatabaseStore::requestStorageAccessUnderOpener):

Extra checks removed since there's no harm in granting access
to a third-party that already has access by way of the underlying
cookie policy. Also, this is a temporary compatibility fix.

  • NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h:
  • NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:

(WebKit::ResourceLoadStatisticsMemoryStore::cookieAccess const):
(WebKit::ResourceLoadStatisticsMemoryStore::hasStorageAccess):
(WebKit::ResourceLoadStatisticsMemoryStore::requestStorageAccess):
(WebKit::ResourceLoadStatisticsMemoryStore::requestStorageAccessUnderOpener):

Extra checks removed since there's no harm in granting access
to a third-party that already has access by way of the underlying
cookie policy. Also, this is a temporary compatibility fix.

  • NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.h:
  • NetworkProcess/Classifier/ResourceLoadStatisticsStore.h:

(WebKit::ResourceLoadStatisticsStore::setIsThirdPartyCookieBlockingEnabled):
(WebKit::ResourceLoadStatisticsStore::isThirdPartyCookieBlockingEnabled const):

  • NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::setIsThirdPartyCookieBlockingEnabled):

This is now the single path to control this setting in both ITP
and the network storage session. See comment below.

  • NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::setShouldBlockThirdPartyCookiesForTesting):

  • NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::setResourceLoadStatisticsEnabled):
(WebKit::NetworkSession::setIsThirdPartyCookieBlockingEnabled):

Restructured these so that they are initiated like the rest of the
parameters and only have a single path for changes so that a
reset to consistent state resets all the state.

  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):

Tools:

  • WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::statisticsCallDidSetShouldDowngradeReferrerCallback):
(WTR::TestRunner::statisticsCallDidSetShouldBlockThirdPartyCookiesCallback):

Both of these were missing resets of their m_hasSet*Callback booleans.

LayoutTests:

  • http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking-database-expected.txt: Added.
  • http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking-database.html: Added.
  • http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking-expected.txt: Added.
  • http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking.html: Added.
  • http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking-database-expected.txt: Added.
  • http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking-database.html: Added.
  • http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking-expected.txt: Added.
  • http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking.html: Added.
  • http/tests/storageAccess/has-storage-access-true-if-third-party-has-cookies.html:
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie-database-expected.txt: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie-database.html: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie-expected.txt: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie.html: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie-database-expected.txt: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie-database.html: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie-expected.txt: Added.
  • http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie.html: Added.
Location:
trunk
Files:
16 added
16 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r251662 r251663  
     12019-10-28  John Wilander  <wilander@apple.com>
     2
     3        Storage Access API: Make the API work with the experimental 3rd-party cookie blocking
     4        https://bugs.webkit.org/show_bug.cgi?id=203428
     5        <rdar://problem/56626949>
     6
     7        Reviewed by Alex Christensen.
     8
     9        * http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking-database-expected.txt: Added.
     10        * http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking-database.html: Added.
     11        * http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking-expected.txt: Added.
     12        * http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking.html: Added.
     13        * http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking-database-expected.txt: Added.
     14        * http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking-database.html: Added.
     15        * http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking-expected.txt: Added.
     16        * http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking.html: Added.
     17        * http/tests/storageAccess/has-storage-access-true-if-third-party-has-cookies.html:
     18        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie-database-expected.txt: Added.
     19        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie-database.html: Added.
     20        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie-expected.txt: Added.
     21        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie.html: Added.
     22        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie-database-expected.txt: Added.
     23        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie-database.html: Added.
     24        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie-expected.txt: Added.
     25        * http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie.html: Added.
     26
    1272019-10-28  Alex Christensen  <achristensen@webkit.org>
    228
  • trunk/LayoutTests/http/tests/storageAccess/has-storage-access-true-if-third-party-has-cookies.html

    r250589 r251663  
    1 <!-- webkit-test-runner [ useEphemeralSession=true ] -->
    21<!DOCTYPE html>
    32<html>
     
