Context Navigation

← Previous Changeset
Next Changeset →

Changeset 265389 in webkit

Timestamp:

Aug 7, 2020 1:40:32 PM (4 years ago)

Author:

wilander@apple.com

Message:

Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
https://bugs.webkit.org/show_bug.cgi?id=215201
<rdar://problem/57454633>

Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.

Source/WebCore:

Tests: http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html

http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html

page/Settings.yaml:

Added the off-by-default flag isCNAMECloakingMitigationEnabled.

platform/network/NetworkStorageSession.cpp:

(WebCore::NetworkStorageSession::resourceLoadStatisticsEnabled const):

New getter for the ITP setting.

platform/network/NetworkStorageSession.h:
platform/network/cocoa/NetworkStorageSessionCocoa.mm:

(WebCore::NetworkStorageSession::capExpiryOfPersistentCookie):

Broke this function out so that it can be reused.

(WebCore::parseDOMCookie):

Here's from where the function above was broken out.
The existing functionality has a test case.

Source/WebCore/PAL:

pal/spi/cf/CFNetworkSPI.h:

This change declares two new properties on NSURLSessionTask:

_cookieTransformCallback
_resolvedCNAMEChain

Source/WebKit:

This experimental feature is off by default.

CNAME cloaking means a host resolves to a a different domain, potentially a
third-party domain, as part of DNS resolution.

This patch makes WebKit::NetworkDataTaskCocoa capture any CNAME cloaking for
the first party host and stores it in a table in the WebKit::NetworkSession.
It then checks first party subresource loads to see if they resolve to a
different domain and if so, compare that domain to both the first party
domain and its CNAME cloaking domain, if there is one. If there's a
mismatch, it's deemed a case of third-party CNAME cloaking and any cookies
set in the response of the cloaked subresource load will have their expiry
capped to 7 days.

The cases for capping expiry look like this (and are backed by test cases):

First-party host | First-party subdomain | Capped expiry

This patch makes use of two new CFNetwork SPIs on NSURLSessionTask:

_cookieTransformCallback
_resolvedCNAMEChain

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::resetParametersToDefaultValues):

This reset now covers the new CNAME cloaking member variables.

(WebKit::NetworkProcess::setIsRunningResourceLoadStatisticsTest):

This function now also enables the CNAME cloaking code.

(WebKit::NetworkProcess::setFirstPartyHostCNAMEDomainForTesting):
(WebKit::NetworkProcess::setThirdPartyCNAMEDomainForTesting):

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:

New IPC to forward test configuration.

NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::NetworkSession):

Now picks up the flag for this feature.

(WebKit::NetworkSession::setFirstPartyHostCNAMEDomain):

This is called from NetworkDataTaskCocoa::updateFirstPartyInfoForTaskAndSession()
when there is CNAME cloaking for the first party host. This is done to make it
possible to not cap the expiry of cookies if subsequent subresource loads have
CNAME cloaking that matches the first-party host's CNAME cloaking. This happens
when whole websites are hosted on edge networks.
This function is also used by the test infrastructure to mock the DNS resolution
for a first-party host.

(WebKit::NetworkSession::firstPartyHostCNAMEDomain):

This returns any captured CNAME cloaking for a host, if there is one.

(WebKit::NetworkSession::resetCNAMEDomainData):

NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::setCNAMECloakingMitigationEnabled):
(WebKit::NetworkSession::cnameCloakingMitigationEnabled const):
(WebKit::NetworkSession::setThirdPartyCNAMEDomainForTesting):

This test functions allows us to mock the DNS resolution for a subresource.

(WebKit::NetworkSession::thirdPartyCNAMEDomainForTesting const):

NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::hasCNAMEAndCookieTransformSPI):
(WebKit::lastCNAMEDomain):
(WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession):

This is called by NetworkDataTaskCocoa::didReceiveResponse() to capture any
CNAME cloaking for the first-party host.

(WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking):

This is called in the NetworkDataTaskCocoa constructor and in
NetworkDataTaskCocoa::willPerformHTTPRedirection() and sets the new
_cookieTransformCallback SPI property on the task which will check the
response for any third-party CNAME cloaking and cap the expiry of incoming
cookies accordingly.

(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):

This now calls
NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking().

(WebKit::NetworkDataTaskCocoa::didReceiveResponse):

This now calls
NetworkDataTaskCocoa::updateFirstPartyInfoForTaskAndSession().

(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):

This now calls
NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking().

Shared/ResourceLoadStatisticsParameters.h:

Now holds a WebCore::CNAMECloakingMitigationEnabled flag.

(WebKit::ResourceLoadStatisticsParameters::encode const):
(WebKit::ResourceLoadStatisticsParameters::decode):

Shared/WebPreferences.yaml:
UIProcess/API/C/WKWebsiteDataStoreRef.cpp:

(WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting):

Used to mock CNAME resolution data.

(WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTesting):

Used to mock CNAME resolution data.

UIProcess/API/C/WKWebsiteDataStoreRef.h:
UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::setFirstPartyHostCNAMEDomainForTesting):
(WebKit::NetworkProcessProxy::setThirdPartyCNAMEDomainForTesting):

UIProcess/Network/NetworkProcessProxy.h:
UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::ensureNetworkProcess):

Now handles the WebCore::CNAMECloakingMitigationEnabled flag.

UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:

(WebKit::WebsiteDataStore::platformSetNetworkParameters):

Now handles the WebCore::CNAMECloakingMitigationEnabled flag.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::setResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting):
(WebKit::WebsiteDataStore::setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting):
(WebKit::WebsiteDataStore::parameters):

UIProcess/WebsiteData/WebsiteDataStore.h:

Source/WTF:

This change defines HAVE_CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI.

wtf/PlatformHave.h:

Tools:

This patch adds two TestRunner functions which allows for testing
with data that would otherwise come from DNS resolution:

statisticsSetFirstPartyHostCNAMEDomain()
statisticsSetThirdPartyCNAMEDomain()

WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::didReceiveMessageToPage):

WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::statisticsSetFirstPartyHostCNAMEDomain):
(WTR::TestRunner::statisticsCallDidSetFirstPartyHostCNAMEDomainCallback):
(WTR::TestRunner::statisticsSetThirdPartyCNAMEDomain):
(WTR::TestRunner::statisticsCallDidSetThirdPartyCNAMEDomainCallback):

WebKitTestRunner/InjectedBundle/TestRunner.h:
WebKitTestRunner/TestController.cpp:

(WTR::TestController::setStatisticsFirstPartyHostCNAMEDomain):
(WTR::TestController::setStatisticsThirdPartyCNAMEDomain):

WebKitTestRunner/TestController.h:
WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::didReceiveMessageFromInjectedBundle):
(WTR::TestInvocation::didSetFirstPartyHostCNAMEDomain):
(WTR::TestInvocation::didSetThirdPartyCNAMEDomain):

WebKitTestRunner/TestInvocation.h:

LayoutTests:

http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname-expected.txt: Added.
http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html: Added.
platform/ios-13/TestExpectations:

New tests marked as [ Skip ].

platform/ios-wk2/TestExpectations:

New tests marked as [ Pass ] in general.

platform/mac-wk2/TestExpectations:

New tests marked as [ Pass ] for BigSur+.

platform/wk2/TestExpectations:

New tests marked as [ Skip ] in general.

