Changeset 259520 in webkit

Timestamp:

Apr 3, 2020 4:39:06 PM (4 years ago)

Author:

Kate Cheney

Message:

Prevent non app-bound domain cookies from being read or set using API calls
​https://bugs.webkit.org/show_bug.cgi?id=209926
<rdar://problem/61071428>

Reviewed by Brady Eidson.

Source/WebKit:

This patch filters out setting and fetching of cookies via API call
to only set or return app-bound cookies.

• UIProcess/API/APIHTTPCookieStore.cpp:

(API::HTTPCookieStore::filterAppBoundCookies):
This function queries the websiteDataStore for the WKAppBoundDomains
entries and filters out non app-bound domains.

(API::HTTPCookieStore::cookies):
(API::HTTPCookieStore::cookiesForURL):
(API::HTTPCookieStore::setCookies):
These functions were updated to set/return the cookies after they've
been filtered through the WKAppBoundDomains.

• UIProcess/API/APIHTTPCookieStore.h:
• UIProcess/API/Cocoa/WKWebsiteDataStore.mm:

(-[WKWebsiteDataStore _appBoundDomains:]):

• UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:

(WebKit::WebsiteDataStore::getAppBoundDomains const):
(WebKit::WebsiteDataStore::appBoundDomainsForTesting const): Deleted.
Utilize a function formerly used for testing only to be used in the
HTTPCookieStore.

• UIProcess/WebsiteData/WebsiteDataStore.h:

Tools:

Added 3 new API tests to test that non app-bound cookies are not being
set or returned via API calls. Also added a function to reset state
between tests for internal debugging.

• TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:

(setUpCookieTest):
(TEST):

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/APIHTTPCookieStore.cpp (modified) (7 diffs)
• Source/WebKit/UIProcess/API/APIHTTPCookieStore.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm (modified) (1 diff)
• Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm (modified) (1 diff)
• Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm (modified) (15 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-04-03  Kate Cheney  <katherine_cheney@apple.com>
+
+        Prevent non app-bound domain cookies from being read or set using API calls
+        https://bugs.webkit.org/show_bug.cgi?id=209926
+        <rdar://problem/61071428>
+
+        Reviewed by Brady Eidson.
+
+        This patch filters out setting and fetching of cookies via API call 
+        to only set or return app-bound cookies.
+
+        * UIProcess/API/APIHTTPCookieStore.cpp:
+        (API::HTTPCookieStore::filterAppBoundCookies):
+        This function queries the websiteDataStore for the WKAppBoundDomains
+        entries and filters out non app-bound domains.
+
+        (API::HTTPCookieStore::cookies):
+        (API::HTTPCookieStore::cookiesForURL):
+        (API::HTTPCookieStore::setCookies):
+        These functions were updated to set/return the cookies after they've
+        been filtered through the WKAppBoundDomains.
+
+        * UIProcess/API/APIHTTPCookieStore.h:
+        * UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
+        (-[WKWebsiteDataStore _appBoundDomains:]):
+        * UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
+        (WebKit::WebsiteDataStore::getAppBoundDomains const):
+        (WebKit::WebsiteDataStore::appBoundDomainsForTesting const): Deleted.
+        Utilize a function formerly used for testing only to be used in the
+        HTTPCookieStore.
+
+        * UIProcess/WebsiteData/WebsiteDataStore.h:
+
 2020-04-03  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Source/WebKit/UIProcess/API/APIHTTPCookieStore.cpp

@@ -30 +30 @@
 #include "WebProcessPool.h"
 #include "WebsiteDataStore.h"
+#include "WebsiteDataStoreParameters.h"
 #include <WebCore/Cookie.h>
 #include <WebCore/CookieStorage.h>
@@ -35 +36 @@
 #include <WebCore/NetworkStorageSession.h>
 
+#if USE(APPLE_INTERNAL_SDK)
+#include <WebKitAdditions/HTTPCookieStoreAdditions.h>
+#else
+#define IN_APP_BROWSER_PRIVACY_ENABLED false
+#define IMPLEMENT_IN_APP_BROWSER_PRIVACY_ENABLED
+#endif
+
 using namespace WebKit;
 