    2625        function runTest() {
    2726            if (document.location.hash !== "#firstPartyCookieSet") {
    28                 setEnableFeature(false, function() {
     27                setEnableFeature(true, function() {
    2928                    document.location.href = statisticsUrl + "/storageAccess/resources/set-cookie.php?name=firstPartyCookie&value=value#http://127.0.0.1:8000/storageAccess/has-storage-access-true-if-third-party-has-cookies.html#firstPartyCookieSet";
    3029                });
  • trunk/Source/WebKit/ChangeLog

    r251659 r251663  
     12019-10-28  John Wilander  <wilander@apple.com>
     2
     3        Storage Access API: Make the API work with the experimental 3rd-party cookie blocking
     4        https://bugs.webkit.org/show_bug.cgi?id=203428
     5        <rdar://problem/56626949>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Tests: http/tests/storageAccess/deny-due-to-no-interaction-under-general-third-party-cookie-blocking.html
     10               http/tests/storageAccess/grant-with-prompt-under-general-third-party-cookie-blocking.html
     11               http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-with-cookie.html
     12               http/tests/storageAccess/has-storage-access-under-general-third-party-cookie-blocking-without-cookie.html
     13
     14        This patch adds Storage Access API support for the experimental 3rd-party cookie blocking that
     15        landed in <https://trac.webkit.org/changeset/251467>.
     16
     17        There are three policies at play because it can be changed with the experimental setting:
     18        1. The underlying cookie policy.
     19        2. Shipping ITP.
     20        3. The off by default, experimental 3rd-party cookie blocking.
     21
     22        To support them all, a CookieAccess enum was added to encode how the API should respond.
     23        The enum has these values:
     24        CannotRequest - This third-party cannot request storage access based on the current policy.
     25        BasedOnCookiePolicy – This third-party should be treated according to the underlying cookie policy.
     26        OnlyIfGranted – This third-party can and must get access through the Storage Access API.
     27
     28        Here's the truth table I used to work through the logic for both
     29        document.hasStorageAccess() and document.requestStorageAccess():
     30
     31        Access  | Is        | User        | Has    | 3rd-party    |        |
     32        granted | prevalent | interaction | cookie | cookie block | RESULT |
     33        -------------------------------------------------------------------
     34        |       |           |             |        |              | false  |
     35        -------------------------------------------------------------------
     36        |       |           |             |        | true         | false  |
     37        -------------------------------------------------------------------
     38        |       |           |             | true   |              | true   |
     39        -------------------------------------------------------------------
     40        |       |           |             | true   | true         | false  |
     41        -------------------------------------------------------------------
     42        |       |           | true        |        |              | false  |
     43        -------------------------------------------------------------------
     44        |       |           | true        |        | true         | false  |
     45        -------------------------------------------------------------------
     46        |       |           | true        | true   |              | true   |
     47        -------------------------------------------------------------------
     48        |       |           | true        | true   | true         | false  |
     49        -------------------------------------------------------------------
     50        |       | true      | !care       | !care  | !care        | false  |
     51        -------------------------------------------------------------------
     52        | true  | !care     | !care       | !care  | !care        | true   |
     53        -------------------------------------------------------------------
     54
     55        * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
     56        (WebKit::ResourceLoadStatisticsDatabaseStore::cookieAccess const):
     57        (WebKit::ResourceLoadStatisticsDatabaseStore::hasStorageAccess):
     58        (WebKit::ResourceLoadStatisticsDatabaseStore::requestStorageAccess):
     59        (WebKit::ResourceLoadStatisticsDatabaseStore::requestStorageAccessUnderOpener):
     60            Extra checks removed since there's no harm in granting access
     61            to a third-party that already has access by way of the underlying
     62            cookie policy. Also, this is a temporary compatibility fix.
     63        * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h:
     64        * NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:
     65        (WebKit::ResourceLoadStatisticsMemoryStore::cookieAccess const):
     66        (WebKit::ResourceLoadStatisticsMemoryStore::hasStorageAccess):
     67        (WebKit::ResourceLoadStatisticsMemoryStore::requestStorageAccess):
     68        (WebKit::ResourceLoadStatisticsMemoryStore::requestStorageAccessUnderOpener):
     69            Extra checks removed since there's no harm in granting access
     70            to a third-party that already has access by way of the underlying
     71            cookie policy. Also, this is a temporary compatibility fix.
     72        * NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.h:
     73        * NetworkProcess/Classifier/ResourceLoadStatisticsStore.h:
     74        (WebKit::ResourceLoadStatisticsStore::setIsThirdPartyCookieBlockingEnabled):
     75        (WebKit::ResourceLoadStatisticsStore::isThirdPartyCookieBlockingEnabled const):
     76        * NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
     77        (WebKit::WebResourceLoadStatisticsStore::setIsThirdPartyCookieBlockingEnabled):
     78            This is now the single path to control this setting in both ITP
     79            and the network storage session. See comment below.
     80        * NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
     81        * NetworkProcess/NetworkProcess.cpp:
     82        (WebKit::NetworkProcess::setShouldBlockThirdPartyCookiesForTesting):
     83        * NetworkProcess/NetworkSession.cpp:
     84        (WebKit::NetworkSession::setResourceLoadStatisticsEnabled):
     85        (WebKit::NetworkSession::setIsThirdPartyCookieBlockingEnabled):
     86            Restructured these so that they are initiated like the rest of the
     87            parameters and only have a single path for changes so that a
     88            reset to consistent state resets all the state.
     89        * NetworkProcess/NetworkSession.h:
     90        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
     91        (WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
     92
    1932019-10-28  Alex Christensen  <achristensen@webkit.org>
    294
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp

    r251501 r251663  
    11941194    ensureResourceStatisticsForRegistrableDomain(subFrameDomain);
    11951195
    1196     switch (cookieTreatmentForOrigin(subFrameDomain)) {
    1197     case CookieTreatmentResult::BlockAndPurge:
     1196    switch (cookieAccess(subFrameDomain)) {
     1197    case CookieAccess::CannotRequest:
    11981198        completionHandler(false);
    11991199        return;
    1200     case CookieTreatmentResult::Allow:
    1201         // We should only return true if the context has asked for and been granted access.
    1202         completionHandler(false);
    1203         return;
    1204     case CookieTreatmentResult::BlockAndKeep:
    1205         // Do nothing. The below dispatch will complete the task.
     1200    case CookieAccess::BasedOnCookiePolicy:
     1201        RunLoop::main().dispatch([store = makeRef(store()), subFrameDomain = subFrameDomain.isolatedCopy(), completionHandler = WTFMove(completionHandler)]() mutable {
     1202            store->hasCookies(subFrameDomain, [store = store.copyRef(), completionHandler = WTFMove(completionHandler)](bool result) mutable {
     1203                store->statisticsQueue().dispatch([completionHandler = WTFMove(completionHandler), result] () mutable {
     1204                    completionHandler(result);
     1205                });
     1206            });
     1207        });
     1208        return;
     1209    case CookieAccess::OnlyIfGranted:
     1210        // Handled below.
    12061211        break;
    12071212    };
     
    12211226
    12221227    auto subFrameStatus = ensureResourceStatisticsForRegistrableDomain(subFrameDomain);
    1223     auto cookieTreatmentResult = cookieTreatmentForOrigin(subFrameDomain);
    1224    
    1225     if (cookieTreatmentResult == CookieTreatmentResult::BlockAndPurge) {
     1228   
     1229    switch (cookieAccess(subFrameDomain)) {
     1230    case CookieAccess::CannotRequest:
    12261231        RELEASE_LOG_INFO_IF(debugLoggingEnabled(), ITPDebug, "Cannot grant storage access to %{private}s since its cookies are blocked in third-party contexts and it has not received user interaction as first-party.", subFrameDomain.string().utf8().data());
    12271232        completionHandler(StorageAccessStatus::CannotRequestAccess);
    12281233        return;
    1229     }
    1230    
    1231     if (cookieTreatmentResult != CookieTreatmentResult::BlockAndKeep) {
    1232         RELEASE_LOG_INFO_IF(debugLoggingEnabled(), ITPDebug, "No need to grant storage access to %{private}s since its cookies are not blocked in third-party contexts.", subFrameDomain.string().utf8().data());
     1234    case CookieAccess::BasedOnCookiePolicy:
     1235        RELEASE_LOG_INFO_IF(debugLoggingEnabled(), ITPDebug, "No need to grant storage access to %{private}s since its cookies are not blocked in third-party contexts. Note that the underlying cookie policy may still block this third-party from setting cookies.", subFrameDomain.string().utf8().data());
    12331236        completionHandler(StorageAccessStatus::HasAccess);
    12341237        return;
     1238    case CookieAccess::OnlyIfGranted:
     1239        // Handled below.
     1240        break;
    12351241    }
    12361242
     