Location:

trunk

Files:

: 14 added
: 41 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname-expected.txt (added)
LayoutTests/http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html (added)
LayoutTests/platform/ios-13/TestExpectations (modified) (1 diff)
LayoutTests/platform/ios-wk2/TestExpectations (modified) (1 diff)
LayoutTests/platform/mac-wk2/TestExpectations (modified) (1 diff)
LayoutTests/platform/wk2/TestExpectations (modified) (1 diff)
Source/WTF/ChangeLog (modified) (1 diff)
Source/WTF/wtf/PlatformHave.h (modified) (1 diff)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/PAL/ChangeLog (modified) (1 diff)
Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (modified) (1 diff)
Source/WebCore/page/Settings.yaml (modified) (1 diff)
Source/WebCore/platform/network/NetworkStorageSession.cpp (modified) (1 diff)
Source/WebCore/platform/network/NetworkStorageSession.h (modified) (3 diffs)
Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm (modified) (2 diffs)
Source/WebKit/ChangeLog (modified) (1 diff)
Source/WebKit/NetworkProcess/NetworkProcess.cpp (modified) (3 diffs)
Source/WebKit/NetworkProcess/NetworkProcess.h (modified) (1 diff)
Source/WebKit/NetworkProcess/NetworkProcess.messages.in (modified) (1 diff)
Source/WebKit/NetworkProcess/NetworkSession.cpp (modified) (2 diffs)
Source/WebKit/NetworkProcess/NetworkSession.h (modified) (2 diffs)
Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h (modified) (3 diffs)
Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (modified) (5 diffs)
Source/WebKit/Shared/ResourceLoadStatisticsParameters.h (modified) (4 diffs)
Source/WebKit/Shared/WebPreferences.yaml (modified) (1 diff)
Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp (modified) (1 diff)
Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.h (modified) (1 diff)
Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp (modified) (1 diff)
Source/WebKit/UIProcess/Network/NetworkProcessProxy.h (modified) (1 diff)
Source/WebKit/UIProcess/WebProcessPool.cpp (modified) (4 diffs)
Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm (modified) (3 diffs)
Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp (modified) (2 diffs)
Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h (modified) (1 diff)
Tools/ChangeLog (modified) (1 diff)
Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl (modified) (1 diff)
Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp (modified) (1 diff)
Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp (modified) (2 diffs)
Tools/WebKitTestRunner/InjectedBundle/TestRunner.h (modified) (1 diff)
Tools/WebKitTestRunner/TestController.cpp (modified) (1 diff)
Tools/WebKitTestRunner/TestController.h (modified) (1 diff)
Tools/WebKitTestRunner/TestInvocation.cpp (modified) (2 diffs)
Tools/WebKitTestRunner/TestInvocation.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r265388
+                      r265389
+-08-07  John Wilander  <wilander@apple.com>
+        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
+        https://bugs.webkit.org/show_bug.cgi?id=215201
+        <rdar://problem/57454633>
+        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html: Added.
+        * platform/ios-13/TestExpectations:
+            New tests marked as [ Skip ].
+        * platform/ios-wk2/TestExpectations:
+            New tests marked as [ Pass ] in general.
+        * platform/mac-wk2/TestExpectations:
+            New tests marked as [ Pass ] for BigSur+.
+        * platform/wk2/TestExpectations:
+            New tests marked as [ Skip ] in general.
 -08-07  Chris Dumez  <cdumez@apple.com>

trunk/LayoutTests/platform/ios-13/TestExpectations

-                      r264950
+                      r265389
 webkit.org/b/209692 platform/ios/fast/text/text-security-disc-bullet-pua-ios-new.html [ ImageOnlyFailure ]
 webkit.org/b/209692 fast/text/text-security-disc-bullet-pua.html [ ImageOnlyFailure ]
+# The CNAME and cookie transform SPIs are only available in iOS 14 and above.
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html [ Skip ]

trunk/LayoutTests/platform/ios-wk2/TestExpectations

-                      r265385
+                      r265389
 http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html [ Pass ]
 http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html [ Pass ]
+# The CNAME and cookie transform SPIs are only available in iOS 14 and above.
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html [ Pass ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html [ Pass ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html [ Pass ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html [ Pass ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html [ Pass ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html [ Pass ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html [ Pass ]
 #//////////////////////////////////////////////////////////////////////////////////////////

trunk/LayoutTests/platform/mac-wk2/TestExpectations

-                      r265351
+                      r265389
 [ Catalina+ ] http/tests/resourceLoadStatistics/enforce-samesite-strict-based-on-top-frame-unique-redirects-to-database.html [ Pass ]
+# The CNAME and cookie transform SPIs are only available in macOS Big Sur and above.
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html [ Pass ]
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html [ Pass ]
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html [ Pass ]
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html [ Pass ]
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html [ Pass ]
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html [ Pass ]
+[ BigSur+ ] http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html [ Pass ]
 # Skipped in general expectations since they only work on iOS and Mac, WK2.
 media/deactivate-audio-session.html [ Pass ]

trunk/LayoutTests/platform/wk2/TestExpectations

-                      r265169
+                      r265389
 http/tests/resourceLoadStatistics/enforce-samesite-strict-based-on-top-frame-unique-redirects-to-database.html [ Skip ]
+# The CNAME and cookie transform SPIs are only available in macOS Big Sur + iOS 14 and above.
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html [ Skip ]
+http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html [ Skip ]
 http/tests/websocket/connection-refusal-in-frame-resource-load-statistics.html [ Pass ]
 # These are only supported behind a compile time flag in macOS High Sierra + iOS 11, and above.

trunk/Source/WTF/ChangeLog

-                      r265383
+                      r265389
+-08-07  John Wilander  <wilander@apple.com>
+        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
+        https://bugs.webkit.org/show_bug.cgi?id=215201
+        <rdar://problem/57454633>
+        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.
+        This change defines HAVE_CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI.
+        * wtf/PlatformHave.h:
 -08-07  Saam Barati  <sbarati@apple.com>

trunk/Source/WTF/wtf/PlatformHave.h

-                      r265315
+                      r265389
 #define HAVE_NSTABLEVIEWSTYLE 1
 #endif
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 110000) \
+    || ((PLATFORM(IOS) || PLATFORM(MACCATALYST)) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 140000) \
+    || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 70000) \
+    || (PLATFORM(APPLETV) && __TV_OS_VERSION_MIN_REQUIRED >= 140000)
+#define HAVE_CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI 1
+#endif

trunk/Source/WebCore/ChangeLog

-                      r265388
+                      r265389
+-08-07  John Wilander  <wilander@apple.com>
+        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
+        https://bugs.webkit.org/show_bug.cgi?id=215201
+        <rdar://problem/57454633>
+        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.
+        Tests: http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html
+               http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html
+               http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html
+               http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html
+               http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html
+               http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html
+               http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html
+        * page/Settings.yaml:
+            Added the off-by-default flag isCNAMECloakingMitigationEnabled.
+        * platform/network/NetworkStorageSession.cpp:
+        (WebCore::NetworkStorageSession::resourceLoadStatisticsEnabled const):
+            New getter for the ITP setting.
+        * platform/network/NetworkStorageSession.h:
+        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
+        (WebCore::NetworkStorageSession::capExpiryOfPersistentCookie):
+            Broke this function out so that it can be reused.
+        (WebCore::parseDOMCookie):
+            Here's from where the function above was broken out.
+            The existing functionality has a test case.
 -08-07  Chris Dumez  <cdumez@apple.com>

trunk/Source/WebCore/PAL/ChangeLog

-                      r265315
+                      r265389
+-08-07  John Wilander  <wilander@apple.com>
+        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
+        https://bugs.webkit.org/show_bug.cgi?id=215201
+        <rdar://problem/57454633>
+        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.
+        * pal/spi/cf/CFNetworkSPI.h:
+            This change declares two new properties on NSURLSessionTask:
+            - _cookieTransformCallback
+            - _resolvedCNAMEChain
 -08-05  Tim Horton  <timothy_horton@apple.com>

trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h

-                      r264943
+                      r265389
     NSHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain = 3,
 };
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+@interface NSURLSessionTask ()
+@property (nonatomic, copy, nullable) NSArray<NSHTTPCookie*>* (^_cookieTransformCallback)(NSArray<NSHTTPCookie*>* cookies);
+@property (nonatomic, readonly, nullable) NSArray<NSString*>* _resolvedCNAMEChain;
+@end
+#endif
 #endif // defined(__OBJC__)