@@ -53 +61 @@
 
     unregisterForNewProcessPoolNotifications();
+}
+
+void HTTPCookieStore::filterAppBoundCookies(const Vector<WebCore::Cookie>& cookies, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&& completionHandler)
+{
+    Vector<WebCore::Cookie> appBoundCookies;
+#if PLATFORM(IOS_FAMILY)
+    m_owningDataStore->getAppBoundDomains([this, protectedThis = makeRef(*this), cookies, appBoundCookies = WTFMove(appBoundCookies), completionHandler = WTFMove(completionHandler)] (auto& domains) mutable {
+        if (m_owningDataStore->parameters().networkSessionParameters.isInAppBrowserPrivacyEnabled || IN_APP_BROWSER_PRIVACY_ENABLED) {
+            IMPLEMENT_IN_APP_BROWSER_PRIVACY_ENABLED
+            for (auto& cookie : cookies) {
+                if (domains.contains(WebCore::RegistrableDomain::uncheckedCreateFromHost(cookie.domain)))
+                    appBoundCookies.append(cookie);
+            }
+        } else
+            appBoundCookies = cookies;
+        completionHandler(WTFMove(appBoundCookies));
+    });
+#else
+    appBoundCookies = cookies;
+    completionHandler(WTFMove(appBoundCookies));
+#endif
 }
 
@@ -64 +93 @@
         allCookies.appendVector(m_owningDataStore->pendingCookies());
 
-        RunLoop::main().dispatch([completionHandler = WTFMove(completionHandler), allCookies] () mutable {
-            completionHandler(allCookies);
+        RunLoop::main().dispatch([this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler), allCookies] () mutable {
+            filterAppBoundCookies(allCookies, WTFMove(completionHandler));
         });
         return;
@@ -71 +100 @@
 
     auto* cookieManager = pool->supplement<WebKit::WebCookieManagerProxy>();
-    cookieManager->getAllCookies(m_owningDataStore->sessionID(), [pool = WTFMove(pool), completionHandler = WTFMove(completionHandler)] (const Vector<WebCore::Cookie>& cookies) mutable {
-        completionHandler(cookies);
+    cookieManager->getAllCookies(m_owningDataStore->sessionID(), [this, protectedThis = makeRef(*this), pool = WTFMove(pool), completionHandler = WTFMove(completionHandler)] (const Vector<WebCore::Cookie>& cookies) mutable {
+        filterAppBoundCookies(cookies, WTFMove(completionHandler));
     });
 }
@@ -83 +112 @@
 
     auto* cookieManager = pool->supplement<WebKit::WebCookieManagerProxy>();
-    cookieManager->getCookies(m_owningDataStore->sessionID(), url, [completionHandler = WTFMove(completionHandler)] (Vector<WebCore::Cookie>&& cookies) mutable {
-        completionHandler(WTFMove(cookies));
+    cookieManager->getCookies(m_owningDataStore->sessionID(), url, [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (Vector<WebCore::Cookie>&& cookies) mutable {
+        filterAppBoundCookies(cookies, WTFMove(completionHandler));
     });
 }
@@ -90 +119 @@
 void HTTPCookieStore::setCookies(const Vector<WebCore::Cookie>& cookies, CompletionHandler<void()>&& completionHandler)
 {
-    auto* pool = m_owningDataStore->processPoolForCookieStorageOperations();
-    if (!pool) {
-        for (auto& cookie : cookies) {
-            // FIXME: pendingCookies used for defaultSession because session cookies cannot be propagated to Network Process with uiProcessCookieStorageIdentifier.
-            if (m_owningDataStore->sessionID() == PAL::SessionID::defaultSessionID() && !cookie.session)
-                setCookieInDefaultUIProcessCookieStore(cookie);
-            else
-                m_owningDataStore->addPendingCookie(cookie);
+    filterAppBoundCookies(cookies, [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (auto&& appBoundCookies) mutable {
+        auto* pool = m_owningDataStore->processPoolForCookieStorageOperations();
+        if (!pool) {
+            for (auto& cookie : appBoundCookies) {
+                // FIXME: pendingCookies used for defaultSession because session cookies cannot be propagated to Network Process with uiProcessCookieStorageIdentifier.
+                if (m_owningDataStore->sessionID() == PAL::SessionID::defaultSessionID() && !cookie.session)
+                    setCookieInDefaultUIProcessCookieStore(cookie);
+                else
+                    m_owningDataStore->addPendingCookie(cookie);
+            }
+
+            RunLoop::main().dispatch(WTFMove(completionHandler));
+            return;
         }
 