    12651271
    12661272    if (domainInNeedOfStorageAccess == openerDomain)
    1267         return;
    1268 
    1269     ensureResourceStatisticsForRegistrableDomain(domainInNeedOfStorageAccess);
    1270     if (cookieTreatmentForOrigin(domainInNeedOfStorageAccess) == CookieTreatmentResult::Allow)
    12711273        return;
    12721274
     
    17891791}
    17901792
    1791 ResourceLoadStatisticsDatabaseStore::CookieTreatmentResult ResourceLoadStatisticsDatabaseStore::cookieTreatmentForOrigin(const RegistrableDomain& domain) const
     1793CookieAccess ResourceLoadStatisticsDatabaseStore::cookieAccess(const RegistrableDomain& domain) const
    17921794{
    17931795    ASSERT(!RunLoop::isMain());
     
    17961798    if (statement.prepare() != SQLITE_OK
    17971799        || statement.bindText(1, domain.string()) != SQLITE_OK) {
    1798         RELEASE_LOG_ERROR_IF_ALLOWED(m_sessionID, "%p - ResourceLoadStatisticsDatabaseStore::cookieTreatmentForOrigin failed to bind, error message: %{private}s", this, m_database.lastErrorMsg());
    1799         ASSERT_NOT_REACHED();
    1800     }
    1801    
    1802     if (statement.step() != SQLITE_ROW)
    1803         return CookieTreatmentResult::Allow;
    1804    
     1800        RELEASE_LOG_ERROR_IF_ALLOWED(m_sessionID, "%p - ResourceLoadStatisticsDatabaseStore::cookieAccess failed to bind, error message: %{private}s", this, m_database.lastErrorMsg());
     1801        ASSERT_NOT_REACHED();
     1802    }
     1803   
     1804    bool hasNoEntry = statement.step() != SQLITE_ROW;
     1805    if (hasNoEntry) {
     1806        if (isThirdPartyCookieBlockingEnabled())
     1807            return CookieAccess::OnlyIfGranted;
     1808        return CookieAccess::BasedOnCookiePolicy;
     1809    }
     1810
    18051811    bool isPrevalent = !!statement.getColumnInt(0);
    1806     if (!isPrevalent)
    1807         return CookieTreatmentResult::Allow;
     1812    if (!isPrevalent && !isThirdPartyCookieBlockingEnabled())
     1813        return CookieAccess::BasedOnCookiePolicy;
    18081814
    18091815    bool hadUserInteraction = statement.getColumnInt(1) ? true : false;
    1810     return hadUserInteraction ? CookieTreatmentResult::BlockAndKeep : CookieTreatmentResult::BlockAndPurge;
    1811 }
    1812    
     1816    if (!hadUserInteraction)
     1817        return CookieAccess::CannotRequest;
     1818
     1819    return CookieAccess::OnlyIfGranted;
     1820}
     1821
    18131822StorageAccessPromptWasShown ResourceLoadStatisticsDatabaseStore::hasUserGrantedStorageAccessThroughPrompt(unsigned requestingDomainID, const RegistrableDomain& firstPartyDomain) const
    18141823{
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h

    r251501 r251663  
    194194    bool predicateValueForDomain(WebCore::SQLiteStatement&, const RegistrableDomain&) const;
    195195
    196     enum class CookieTreatmentResult { Allow, BlockAndKeep, BlockAndPurge };
    197     CookieTreatmentResult cookieTreatmentForOrigin(const RegistrableDomain&) const;
     196    CookieAccess cookieAccess(const RegistrableDomain&) const;
    198197   
    199198    void setPrevalentResource(const RegistrableDomain&, ResourceLoadPrevalence);
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp

    r251547 r251663  
    213213}
    214214
     215CookieAccess ResourceLoadStatisticsMemoryStore::cookieAccess(const ResourceLoadStatistics& resourceStatistic) const
     216{
     217    if (!isThirdPartyCookieBlockingEnabled() && !resourceStatistic.isPrevalentResource)
     218        return CookieAccess::BasedOnCookiePolicy;
     219
     220    if (!resourceStatistic.hadUserInteraction)
     221        return CookieAccess::CannotRequest;
     222   
     223    return CookieAccess::OnlyIfGranted;
     224}
     225
    215226void ResourceLoadStatisticsMemoryStore::hasStorageAccess(const SubFrameDomain& subFrameDomain, const TopFrameDomain& topFrameDomain, Optional<FrameIdentifier> frameID, PageIdentifier pageID, CompletionHandler<void(bool)>&& completionHandler)
    216227{
     
    218229
    219230    auto& subFrameStatistic = ensureResourceStatisticsForRegistrableDomain(subFrameDomain);
    220     // Return false if this domain cannot ask for storage access.
    221     if (shouldBlockAndPurgeCookies(subFrameStatistic)) {
     231    switch (cookieAccess(subFrameStatistic)) {
     232    case CookieAccess::CannotRequest:
    222233        completionHandler(false);
    223234        return;
    224     }
    225 
    226     if (!shouldBlockAndKeepCookies(subFrameStatistic)) {
     235    case CookieAccess::BasedOnCookiePolicy:
    227236        RunLoop::main().dispatch([store = makeRef(store()), subFrameDomain = subFrameDomain.isolatedCopy(), completionHandler = WTFMove(completionHandler)]() mutable {
    228237            store->hasCookies(subFrameDomain, [store = store.copyRef(), completionHandler = WTFMove(completionHandler)](bool result) mutable {
     
    233242        });
    234243        return;
     244    case CookieAccess::OnlyIfGranted:
     245        // Handled below.
     246        break;
    235247    }
    236248
     
    249261
    250262    auto& subFrameStatistic = ensureResourceStatisticsForRegistrableDomain(subFrameDomain);
    251     if (shouldBlockAndPurgeCookies(subFrameStatistic)) {
     263    switch (cookieAccess(subFrameStatistic)) {
     264    case CookieAccess::CannotRequest:
    252265        RELEASE_LOG_INFO_IF(debugLoggingEnabled(), ITPDebug, "Cannot grant storage access to %{public}s since its cookies are blocked in third-party contexts and it has not received user interaction as first-party.", subFrameDomain.string().utf8().data());
    253266        completionHandler(StorageAccessStatus::CannotRequestAccess);
    254267        return;
    255     }
    256 
    257     if (!shouldBlockAndKeepCookies(subFrameStatistic)) {
    258         RELEASE_LOG_INFO_IF(debugLoggingEnabled(), ITPDebug, "No need to grant storage access to %{public}s since its cookies are not blocked in third-party contexts.", subFrameDomain.string().utf8().data());
     268    case CookieAccess::BasedOnCookiePolicy:
     269        RELEASE_LOG_INFO_IF(debugLoggingEnabled(), ITPDebug, "No need to grant storage access to %{public}s since its cookies are not blocked in third-party contexts. Note that the underlying cookie policy may still block this third-party from setting cookies.", subFrameDomain.string().utf8().data());
    259270        completionHandler(StorageAccessStatus::HasAccess);
    260271        return;
     272    case CookieAccess::OnlyIfGranted:
     273        // Handled below.
     274        break;
    261275    }
    262276
     