trunk/Source/WebCore/page/Settings.yaml

-                      r263977
+                      r265389
   initial: false
+isCNAMECloakingMitigationEnabled:
+  initial: false
 isLoggedInAPIEnabled:
   initial: false

trunk/Source/WebCore/platform/network/NetworkStorageSession.cpp

-                      r263964
+                      r265389
     m_isResourceLoadStatisticsEnabled = enabled;
+}
+bool NetworkStorageSession::resourceLoadStatisticsEnabled() const
+{
+    return m_isResourceLoadStatisticsEnabled;
+}
 #endif

trunk/Source/WebCore/platform/network/NetworkStorageSession.h

-                      r264811
+                      r265389
 enum class ThirdPartyCookieBlockingMode : uint8_t { All, AllExceptBetweenAppBoundDomains, AllOnSitesWithoutUserInteraction, OnlyAccordingToPerDomainPolicy };
 enum class SameSiteStrictEnforcementEnabled : bool { Yes, No };
+enum class CNAMECloakingMitigationEnabled : bool { Yes, No };
 enum class FirstPartyWebsiteDataRemovalMode : uint8_t { AllButCookies, None, AllButCookiesLiveOnTestingTimeout, AllButCookiesReproTestingTimeout };
 enum class ShouldAskITP : bool { No, Yes };
 …
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     WEBCORE_EXPORT void setResourceLoadStatisticsEnabled(bool);
+    WEBCORE_EXPORT bool resourceLoadStatisticsEnabled() const;
     WEBCORE_EXPORT bool shouldBlockCookies(const ResourceRequest&, Optional<FrameIdentifier>, Optional<PageIdentifier>, ShouldRelaxThirdPartyCookieBlocking) const;
     WEBCORE_EXPORT bool shouldBlockCookies(const URL& firstPartyForCookies, const URL& resource, Optional<FrameIdentifier>, Optional<PageIdentifier>, ShouldRelaxThirdPartyCookieBlocking) const;
 …
     WEBCORE_EXPORT bool shouldBlockThirdPartyCookiesButKeepFirstPartyCookiesFor(const RegistrableDomain&) const;
     WEBCORE_EXPORT void setAllCookiesToSameSiteStrict(const RegistrableDomain&, CompletionHandler<void()>&&);
+#if PLATFORM(COCOA)
+    WEBCORE_EXPORT static NSHTTPCookie *capExpiryOfPersistentCookie(NSHTTPCookie *, Seconds cap);
+#endif
     WEBCORE_EXPORT bool hasHadUserInteractionAsFirstParty(const RegistrableDomain&) const;
     WEBCORE_EXPORT void setPrevalentDomainsToBlockAndDeleteCookiesFor(const Vector<RegistrableDomain>&);

trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm

-                      r264943
+                      r265389
+}
+NSHTTPCookie *NetworkStorageSession::capExpiryOfPersistentCookie(NSHTTPCookie *cookie, Seconds cap)
+{
+    if ([cookie isSessionOnly])
+        return cookie;
+    if (!cookie.expiresDate || cookie.expiresDate.timeIntervalSinceNow > cap.seconds()) {
+        auto properties = adoptNS([[cookie properties] mutableCopy]);
+        auto date = adoptNS([[NSDate alloc] initWithTimeIntervalSinceNow:cap.seconds()]);
+        [properties setObject:date.get() forKey:NSHTTPCookieExpires];
+        cookie = [NSHTTPCookie cookieWithProperties:properties.get()];
+    }
+    return cookie;
+}
 NSArray *NetworkStorageSession::cookiesForURL(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, Optional<FrameIdentifier> frameID, Optional<PageIdentifier> pageID, ShouldAskITP shouldAskITP, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) const
+{
 …
         return nil;
+    // Cap lifetime of persistent, client-side cookies to a week.
+    if (cappedLifetime && ![cookie isSessionOnly]) {
+        if (!cookie.expiresDate || cookie.expiresDate.timeIntervalSinceNow > cappedLifetime->seconds()) {
+            auto properties = adoptNS([[cookie properties] mutableCopy]);
+            auto dateInAWeek = adoptNS([[NSDate alloc] initWithTimeIntervalSinceNow:cappedLifetime->seconds()]);
+            [properties setObject:dateInAWeek.get() forKey:NSHTTPCookieExpires];
+            return [NSHTTPCookie cookieWithProperties:properties.get()];
+        }
+    }
+    // Cap lifetime of persistent, client-side cookies.
+    if (cappedLifetime)
+        return NetworkStorageSession::capExpiryOfPersistentCookie(cookie, *cappedLifetime);
     return cookie;

trunk/Source/WebKit/ChangeLog

-                      r265376
+                      r265389
+-08-07  John Wilander  <wilander@apple.com>
+        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
+        https://bugs.webkit.org/show_bug.cgi?id=215201
+        <rdar://problem/57454633>
+        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.
+        This experimental feature is off by default.
+        CNAME cloaking means a host resolves to a a different domain, potentially a
+        third-party domain, as part of DNS resolution.
+        This patch makes WebKit::NetworkDataTaskCocoa capture any CNAME cloaking for
+        the first party host and stores it in a table in the WebKit::NetworkSession.
+        It then checks first party subresource loads to see if they resolve to a
+        different domain and if so, compare that domain to both the first party
+        domain and its CNAME cloaking domain, if there is one. If there's a
+        mismatch, it's deemed a case of third-party CNAME cloaking and any cookies
+        set in the response of the cloaked subresource load will have their expiry
+        capped to 7 days.
+        The cases for capping expiry look like this (and are backed by test cases):
+        First-party host  | First-party subdomain      | Capped expiry
+        ------------------|----------------------------|--------------
+        No CNAME cloaking | No CNAME cloaking          | No
+        No CNAME cloaking | First-party CNAME cloaking | No
+        No CNAME cloaking | Third-party CNAME cloaking | Yes
+        CNAME cloaking    | No CNAME cloaking          | No
+        CNAME cloaking    | Matching CNAME cloaking    | No
+        CNAME cloaking    | First-party CNAME cloaking | No
+        CNAME cloaking    | Third-party CNAME cloaking | Yes
+        This patch makes use of two new CFNetwork SPIs on NSURLSessionTask:
+        - _cookieTransformCallback
+        - _resolvedCNAMEChain
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::resetParametersToDefaultValues):
+            This reset now covers the new CNAME cloaking member variables.
+        (WebKit::NetworkProcess::setIsRunningResourceLoadStatisticsTest):
+            This function now also enables the CNAME cloaking code.
+        (WebKit::NetworkProcess::setFirstPartyHostCNAMEDomainForTesting):
+        (WebKit::NetworkProcess::setThirdPartyCNAMEDomainForTesting):
+        * NetworkProcess/NetworkProcess.h:
+        * NetworkProcess/NetworkProcess.messages.in:
+            New IPC to forward test configuration.
+        * NetworkProcess/NetworkSession.cpp:
+        (WebKit::NetworkSession::NetworkSession):
+            Now picks up the flag for this feature.
+        (WebKit::NetworkSession::setFirstPartyHostCNAMEDomain):
+            This is called from NetworkDataTaskCocoa::updateFirstPartyInfoForTaskAndSession()
+            when there is CNAME cloaking for the first party host. This is done to make it
+            possible to not cap the expiry of cookies if subsequent subresource loads have
+            CNAME cloaking that matches the first-party host's CNAME cloaking. This happens
+            when whole websites are hosted on edge networks.
+            This function is also used by the test infrastructure to mock the DNS resolution
+            for a first-party host.
+        (WebKit::NetworkSession::firstPartyHostCNAMEDomain):
+            This returns any captured CNAME cloaking for a host, if there is one.
+        (WebKit::NetworkSession::resetCNAMEDomainData):
+        * NetworkProcess/NetworkSession.h:
+        (WebKit::NetworkSession::setCNAMECloakingMitigationEnabled):
+        (WebKit::NetworkSession::cnameCloakingMitigationEnabled const):
+        (WebKit::NetworkSession::setThirdPartyCNAMEDomainForTesting):
+            This test functions allows us to mock the DNS resolution for a subresource.
+        (WebKit::NetworkSession::thirdPartyCNAMEDomainForTesting const):
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+        (WebKit::hasCNAMEAndCookieTransformSPI):
+        (WebKit::lastCNAMEDomain):
+        (WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession):
+            This is called by NetworkDataTaskCocoa::didReceiveResponse() to capture any
+            CNAME cloaking for the first-party host.
+        (WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking):
+            This is called in the NetworkDataTaskCocoa constructor and in
+            NetworkDataTaskCocoa::willPerformHTTPRedirection() and sets the new
+            _cookieTransformCallback SPI property on the task which will check the
+            response for any third-party CNAME cloaking and cap the expiry of incoming
+            cookies accordingly.
+        (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
+            This now calls
+            NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking().
+        (WebKit::NetworkDataTaskCocoa::didReceiveResponse):
+            This now calls
+            NetworkDataTaskCocoa::updateFirstPartyInfoForTaskAndSession().
+        (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+            This now calls
+            NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking().
+        * Shared/ResourceLoadStatisticsParameters.h:
+            Now holds a WebCore::CNAMECloakingMitigationEnabled flag.
+        (WebKit::ResourceLoadStatisticsParameters::encode const):
+        (WebKit::ResourceLoadStatisticsParameters::decode):
+        * Shared/WebPreferences.yaml:
+        * UIProcess/API/C/WKWebsiteDataStoreRef.cpp:
+        (WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting):
+            Used to mock CNAME resolution data.
+        (WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTesting):
+            Used to mock CNAME resolution data.
+        * UIProcess/API/C/WKWebsiteDataStoreRef.h:
+        * UIProcess/Network/NetworkProcessProxy.cpp:
+        (WebKit::NetworkProcessProxy::setFirstPartyHostCNAMEDomainForTesting):
+        (WebKit::NetworkProcessProxy::setThirdPartyCNAMEDomainForTesting):
+        * UIProcess/Network/NetworkProcessProxy.h:
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::ensureNetworkProcess):
+            Now handles the WebCore::CNAMECloakingMitigationEnabled flag.
+        * UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
+        (WebKit::WebsiteDataStore::platformSetNetworkParameters):
+            Now handles the WebCore::CNAMECloakingMitigationEnabled flag.
+        * UIProcess/WebsiteData/WebsiteDataStore.cpp:
+        (WebKit::WebsiteDataStore::setResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting):
+        (WebKit::WebsiteDataStore::setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting):
+        (WebKit::WebsiteDataStore::parameters):
+        * UIProcess/WebsiteData/WebsiteDataStore.h:
 -08-07  Wenson Hsieh  <wenson_hsieh@apple.com>

trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp

-                      r265149
+                      r265389
+{
     if (auto* networkSession = this->networkSession(sessionID)) {
+        networkSession->resetCNAMEDomainData();
+        networkSession->setCNAMECloakingMitigationEnabled(WebCore::CNAMECloakingMitigationEnabled::No);
         if (auto* resourceLoadStatistics = networkSession->resourceLoadStatistics())
             resourceLoadStatistics->resetParametersToDefaultValues(WTFMove(completionHandler));
 …
+{
     if (auto* networkSession = this->networkSession(sessionID)) {
+        networkSession->setCNAMECloakingMitigationEnabled(WebCore::CNAMECloakingMitigationEnabled::Yes);
         if (auto* resourceLoadStatistics = networkSession->resourceLoadStatistics())
             resourceLoadStatistics->setIsRunningTest(value, WTFMove(completionHandler));
 …
         completionHandler();
+    }
+}
+void NetworkProcess::setFirstPartyHostCNAMEDomainForTesting(PAL::SessionID sessionID, String&& firstPartyHost, WebCore::RegistrableDomain&& cnameDomain, CompletionHandler<void()>&& completionHandler)
+{
+    if (auto* networkSession = this->networkSession(sessionID))
+        networkSession->setFirstPartyHostCNAMEDomain(WTFMove(firstPartyHost), WTFMove(cnameDomain));
+    completionHandler();
+}
+void NetworkProcess::setThirdPartyCNAMEDomainForTesting(PAL::SessionID sessionID, WebCore::RegistrableDomain&& domain, CompletionHandler<void()>&& completionHandler)
+{
+    if (auto* networkSession = this->networkSession(sessionID))
+        networkSession->setThirdPartyCNAMEDomainForTesting(WTFMove(domain));
+    completionHandler();
+}
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)

trunk/Source/WebKit/NetworkProcess/NetworkProcess.h

r264664	r265389
274	274	void setFirstPartyWebsiteDataRemovalModeForTesting(PAL::SessionID, WebCore::FirstPartyWebsiteDataRemovalMode, CompletionHandler<void()>&&);
275	275	void setToSameSiteStrictCookiesForTesting(PAL::SessionID, const WebCore::RegistrableDomain&, CompletionHandler<void()>&&);
	276	void setFirstPartyHostCNAMEDomainForTesting(PAL::SessionID, String&& firstPartyHost, WebCore::RegistrableDomain&& cnameDomain, CompletionHandler<void()>&&);
	277	void setThirdPartyCNAMEDomainForTesting(PAL::SessionID, WebCore::RegistrableDomain&&, CompletionHandler<void()>&&);
276	278	#endif
277	279

trunk/Source/WebKit/NetworkProcess/NetworkProcess.messages.in

r264356	r265389
149	149	SetFirstPartyWebsiteDataRemovalModeForTesting(PAL::SessionID sessionID, enum:uint8_t WebCore::FirstPartyWebsiteDataRemovalMode mode) -> () Async
150	150	SetToSameSiteStrictCookiesForTesting(PAL::SessionID sessionID, WebCore::RegistrableDomain domain) -> () Async
	151	SetFirstPartyHostCNAMEDomainForTesting(PAL::SessionID sessionID, String firstPartyHost, WebCore::RegistrableDomain cnameDomain) -> () Async
	152	SetThirdPartyCNAMEDomainForTesting(PAL::SessionID sessionID, WebCore::RegistrableDomain domain) -> () Async
151	153	#endif
152	154

trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp

-                      r263298
+                      r265389
     , m_firstPartyWebsiteDataRemovalMode(parameters.resourceLoadStatisticsParameters.firstPartyWebsiteDataRemovalMode)
     , m_standaloneApplicationDomain(parameters.resourceLoadStatisticsParameters.standaloneApplicationDomain)
+    , m_cnameCloakingMitigationEnabled(parameters.resourceLoadStatisticsParameters.cnameCloakingMitigationEnabled)
 #endif
     , m_adClickAttribution(makeUniqueRef<AdClickAttributionManager>(networkProcess, parameters.sessionID))
 …
         m_resourceLoadStatistics->setSameSiteStrictEnforcementEnabled(enabled);
+}
+void NetworkSession::setFirstPartyHostCNAMEDomain(String&& firstPartyHost, WebCore::RegistrableDomain&& cnameDomain)
+{
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    if (!cnameCloakingMitigationEnabled())
+        return;
+    ASSERT(!firstPartyHost.isEmpty() && !cnameDomain.isEmpty() && firstPartyHost != cnameDomain.string());
+    if (firstPartyHost.isEmpty() || cnameDomain.isEmpty() || firstPartyHost == cnameDomain.string())
+        return;
+    m_firstPartyHostCNAMEDomains.add(WTFMove(firstPartyHost), WTFMove(cnameDomain));
+#else
+    UNUSED_PARAM(firstPartyHost);
+    UNUSED_PARAM(cnameDomain);
+#endif
+}
+Optional<WebCore::RegistrableDomain> NetworkSession::firstPartyHostCNAMEDomain(const String& firstPartyHost)
+{
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    if (!cnameCloakingMitigationEnabled())
+        return WTF::nullopt;
+    auto iterator = m_firstPartyHostCNAMEDomains.find(firstPartyHost);
+    if (iterator == m_firstPartyHostCNAMEDomains.end())
+        return WTF::nullopt;
+    return iterator->value;
+#else
+    UNUSED_PARAM(firstPartyHost);
+    return WTF::nullopt;
+#endif
+}
+void NetworkSession::resetCNAMEDomainData()
+{
+    m_firstPartyHostCNAMEDomains.clear();
+    m_thirdPartyCNAMEDomainForTesting = WTF::nullopt;
+}
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)