-        RunLoop::main().dispatch(WTFMove(completionHandler));
-        return;
-    }
-
-    auto* cookieManager = pool->supplement<WebKit::WebCookieManagerProxy>();
-    cookieManager->setCookies(m_owningDataStore->sessionID(), cookies, [pool = WTFMove(pool), completionHandler = WTFMove(completionHandler)] () mutable {
-        completionHandler();
+        auto* cookieManager = pool->supplement<WebKit::WebCookieManagerProxy>();
+        cookieManager->setCookies(m_owningDataStore->sessionID(), appBoundCookies, [pool = WTFMove(pool), completionHandler = WTFMove(completionHandler)] () mutable {
+            completionHandler();
+        });
     });
 }

trunk/Source/WebKit/UIProcess/API/APIHTTPCookieStore.h

@@ -78 +78 @@
     void cookieManagerDestroyed();
 
+    void filterAppBoundCookies(const Vector<WebCore::Cookie>&, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&&);
+
 private:
     HTTPCookieStore(WebKit::WebsiteDataStore&);

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm

@@ -614 +614 @@
 - (void)_appBoundDomains:(void (^)(NSArray<NSString *> *))completionHandler
 {
-    _websiteDataStore->appBoundDomainsForTesting([completionHandler = makeBlockPtr(completionHandler)](auto& domains) mutable {
+    _websiteDataStore->getAppBoundDomains([completionHandler = makeBlockPtr(completionHandler)](auto& domains) mutable {
         Vector<RefPtr<API::Object>> apiDomains;
         apiDomains.reserveInitialCapacity(domains.size());

trunk/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm

@@ -467 +467 @@
 }
 
-void WebsiteDataStore::appBoundDomainsForTesting(CompletionHandler<void(const HashSet<WebCore::RegistrableDomain>&)>&& completionHandler) const
-{
+void WebsiteDataStore::getAppBoundDomains(CompletionHandler<void(const HashSet<WebCore::RegistrableDomain>&)>&& completionHandler) const
+{
+    ASSERT(RunLoop::isMain());
+
     ensureAppBoundDomains([completionHandler = WTFMove(completionHandler)] (auto& domains) mutable {
         completionHandler(domains);

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h

@@ -288 +288 @@
 
     void beginAppBoundDomainCheck(const URL&, WebFramePolicyListenerProxy&);
-    void appBoundDomainsForTesting(CompletionHandler<void(const HashSet<WebCore::RegistrableDomain>&)>&&) const;
+    void getAppBoundDomains(CompletionHandler<void(const HashSet<WebCore::RegistrableDomain>&)>&&) const;
     void ensureAppBoundDomains(CompletionHandler<void(const HashSet<WebCore::RegistrableDomain>&)>&&) const;
     void reinitializeAppBoundDomains();

trunk/Tools/ChangeLog

@@ +1 @@
+2020-04-03  Kate Cheney  <katherine_cheney@apple.com>
+
+        Prevent non app-bound domain cookies from being read or set using API calls
+        https://bugs.webkit.org/show_bug.cgi?id=209926
+        <rdar://problem/61071428>
+
+        Reviewed by Brady Eidson.
+
+        Added 3 new API tests to test that non app-bound cookies are not being
+        set or returned via API calls. Also added a function to reset state
+        between tests for internal debugging.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:
+        (setUpCookieTest):
+        (TEST):
+
 2020-04-03  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm

@@ -32 +32 @@
 #import <WebCore/RegistrableDomain.h>
 #import <WebCore/RuntimeApplicationChecks.h>
+#import <WebKit/WKHTTPCookieStorePrivate.h>
 #import <WebKit/WKPreferencesPrivate.h>
 #import <WebKit/WKUserContentControllerPrivate.h>
@@ -79 +80 @@
 @end
 
+static void cleanUpInAppBrowserPrivacyTestSettings()
+{
+    IN_APP_BROWSER_PRIVACY_ADDITIONS_2
+}
+
 static void initializeInAppBrowserPrivacyTestSettings()
 {
@@ -120 +126 @@
         EXPECT_EQ(NO, [result boolValue]);
         EXPECT_FALSE(!!error);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -161 +168 @@
         EXPECT_EQ(NO, [result boolValue]);
         EXPECT_FALSE(!!error);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -203 +211 @@
         EXPECT_FALSE(result);
         EXPECT_TRUE(!!error);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -246 +255 @@
         EXPECT_FALSE(result);
         EXPECT_TRUE(!!error);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -266 +276 @@
             EXPECT_WK_STREQ([sortedDomains objectAtIndex:i], [domainsToCompare objectAtIndex:i]);
 
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -285 +296 @@
     [webView _isNavigatingToAppBoundDomain:^(BOOL isAppBound) {
         EXPECT_TRUE(isAppBound);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -303 +315 @@
     [webView _isNavigatingToAppBoundDomain:^(BOOL isAppBound) {
         EXPECT_TRUE(isAppBound);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -321 +334 @@
     [webView _isNavigatingToAppBoundDomain:^(BOOL isAppBound) {
         EXPECT_TRUE(isAppBound);
+        cleanUpInAppBrowserPrivacyTestSettings();
         isDone = true;
     }];
@@ -365 +379 @@
 
     expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
+    cleanUpInAppBrowserPrivacyTestSettings();
 }
 
@@ -386 +401 @@
 
     expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
+    cleanUpInAppBrowserPrivacyTestSettings();
 }
 
@@ -411 +427 @@
     // The subframe should also be affected.
     expectScriptEvaluatesToColor(webView.get(), frameBackgroundColorScript, redInRGB);
+    cleanUpInAppBrowserPrivacyTestSettings();
 }
 
@@ -437 +454 @@
     // check without needing a message handler.
     expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
+    cleanUpInAppBrowserPrivacyTestSettings();
 }
 