    284298
    285299    if (domainInNeedOfStorageAccess == openerDomain)
    286         return;
    287 
    288     auto& domainInNeedOfStorageAccessStatistic = ensureResourceStatisticsForRegistrableDomain(domainInNeedOfStorageAccess);
    289     auto cookiesBlockedAndPurged = shouldBlockAndPurgeCookies(domainInNeedOfStorageAccessStatistic);
    290 
    291     // The domain already has access if its cookies are not blocked.
    292     if (!cookiesBlockedAndPurged && !shouldBlockAndKeepCookies(domainInNeedOfStorageAccessStatistic))
    293300        return;
    294301
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.h

    r251391 r251663  
    9898    void calculateAndSubmitTelemetry() const override;
    9999
     100    CookieAccess cookieAccess(const ResourceLoadStatistics&) const;
    100101    void hasStorageAccess(const SubFrameDomain&, const TopFrameDomain&, Optional<WebCore::FrameIdentifier>, WebCore::PageIdentifier, CompletionHandler<void(bool)>&&) override;
    101102    void requestStorageAccess(SubFrameDomain&&, TopFrameDomain&&, WebCore::FrameIdentifier, WebCore::PageIdentifier, CompletionHandler<void(StorageAccessStatus)>&&) override;
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsStore.h

    r251391 r251663  
    7676
    7777enum class OperatingDatesWindow : bool { Long, Short };
     78enum class CookieAccess : uint8_t { CannotRequest, BasedOnCookiePolicy, OnlyIfGranted };
    7879
    7980// This is always constructed / used / destroyed on the WebResourceLoadStatisticsStore's statistics queue.
     
    161162    bool isDebugModeEnabled() const { return m_debugModeEnabled; };
    162163    void setPrevalentResourceForDebugMode(const RegistrableDomain&);
     164    void setIsThirdPartyCookieBlockingEnabled(bool enabled) { m_thirdPartyCookieBlockingEnabled = enabled; };
     165    bool isThirdPartyCookieBlockingEnabled() const { return m_thirdPartyCookieBlockingEnabled; };
    163166
    164167    virtual void hasStorageAccess(const SubFrameDomain&, const TopFrameDomain&, Optional<WebCore::FrameIdentifier>, WebCore::PageIdentifier, CompletionHandler<void(bool)>&&) = 0;
     
    268271    bool m_debugLoggingEnabled { false };
    269272    bool m_debugModeEnabled { false };
     273    bool m_thirdPartyCookieBlockingEnabled { false };
    270274    bool m_dataRecordsBeingRemoved { false };
    271275    ShouldIncludeLocalhost m_shouldIncludeLocalhost { ShouldIncludeLocalhost::Yes };
  • trunk/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp

    r251445 r251663  
    447447}
    448448
     449void WebResourceLoadStatisticsStore::setIsThirdPartyCookieBlockingEnabled(bool enabled)
     450{
     451    ASSERT(RunLoop::isMain());
     452
     453    if (m_networkSession) {
     454        if (auto* storageSession = m_networkSession->networkStorageSession())
     455            storageSession->setIsThirdPartyCookieBlockingEnabled(enabled);
     456        else
     457            ASSERT_NOT_REACHED();
     458    }
     459
     460    postTask([this, enabled]() {
     461        if (!m_statisticsStore)
     462            return;
     463
     464        m_statisticsStore->setIsThirdPartyCookieBlockingEnabled(enabled);
     465    });
     466}
     467
    449468void WebResourceLoadStatisticsStore::didCreateNetworkProcess()
    450469{
  • trunk/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h

    r251361 r251663  
    179179
    180180    void hasCookies(const RegistrableDomain&, CompletionHandler<void(bool)>&&);
    181 
     181    void setIsThirdPartyCookieBlockingEnabled(bool);
    182182    void didCreateNetworkProcess();
    183183
  • trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp

    r251659 r251663  
    12561256void NetworkProcess::setShouldBlockThirdPartyCookiesForTesting(PAL::SessionID sessionID, bool enabled, CompletionHandler<void()>&& completionHandler)
    12571257{
    1258     if (auto* networkStorageSession = storageSession(sessionID))
    1259         networkStorageSession->setIsThirdPartyCookieBlockingEnabled(enabled);
     1258    if (auto* networkSession = this->networkSession(sessionID))
     1259        networkSession->setIsThirdPartyCookieBlockingEnabled(enabled);
    12601260    else
    12611261        ASSERT_NOT_REACHED();
  • trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp

    r250866 r251663  
    171171    if (!m_resourceLoadStatisticsManualPrevalentResource.isEmpty())
    172172        m_resourceLoadStatistics->setPrevalentResourceForDebugMode(m_resourceLoadStatisticsManualPrevalentResource, [] { });
     173    m_resourceLoadStatistics->setIsThirdPartyCookieBlockingEnabled(m_thirdPartyCookieBlockingEnabled);
    173174}
    174175
     
    219220}
    220221
     222void NetworkSession::setIsThirdPartyCookieBlockingEnabled(bool enabled)
     223{
     224    ASSERT(m_resourceLoadStatistics);
     225    m_thirdPartyCookieBlockingEnabled = enabled;
     226    if (m_resourceLoadStatistics)
     227        m_resourceLoadStatistics->setIsThirdPartyCookieBlockingEnabled(m_thirdPartyCookieBlockingEnabled);
     228}
    221229#endif // ENABLE(RESOURCE_LOAD_STATISTICS)
    222230
  • trunk/Source/WebKit/NetworkProcess/NetworkSession.h

    r251213 r251663  
    9898    void setShouldDowngradeReferrerForTesting(bool);
    9999    bool shouldDowngradeReferrer() const;
    100     void setShouldBlockThirdPartyCookiesForTesting(bool);
     100    void setIsThirdPartyCookieBlockingEnabled(bool);
    101101#endif
    102102    void storeAdClickAttribution(WebCore::AdClickAttribution&&);
     
    143143    bool m_enableResourceLoadStatisticsLogTestingEvent;
    144144    bool m_downgradeReferrer { true };
     145    bool m_thirdPartyCookieBlockingEnabled { false };
    145146#endif
    146147    UniqueRef<AdClickAttributionManager> m_adClickAttribution;
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

    r251467 r251663  
    11101110    m_enableResourceLoadStatisticsDebugMode = parameters.enableResourceLoadStatisticsDebugMode ? EnableResourceLoadStatisticsDebugMode::Yes : EnableResourceLoadStatisticsDebugMode::No;
    11111111    m_resourceLoadStatisticsManualPrevalentResource = parameters.resourceLoadStatisticsManualPrevalentResource;
    1112     storageSession->setIsThirdPartyCookieBlockingEnabled(parameters.enableThirdPartyCookieBlocking);
     1112    m_thirdPartyCookieBlockingEnabled = parameters.enableThirdPartyCookieBlocking;
    11131113    setResourceLoadStatisticsEnabled(parameters.enableResourceLoadStatistics);
    11141114#endif
  • trunk/Tools/ChangeLog

    r251661 r251663  
     12019-10-28  John Wilander  <wilander@apple.com>
     2
     3        Storage Access API: Make the API work with the experimental 3rd-party cookie blocking
     4        https://bugs.webkit.org/show_bug.cgi?id=203428
     5        <rdar://problem/56626949>
     6
     7        Reviewed by Alex Christensen.
     8
     9        * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
     10        (WTR::TestRunner::statisticsCallDidSetShouldDowngradeReferrerCallback):
     11        (WTR::TestRunner::statisticsCallDidSetShouldBlockThirdPartyCookiesCallback):
     12            Both of these were missing resets of their m_hasSet*Callback booleans.
     13
    1142019-10-28  Jonathan Bedard  <jbedard@apple.com>
    215
  • trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp

    r251630 r251663  
    22082208{
    22092209    callTestRunnerCallback(StatisticsDidSetShouldDowngradeReferrerCallbackID);
     2210    m_hasSetDowngradeReferrerCallback = false;
    22102211}
    22112212
     
    22252226{
    22262227    callTestRunnerCallback(StatisticsDidSetShouldBlockThirdPartyCookiesCallbackID);
     2228    m_hasSetBlockThirdPartyCookiesCallback = false;
    22272229}
    22282230
Note: See TracChangeset for help on using the changeset viewer.