trunk/Source/WebKit/NetworkProcess/NetworkSession.h

-                      r263298
+                      r265389
     void setThirdPartyCookieBlockingMode(WebCore::ThirdPartyCookieBlockingMode);
     void setShouldEnbleSameSiteStrictEnforcement(WebCore::SameSiteStrictEnforcementEnabled);
+    void setCNAMECloakingMitigationEnabled(WebCore::CNAMECloakingMitigationEnabled value) { m_cnameCloakingMitigationEnabled = value; }
+    bool cnameCloakingMitigationEnabled() const { return m_cnameCloakingMitigationEnabled == WebCore::CNAMECloakingMitigationEnabled::Yes; }
+    void setFirstPartyHostCNAMEDomain(String&& firstPartyHost, WebCore::RegistrableDomain&& cnameDomain);
+    Optional<WebCore::RegistrableDomain> firstPartyHostCNAMEDomain(const String& firstPartyHost);
+    void setThirdPartyCNAMEDomainForTesting(WebCore::RegistrableDomain&& domain) { m_thirdPartyCNAMEDomainForTesting = WTFMove(domain); };
+    Optional<WebCore::RegistrableDomain> thirdPartyCNAMEDomainForTesting() const { return m_thirdPartyCNAMEDomainForTesting; }
+    void resetCNAMEDomainData();
     void destroyResourceLoadStatistics(CompletionHandler<void()>&&);
     void flushAndDestroyPersistentStore(CompletionHandler<void()>&&);
 …
     WebCore::FirstPartyWebsiteDataRemovalMode m_firstPartyWebsiteDataRemovalMode { WebCore::FirstPartyWebsiteDataRemovalMode::AllButCookies };
     WebCore::RegistrableDomain m_standaloneApplicationDomain;
+    WebCore::CNAMECloakingMitigationEnabled m_cnameCloakingMitigationEnabled { WebCore::CNAMECloakingMitigationEnabled::No };
+    HashMap<String, WebCore::RegistrableDomain> m_firstPartyHostCNAMEDomains;
+    Optional<WebCore::RegistrableDomain> m_thirdPartyCNAMEDomainForTesting;
 #endif
     bool m_isStaleWhileRevalidateEnabled { false };

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h

-                      r264021
+                      r265389
 OBJC_CLASS NSHTTPCookieStorage;
 OBJC_CLASS NSURLSessionDataTask;
+namespace WebCore {
+class RegistrableDomain;
+}
 namespace WebKit {
 …
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     static NSHTTPCookieStorage *statelessCookieStorage();
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    void updateFirstPartyInfoForSession(const URL&);
+    void applyCookiePolicyForThirdPartyCNAMECloaking(const WebCore::ResourceRequest&);
+#endif
     void blockCookies();
     void unblockCookies();
 …
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     bool m_hasBeenSetToUseStatelessCookieStorage { false };
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    Seconds m_ageCapForCNAMECloakedCookies { 24_h * 7 };
+#endif
 #endif

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

-                      r264021
+                      r265389
 #import <WebCore/NetworkStorageSession.h>
 #import <WebCore/NotImplemented.h>
+#import <WebCore/RegistrableDomain.h>
 #import <WebCore/ResourceRequest.h>
 #import <pal/spi/cf/CFNetworkSPI.h>
 …
     return statelessCookieStorage.get().get();
+}
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+// FIXME: Remove these selector checks when macOS Big Sur has shipped.
+// https://bugs.webkit.org/show_bug.cgi?id=215280
+static bool hasCNAMEAndCookieTransformSPI(NSURLSessionDataTask* task)
+{
+    return [task respondsToSelector:@selector(_cookieTransformCallback)]
+        && [task respondsToSelector:@selector(_resolvedCNAMEChain)];
+}
+static WebCore::RegistrableDomain lastCNAMEDomain(NSArray<NSString *> *cnames)
+{
+    if (auto* lastResolvedCNAMEInChain = [cnames lastObject]) {
+        auto cname = String(lastResolvedCNAMEInChain);
+        if (cname.endsWith('.'))
+            cname.remove(cname.length() - 1);
+        return WebCore::RegistrableDomain::uncheckedCreateFromHost(cname);
+    }
+    return { };
+}
+void NetworkDataTaskCocoa::updateFirstPartyInfoForSession(const URL& requestURL)
+{
+    if (!hasCNAMEAndCookieTransformSPI(m_task.get()) || !networkSession() || !networkSession()->networkStorageSession() || !networkSession()->networkStorageSession()->resourceLoadStatisticsEnabled() || !networkSession()->cnameCloakingMitigationEnabled() || requestURL.host().isEmpty())
+        return;
+    auto cnameDomain = lastCNAMEDomain([m_task _resolvedCNAMEChain]);
+    if (!cnameDomain.isEmpty())
+        networkSession()->setFirstPartyHostCNAMEDomain(requestURL.host().toString(), WTFMove(cnameDomain));
+}
+void NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking(const WebCore::ResourceRequest& request)
+{
+    if (!hasCNAMEAndCookieTransformSPI(m_task.get()) || isTopLevelNavigation() || !networkSession() || !networkSession()->networkStorageSession() || !networkSession()->networkStorageSession()->resourceLoadStatisticsEnabled() || !networkSession()->cnameCloakingMitigationEnabled())
+        return;
+    if (isThirdPartyRequest(request)) {
+        m_task.get()._cookieTransformCallback = nil;
+        return;
+    }
+    // Cap expiry of incoming cookies in response if it is a same-site
+    // subresource but it resolves to a different CNAME than the top
+    // site request, a.k.a. third-party CNAME cloaking.
+    auto firstPartyURL = request.firstPartyForCookies();
+    auto firstPartyHostCNAME = networkSession()->firstPartyHostCNAMEDomain(firstPartyURL.host().toString());
+    m_task.get()._cookieTransformCallback = makeBlockPtr([requestURL = crossThreadCopy(request.url()), firstPartyURL = crossThreadCopy(firstPartyURL), firstPartyHostCNAME = crossThreadCopy(firstPartyHostCNAME), thirdPartyCNAMEDomainForTesting = crossThreadCopy(networkSession()->thirdPartyCNAMEDomainForTesting()), ageCapForCNAMECloakedCookies = crossThreadCopy(m_ageCapForCNAMECloakedCookies), task = m_task] (NSArray<NSHTTPCookie*> *cookiesSetInResponse) -> NSArray<NSHTTPCookie*> * {
+        if (![cookiesSetInResponse count])
+            return cookiesSetInResponse;
+        auto cnameDomain = lastCNAMEDomain([task _resolvedCNAMEChain]);
+        if (cnameDomain.isEmpty()) {
+            if (!thirdPartyCNAMEDomainForTesting)
+                return cookiesSetInResponse;
+            cnameDomain = *thirdPartyCNAMEDomainForTesting;
+        }
+        // CNAME cloaking is a first-party sub resource that resolves
+        // through a CNAME that differs from the first-party domain and
+        // also differs from the top frame host's CNAME, if one exists.
+        if (!cnameDomain.matches(firstPartyURL) && (!firstPartyHostCNAME || cnameDomain != *firstPartyHostCNAME)) {
+            NSUInteger count = [cookiesSetInResponse count];
+            // Don't use RetainPtr here. This array has to be retained and
+            // auto released to not be released before returned to the code
+            // executing the block.
+            auto* cappedCookies = [NSMutableArray arrayWithCapacity:count];
+            for (NSUInteger i = 0; i < count; ++i) {
+                NSHTTPCookie *cookie = (NSHTTPCookie *)[cookiesSetInResponse objectAtIndex:i];
+                cookie = WebCore::NetworkStorageSession::capExpiryOfPersistentCookie(cookie, ageCapForCNAMECloakedCookies);
+                [cappedCookies addObject:cookie];
+            }
+            return cappedCookies;
+        }
+        return cookiesSetInResponse;
+    }).get();
+}
+#endif
 void NetworkDataTaskCocoa::blockCookies()
 …
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    applyCookiePolicyForThirdPartyCNAMECloaking(request);
+#endif
     if (shouldBlockCookies) {
 #if !RELEASE_LOG_DISABLED
 …
+{
     WTFEmitSignpost(m_task.get(), "DataTask", "received response headers");
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    if (isTopLevelNavigation())
+        updateFirstPartyInfoForSession(response.url());
+#endif
     NetworkDataTask::didReceiveResponse(WTFMove(response), negotiatedLegacyTLS, WTFMove(completionHandler));
+}
 …
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
+#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
+    applyCookiePolicyForThirdPartyCNAMECloaking(request);
+#endif
     if (!m_hasBeenSetToUseStatelessCookieStorage) {
         if (m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStateless

trunk/Source/WebKit/Shared/ResourceLoadStatisticsParameters.h

-                      r261242
+                      r265389
     WebCore::ThirdPartyCookieBlockingMode thirdPartyCookieBlockingMode { WebCore::ThirdPartyCookieBlockingMode::All };
     WebCore::SameSiteStrictEnforcementEnabled sameSiteStrictEnforcementEnabled { WebCore::SameSiteStrictEnforcementEnabled::No };
+    WebCore::CNAMECloakingMitigationEnabled cnameCloakingMitigationEnabled { WebCore::CNAMECloakingMitigationEnabled::No };
 #endif
     WebCore::FirstPartyWebsiteDataRemovalMode firstPartyWebsiteDataRemovalMode { WebCore::FirstPartyWebsiteDataRemovalMode::AllButCookies };
 …
         encoder << thirdPartyCookieBlockingMode;
         encoder << sameSiteStrictEnforcementEnabled;
+        encoder << cnameCloakingMitigationEnabled;
 #endif
         encoder << firstPartyWebsiteDataRemovalMode;
 …
         if (!sameSiteStrictEnforcementEnabled)
             return WTF::nullopt;
+        Optional<WebCore::CNAMECloakingMitigationEnabled> cnameCloakingMitigationEnabled;
+        decoder >> cnameCloakingMitigationEnabled;
+        if (!cnameCloakingMitigationEnabled)
+            return WTF::nullopt;
 #endif
 …
             WTFMove(*thirdPartyCookieBlockingMode),
             WTFMove(*sameSiteStrictEnforcementEnabled),
+            WTFMove(*cnameCloakingMitigationEnabled),
 #endif
             WTFMove(*firstPartyWebsiteDataRemovalMode),

trunk/Source/WebKit/Shared/WebPreferences.yaml

-                      r265235
+                      r265389
   category: experimental
+IsCNAMECloakingMitigationEnabled:
+  type: bool
+  defaultValue: false
+  humanReadableName: "Enable CNAME cloaking mitigation"
+  humanReadableDescription: "Enable third-party CNAME cloaking mitigation"
+  category: experimental
 IsLoggedInAPIEnabled:
     type: bool

trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp

-                      r264356
+                      r265389
+}
+void WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(WKWebsiteDataStoreRef dataStoreRef, WKStringRef firstPartyURLString, WKStringRef cnameURLString, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTestingFunction completionHandler)
+{
+#if ENABLE(RESOURCE_LOAD_STATISTICS)
+    WebKit::toImpl(dataStoreRef)->setResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(URL(URL(), WebKit::toImpl(firstPartyURLString)->string()), URL(URL(), WebKit::toImpl(cnameURLString)->string()), [context, completionHandler] {
+        completionHandler(context);
+    });
+#else
+    completionHandler(context);
+#endif
+}
+void WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(WKWebsiteDataStoreRef dataStoreRef, WKStringRef cnameURLString, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTestingFunction completionHandler)
+{
+#if ENABLE(RESOURCE_LOAD_STATISTICS)
+    WebKit::toImpl(dataStoreRef)->setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(URL(URL(), WebKit::toImpl(cnameURLString)->string()), [context, completionHandler] {
+        completionHandler(context);
+    });
+#else
+    completionHandler(context);
+#endif
+}
 void WKWebsiteDataStoreSetAppBoundDomainsForTesting(WKArrayRef originURLsRef, void* context, WKWebsiteDataStoreSetAppBoundDomainsForTestingFunction completionHandler)
+{

trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.h

-                      r264356
+                      r265389
 typedef void (*WKWebsiteDataStoreSetResourceLoadStatisticsToSameSiteStrictCookiesForTestingFunction)(void* functionContext);
 WK_EXPORT void WKWebsiteDataStoreSetResourceLoadStatisticsToSameSiteStrictCookiesForTesting(WKWebsiteDataStoreRef dataStoreRef, WKStringRef hostName, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsToSameSiteStrictCookiesForTestingFunction completionHandler);
+typedef void (*WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTestingFunction)(void* functionContext);
+WK_EXPORT void WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(WKWebsiteDataStoreRef dataStoreRef, WKStringRef firstPartyURLString, WKStringRef cnameURLString, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTestingFunction completionHandler);
+typedef void (*WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTestingFunction)(void* functionContext);
+WK_EXPORT void WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(WKWebsiteDataStoreRef dataStoreRef, WKStringRef cnameURLString, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTestingFunction completionHandler);
 typedef void (*WKWebsiteDataStoreSetAppBoundDomainsForTestingFunction)(void* functionContext);
 WK_EXPORT void WKWebsiteDataStoreSetAppBoundDomainsForTesting(WKArrayRef originURLsRef, void* context, WKWebsiteDataStoreSetAppBoundDomainsForTestingFunction completionHandler);

trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp

-                      r265035
+                      r265389
+}
+void NetworkProcessProxy::setFirstPartyHostCNAMEDomainForTesting(PAL::SessionID sessionID, const String& firstPartyHost, const RegistrableDomain& cnameDomain, CompletionHandler<void()>&& completionHandler)
+{
+    sendWithAsyncReply(Messages::NetworkProcess::SetFirstPartyHostCNAMEDomainForTesting(sessionID, firstPartyHost, cnameDomain), WTFMove(completionHandler));
+}
+void NetworkProcessProxy::setThirdPartyCNAMEDomainForTesting(PAL::SessionID sessionID, const WebCore::RegistrableDomain& domain, CompletionHandler<void()>&& completionHandler)
+{
+    sendWithAsyncReply(Messages::NetworkProcess::SetThirdPartyCNAMEDomainForTesting(sessionID, domain), WTFMove(completionHandler));
+}
 void NetworkProcessProxy::setDomainsWithUserInteraction(HashSet<WebCore::RegistrableDomain>&& domains)
+{

trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h

r264356	r265389
186	186	void setFirstPartyWebsiteDataRemovalModeForTesting(PAL::SessionID, WebCore::FirstPartyWebsiteDataRemovalMode, CompletionHandler<void()>&&);
187	187	void setToSameSiteStrictCookiesForTesting(PAL::SessionID, const RegistrableDomain&, CompletionHandler<void()>&&);
	188	void setFirstPartyHostCNAMEDomainForTesting(PAL::SessionID, const String& firstPartyHost, const RegistrableDomain& cnameDomain, CompletionHandler<void()>&&);
	189	void setThirdPartyCNAMEDomainForTesting(PAL::SessionID, const WebCore::RegistrableDomain&, CompletionHandler<void()>&&);
188	190	void setDomainsWithUserInteraction(HashSet<WebCore::RegistrableDomain>&&);
189	191	#endif