@@ -475 +493 @@
     // check without needing a message handler.
     expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
+    cleanUpInAppBrowserPrivacyTestSettings();
+}
+
+static RetainPtr<WKHTTPCookieStore> globalCookieStore;
+static bool gotFlag = false;
+
+static void setUpCookieTest()
+{
+    globalCookieStore = [[WKWebsiteDataStore defaultDataStore] httpCookieStore];
+    NSArray<NSHTTPCookie *> *cookies = nil;
+    [globalCookieStore getAllCookies:[cookiesPtr = &cookies](NSArray<NSHTTPCookie *> *nsCookies) {
+        *cookiesPtr = [nsCookies retain];
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    for (id cookie in cookies) {
+        gotFlag = false;
+        [globalCookieStore deleteCookie:cookie completionHandler:[]() {
+            gotFlag = true;
+        }];
+        TestWebKitAPI::Util::run(&gotFlag);
+    }
+
+    cookies = nil;
+    gotFlag = false;
+    [globalCookieStore getAllCookies:[cookiesPtr = &cookies](NSArray<NSHTTPCookie *> *nsCookies) {
+        *cookiesPtr = [nsCookies retain];
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    // Make sure the cookie store starts out empty.
+    ASSERT_EQ(cookies.count, 0u);
+    [cookies release];
+
+    gotFlag = false;
+}
+
+TEST(InAppBrowserPrivacy, SetCookieForNonAppBoundDomainFails)
+{
+    initializeInAppBrowserPrivacyTestSettings();
+    [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+
+    auto dataStore = [WKWebsiteDataStore defaultDataStore];
+    auto webView = adoptNS([TestWKWebView new]);
+    [webView loadHTMLString:@"Oh hello" baseURL:[NSURL URLWithString:@"http://webkit.org"]];
+    [webView _test_waitForDidFinishNavigation];
+
+    setUpCookieTest();
+    globalCookieStore = [dataStore httpCookieStore];
+
+    NSArray<NSHTTPCookie *> *cookies = nil;
+
+    // Non app-bound cookie.
+    RetainPtr<NSHTTPCookie> nonAppBoundCookie = [NSHTTPCookie cookieWithProperties:@{
+        NSHTTPCookiePath: @"/",
+        NSHTTPCookieName: @"nonAppBoundName",
+        NSHTTPCookieValue: @"nonAppBoundValue",
+        NSHTTPCookieDomain: @"nonAppBoundDomain.com",
+    }];
+
+    // App-bound cookie.
+    RetainPtr<NSHTTPCookie> appBoundCookie = [NSHTTPCookie cookieWithProperties:@{
+        NSHTTPCookiePath: @"/",
+        NSHTTPCookieName: @"webKitName",
+        NSHTTPCookieValue: @"webKitValue",
+        NSHTTPCookieDomain: @"www.webkit.org",
+    }];
+
+    gotFlag = false;
+    // This should not actually set a cookie.
+    [globalCookieStore setCookie:nonAppBoundCookie.get() completionHandler:[]() {
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+    gotFlag = false;
+
+    // This should successfully set a cookie.
+    [globalCookieStore setCookie:appBoundCookie.get() completionHandler:[]() {
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    cleanUpInAppBrowserPrivacyTestSettings();
+    [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+    gotFlag = false;
+
+    // Check the cookie store to make sure only one cookie was set.
+    [globalCookieStore getAllCookies:[cookiesPtr = &cookies](NSArray<NSHTTPCookie *> *nsCookies) {
+        *cookiesPtr = [nsCookies retain];
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    ASSERT_EQ(cookies.count, 1u);
+
+    [cookies release];
+    gotFlag = false;
+    [globalCookieStore deleteCookie:appBoundCookie.get() completionHandler:[]() {
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+}
+
+TEST(InAppBrowserPrivacy, GetCookieForNonAppBoundDomainFails)
+{
+    // Since we can't set non-app-bound cookies with In-App Browser privacy protections on,
+    // we can turn the protections off to set a cookie we will then try to get with protections enabled.
+    [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+
+    setUpCookieTest();
+    globalCookieStore = [[WKWebsiteDataStore defaultDataStore] httpCookieStore];
+    NSArray<NSHTTPCookie *> *cookies = nil;
+
+    // Non app-bound cookie.
+    RetainPtr<NSHTTPCookie> nonAppBoundCookie = [NSHTTPCookie cookieWithProperties:@{
+        NSHTTPCookiePath: @"/",
+        NSHTTPCookieName: @"CookieName",
+        NSHTTPCookieValue: @"CookieValue",
+        NSHTTPCookieDomain: @"nonAppBoundDomain.com",
+    }];
+
+    // App-bound cookie.
+    RetainPtr<NSHTTPCookie> appBoundCookie = [NSHTTPCookie cookieWithProperties:@{
+        NSHTTPCookiePath: @"/",
+        NSHTTPCookieName: @"OtherCookieName",
+        NSHTTPCookieValue: @"OtherCookieValue",
+        NSHTTPCookieDomain: @"www.webkit.org",
+    }];
+
+    auto webView = adoptNS([TestWKWebView new]);
+    [webView synchronouslyLoadHTMLString:@"start network process"];
+
+    // This should successfully set a cookie because protections are off.
+    [globalCookieStore setCookie:nonAppBoundCookie.get() completionHandler:[]() {
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+    gotFlag = false;
+
+    [globalCookieStore setCookie:appBoundCookie.get() completionHandler:[]() {
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    gotFlag = false;
+    [globalCookieStore getAllCookies:[cookiesPtr = &cookies](NSArray<NSHTTPCookie *> *nsCookies) {
+        *cookiesPtr = [nsCookies retain];
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    // Confirm both cookies are in the store.
+    ASSERT_EQ(cookies.count, 2u);
+
+    // Now enable protections and ensure we can only retrieve the app-bound cookies.
+    [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+    initializeInAppBrowserPrivacyTestSettings();
+
+    gotFlag = false;
+    [globalCookieStore getAllCookies:[cookiesPtr = &cookies](NSArray<NSHTTPCookie *> *nsCookies) {
+        *cookiesPtr = [nsCookies retain];
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    ASSERT_EQ(cookies.count, 1u);
+
+    [cookies release];
+
+    gotFlag = false;
+    [globalCookieStore deleteCookie:nonAppBoundCookie.get() completionHandler:[]() {
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+
+    gotFlag = false;
+    [globalCookieStore deleteCookie:appBoundCookie.get() completionHandler:[]() {
+        // Reset flag.
+        [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+        cleanUpInAppBrowserPrivacyTestSettings();
+        gotFlag = true;
+    }];
+
+    TestWebKitAPI::Util::run(&gotFlag);
+}
+
+TEST(InAppBrowserPrivacy, GetCookieForURLFails)
+{
+    // Since we can't set non-app-bound cookies with In-App Browser privacy protections on,
+    // we can turn the protections off to set a cookie we will then try to get with protections enabled.
+    [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+    setUpCookieTest();
+
+    globalCookieStore = [[WKWebsiteDataStore defaultDataStore] httpCookieStore];
+    NSHTTPCookie *nonAppBoundCookie = [NSHTTPCookie cookieWithProperties:@{
+        NSHTTPCookiePath: @"/",
+        NSHTTPCookieName: @"nonAppBoundName",
+        NSHTTPCookieValue: @"nonAppBoundValue",
+        NSHTTPCookieDomain: @"nonAppBoundDomain.com",
+    }];
+    
+    NSHTTPCookie *appBoundCookie = [NSHTTPCookie cookieWithProperties:@{
+        NSHTTPCookiePath: @"/",
+        NSHTTPCookieName: @"webKitName",
+        NSHTTPCookieValue: @"webKitValue",
+        NSHTTPCookieDomain: @"webkit.org",
+    }];
+
+    __block bool done = false;
+    auto webView = adoptNS([TestWKWebView new]);
+    [webView synchronouslyLoadHTMLString:@"start network process"];
+    [globalCookieStore setCookie:nonAppBoundCookie completionHandler:^{
+        [globalCookieStore setCookie:appBoundCookie completionHandler:^{
+
+            // Now enable protections and ensure we can only retrieve the app-bound cookies.
+            [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+            initializeInAppBrowserPrivacyTestSettings();
+
+            [globalCookieStore _getCookiesForURL:[NSURL URLWithString:@"https://webkit.org/"] completionHandler:^(NSArray<NSHTTPCookie *> *cookies) {
+                EXPECT_EQ(cookies.count, 1ull);
+                EXPECT_WK_STREQ(cookies[0].name, "webKitName");
+                [globalCookieStore _getCookiesForURL:[NSURL URLWithString:@"https://nonAppBoundDomain.com/"] completionHandler:^(NSArray<NSHTTPCookie *> *cookies) {
+                    EXPECT_EQ(cookies.count, 0u);
+                    [globalCookieStore deleteCookie:nonAppBoundCookie completionHandler:^{
+                        [globalCookieStore deleteCookie:appBoundCookie completionHandler:^{
+                            [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"WebKitDebugIsInAppBrowserPrivacyEnabled"];
+                            cleanUpInAppBrowserPrivacyTestSettings();
+                            done = true;
+                        }];
+                    }];
+                }];
+            }];
+        }];
+    }];
+    TestWebKitAPI::Util::run(&done);
 }