trunk/Source/WebKit/UIProcess/WebProcessPool.cpp

-                      r265081
+                      r265389
     WebCore::ThirdPartyCookieBlockingMode thirdPartyCookieBlockingMode = WebCore::ThirdPartyCookieBlockingMode::All;
     WebCore::SameSiteStrictEnforcementEnabled sameSiteStrictEnforcementEnabled = WebCore::SameSiteStrictEnforcementEnabled::No;
+    WebCore::CNAMECloakingMitigationEnabled cnameCloakingMitigationEnabled = WebCore::CNAMECloakingMitigationEnabled::No;
 #endif
     WebCore::FirstPartyWebsiteDataRemovalMode firstPartyWebsiteDataRemovalMode = WebCore::FirstPartyWebsiteDataRemovalMode::AllButCookies;
 …
             thirdPartyCookieBlockingMode = networkSessionParameters.resourceLoadStatisticsParameters.thirdPartyCookieBlockingMode;
             sameSiteStrictEnforcementEnabled = networkSessionParameters.resourceLoadStatisticsParameters.sameSiteStrictEnforcementEnabled;
+            cnameCloakingMitigationEnabled = networkSessionParameters.resourceLoadStatisticsParameters.cnameCloakingMitigationEnabled;
 #endif
             firstPartyWebsiteDataRemovalMode = networkSessionParameters.resourceLoadStatisticsParameters.firstPartyWebsiteDataRemovalMode;
 …
             thirdPartyCookieBlockingMode = networkSessionParameters.resourceLoadStatisticsParameters.thirdPartyCookieBlockingMode;
             sameSiteStrictEnforcementEnabled = networkSessionParameters.resourceLoadStatisticsParameters.sameSiteStrictEnforcementEnabled;
+            cnameCloakingMitigationEnabled = networkSessionParameters.resourceLoadStatisticsParameters.cnameCloakingMitigationEnabled;
 #endif
             firstPartyWebsiteDataRemovalMode = networkSessionParameters.resourceLoadStatisticsParameters.firstPartyWebsiteDataRemovalMode;
 …
         thirdPartyCookieBlockingMode,
         sameSiteStrictEnforcementEnabled,
+        cnameCloakingMitigationEnabled,
 #endif
         firstPartyWebsiteDataRemovalMode,

trunk/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm

-                      r265063
+                      r265389
     bool enableResourceLoadStatisticsDebugMode = false;
     auto sameSiteStrictEnforcementEnabled = WebCore::SameSiteStrictEnforcementEnabled::No;
+    auto cnameCloakingMitigationEnabled = WebCore::CNAMECloakingMitigationEnabled::No;
     auto firstPartyWebsiteDataRemovalMode = WebCore::FirstPartyWebsiteDataRemovalMode::AllButCookies;
     WebCore::RegistrableDomain resourceLoadStatisticsManualPrevalentResource { };
 …
     if ([defaults boolForKey:[NSString stringWithFormat:@"Experimental%@", WebPreferencesKey::isSameSiteStrictEnforcementEnabledKey().createCFString().get()]])
         sameSiteStrictEnforcementEnabled = WebCore::SameSiteStrictEnforcementEnabled::Yes;
+    if ([defaults boolForKey:[NSString stringWithFormat:@"Experimental%@", WebPreferencesKey::isCNAMECloakingMitigationEnabledKey().createCFString().get()]])
+        cnameCloakingMitigationEnabled = WebCore::CNAMECloakingMitigationEnabled::Yes;
     if ([defaults boolForKey:[NSString stringWithFormat:@"Experimental%@", WebPreferencesKey::isFirstPartyWebsiteDataRemovalDisabledKey().createCFString().get()]])
 …
     parameters.networkSessionParameters.resourceLoadStatisticsParameters.enableDebugMode = enableResourceLoadStatisticsDebugMode;
     parameters.networkSessionParameters.resourceLoadStatisticsParameters.sameSiteStrictEnforcementEnabled = sameSiteStrictEnforcementEnabled;
+    parameters.networkSessionParameters.resourceLoadStatisticsParameters.cnameCloakingMitigationEnabled = cnameCloakingMitigationEnabled;
     parameters.networkSessionParameters.resourceLoadStatisticsParameters.firstPartyWebsiteDataRemovalMode = firstPartyWebsiteDataRemovalMode;
     parameters.networkSessionParameters.resourceLoadStatisticsParameters.standaloneApplicationDomain = WebCore::RegistrableDomain { m_configuration->standaloneApplicationURL() };

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp

-                      r264790
+                      r265389
+    }
+}
+void WebsiteDataStore::setResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(const URL& firstPartyURL, const URL& cnameURL, CompletionHandler<void()>&& completionHandler)
+{
+    if (cnameURL.host() != "testwebkit.org" && cnameURL.host() != "3rdpartytestwebkit.org") {
+        completionHandler();
+        return;
+    }
+    auto callbackAggregator = CallbackAggregator::create(WTFMove(completionHandler));
+    for (auto& processPool : processPools())
+        processPool->ensureNetworkProcess().setFirstPartyHostCNAMEDomainForTesting(m_sessionID, firstPartyURL.host().toString(), WebCore::RegistrableDomain { cnameURL }, [callbackAggregator] { });
+}
+void WebsiteDataStore::setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(const URL& cnameURL, CompletionHandler<void()>&& completionHandler)
+{
+    if (cnameURL.host() != "testwebkit.org" && cnameURL.host() != "3rdpartytestwebkit.org") {
+        completionHandler();
+        return;
+    }
+    auto callbackAggregator = CallbackAggregator::create(WTFMove(completionHandler));
+    for (auto& processPool : processPools())
+        processPool->ensureNetworkProcess().setThirdPartyCNAMEDomainForTesting(m_sessionID, WebCore::RegistrableDomain { cnameURL }, [callbackAggregator] { });
+}
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)
 …
         thirdPartyCookieBlockingMode(),
         WebCore::SameSiteStrictEnforcementEnabled::No,
+        WebCore::CNAMECloakingMitigationEnabled::No,
 #endif
         firstPartyWebsiteDataRemovalMode,

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h

r265063	r265389
204	204	void setResourceLoadStatisticsFirstPartyWebsiteDataRemovalModeForTesting(bool enabled, CompletionHandler<void()>&&);
205	205	void setResourceLoadStatisticsToSameSiteStrictCookiesForTesting(const URL&, CompletionHandler<void()>&&);
	206	void setResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(const URL& firstPartyURL, const URL& cnameURL, CompletionHandler<void()>&&);
	207	void setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(const URL&, CompletionHandler<void()>&&);
206	208	WebCore::ThirdPartyCookieBlockingMode thirdPartyCookieBlockingMode() const;
207	209	bool isItpStateExplicitlySet() const { return m_isItpStateExplicitlySet; }

trunk/Tools/ChangeLog

-                      r265386
+                      r265389
+-08-07  John Wilander  <wilander@apple.com>
+        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
+        https://bugs.webkit.org/show_bug.cgi?id=215201
+        <rdar://problem/57454633>
+        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.
+        This patch adds two TestRunner functions which allows for testing
+        with data that would otherwise come from DNS resolution:
+        - statisticsSetFirstPartyHostCNAMEDomain()
+        - statisticsSetThirdPartyCNAMEDomain()
+        * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+        * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
+        (WTR::InjectedBundle::didReceiveMessageToPage):
+        * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
+        (WTR::TestRunner::statisticsSetFirstPartyHostCNAMEDomain):
+        (WTR::TestRunner::statisticsCallDidSetFirstPartyHostCNAMEDomainCallback):
+        (WTR::TestRunner::statisticsSetThirdPartyCNAMEDomain):
+        (WTR::TestRunner::statisticsCallDidSetThirdPartyCNAMEDomainCallback):
+        * WebKitTestRunner/InjectedBundle/TestRunner.h:
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::TestController::setStatisticsFirstPartyHostCNAMEDomain):
+        (WTR::TestController::setStatisticsThirdPartyCNAMEDomain):
+        * WebKitTestRunner/TestController.h:
+        * WebKitTestRunner/TestInvocation.cpp:
+        (WTR::TestInvocation::didReceiveMessageFromInjectedBundle):
+        (WTR::TestInvocation::didSetFirstPartyHostCNAMEDomain):
+        (WTR::TestInvocation::didSetThirdPartyCNAMEDomain):
+        * WebKitTestRunner/TestInvocation.h:
 -08-07  Jonathan Bedard  <jbedard@apple.com>

trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl

r265169	r265389
348	348	void setStatisticsFirstPartyWebsiteDataRemovalMode(boolean value, object callback);
349	349	void statisticsSetToSameSiteStrictCookies(DOMString hostName, object callback);
	350	void statisticsSetFirstPartyHostCNAMEDomain(DOMString firstPartyURLString, DOMString cnameURLString, object callback);
	351	void statisticsSetThirdPartyCNAMEDomain(DOMString cnameURLString, object callback);
350	352	void loadedThirdPartyDomains(object callback);
351	353

trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp

-                      r265248
+                      r265389
+    }
+    if (WKStringIsEqualToUTF8CString(messageName, "CallDidSetFirstPartyHostCNAMEDomain")) {
+        m_testRunner->statisticsCallDidSetFirstPartyHostCNAMEDomainCallback();
+        return;
+    }
+    if (WKStringIsEqualToUTF8CString(messageName, "CallDidSetThirdPartyCNAMEDomain")) {
+        m_testRunner->statisticsCallDidSetThirdPartyCNAMEDomainCallback();
+        return;
+    }
     if (WKStringIsEqualToUTF8CString(messageName, "CallDidResetStatisticsToConsistentState")) {
         m_testRunner->statisticsCallDidResetToConsistentStateCallback();

trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp

-                      r265169
+                      r265389
     StatisticsDidSetFirstPartyWebsiteDataRemovalModeCallbackID,
     StatisticsDidSetToSameSiteStrictCookiesCallbackID,
+    StatisticsDidSetFirstPartyHostCNAMEDomainCallbackID,
+    StatisticsDidSetThirdPartyCNAMEDomainCallbackID,
     AllStorageAccessEntriesCallbackID,
     LoadedThirdPartyDomainsCallbackID,
 …
+}
+void TestRunner::statisticsSetFirstPartyHostCNAMEDomain(JSStringRef firstPartyURLString, JSStringRef cnameURLString, JSValueRef completionHandler)
+{
+    cacheTestRunnerCallback(StatisticsDidSetFirstPartyHostCNAMEDomainCallbackID, completionHandler);
+    Vector<WKRetainPtr<WKStringRef>> keys;
+    Vector<WKRetainPtr<WKTypeRef>> values;
+    keys.append(adoptWK(WKStringCreateWithUTF8CString("FirstPartyURL")));
+    values.append(adoptWK(WKStringCreateWithJSString(firstPartyURLString)));
+    keys.append(adoptWK(WKStringCreateWithUTF8CString("CNAME")));
+    values.append(adoptWK(WKStringCreateWithJSString(cnameURLString)));
+    Vector<WKStringRef> rawKeys(keys.size());
+    Vector<WKTypeRef> rawValues(values.size());
+    for (size_t i = 0; i < keys.size(); ++i) {
+        rawKeys[i] = keys[i].get();
+        rawValues[i] = values[i].get();
+    }
+    auto messageName = adoptWK(WKStringCreateWithUTF8CString("StatisticsSetFirstPartyHostCNAMEDomain"));
+    auto messageBody = adoptWK(WKDictionaryCreate(rawKeys.data(), rawValues.data(), rawKeys.size()));
+    WKBundlePostMessage(InjectedBundle::singleton().bundle(), messageName.get(), messageBody.get());
+}
+void TestRunner::statisticsCallDidSetFirstPartyHostCNAMEDomainCallback()
+{
+    callTestRunnerCallback(StatisticsDidSetFirstPartyHostCNAMEDomainCallbackID);
+}
+void TestRunner::statisticsSetThirdPartyCNAMEDomain(JSStringRef cnameURLString, JSValueRef completionHandler)
+{
+    cacheTestRunnerCallback(StatisticsDidSetThirdPartyCNAMEDomainCallbackID, completionHandler);
+    auto messageName = adoptWK(WKStringCreateWithUTF8CString("StatisticsSetThirdPartyCNAMEDomain"));
+    auto messageBody = adoptWK(WKStringCreateWithJSString(cnameURLString));
+    WKBundlePostMessage(InjectedBundle::singleton().bundle(), messageName.get(), messageBody.get());
+}
+void TestRunner::statisticsCallDidSetThirdPartyCNAMEDomainCallback()
+{
+    callTestRunnerCallback(StatisticsDidSetThirdPartyCNAMEDomainCallbackID);
+}
 void TestRunner::statisticsResetToConsistentState(JSValueRef completionHandler)
+{

trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h

-                      r265169
+                      r265389
     void statisticsSetToSameSiteStrictCookies(JSStringRef hostName, JSValueRef callback);
     void statisticsCallDidSetToSameSiteStrictCookiesCallback();
+    void statisticsSetFirstPartyHostCNAMEDomain(JSStringRef firstPartyURLString, JSStringRef cnameURLString, JSValueRef completionHandler);
+    void statisticsCallDidSetFirstPartyHostCNAMEDomainCallback();
+    void statisticsSetThirdPartyCNAMEDomain(JSStringRef cnameURLString, JSValueRef completionHandler);
+    void statisticsCallDidSetThirdPartyCNAMEDomainCallback();
     void statisticsResetToConsistentState(JSValueRef completionHandler);
     void statisticsCallDidResetToConsistentStateCallback();

trunk/Tools/WebKitTestRunner/TestController.cpp

-                      r265258
+                      r265389
+}
+void TestController::setStatisticsFirstPartyHostCNAMEDomain(WKStringRef firstPartyURLString, WKStringRef cnameURLString)
+{
+    ResourceStatisticsCallbackContext context(*this);
+    WKWebsiteDataStoreSetResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(websiteDataStore(), firstPartyURLString, cnameURLString, &context, resourceStatisticsVoidResultCallback);
+    runUntil(context.done, noTimeout);
+    m_currentInvocation->didSetFirstPartyHostCNAMEDomain();
+}
+void TestController::setStatisticsThirdPartyCNAMEDomain(WKStringRef cnameURLString)
+{
+    ResourceStatisticsCallbackContext context(*this);
+    WKWebsiteDataStoreSetResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(websiteDataStore(), cnameURLString, &context, resourceStatisticsVoidResultCallback);
+    runUntil(context.done, noTimeout);
+    m_currentInvocation->didSetThirdPartyCNAMEDomain();
+}
 struct AppBoundDomainsCallbackContext {
     explicit AppBoundDomainsCallbackContext(TestController& controller)

trunk/Tools/WebKitTestRunner/TestController.h

r264356	r265389
267	267	void setStatisticsFirstPartyWebsiteDataRemovalMode(bool value);
268	268	void setStatisticsToSameSiteStrictCookies(WKStringRef hostName);
	269	void setStatisticsFirstPartyHostCNAMEDomain(WKStringRef firstPartyURLString, WKStringRef cnameURLString);
	270	void setStatisticsThirdPartyCNAMEDomain(WKStringRef cnameURLString);
269	271	void setAppBoundDomains(WKArrayRef originURLs);
270	272	void statisticsResetToConsistentState();

trunk/Tools/WebKitTestRunner/TestInvocation.cpp

-                      r264609
+                      r265389
+    }
+    if (WKStringIsEqualToUTF8CString(messageName, "StatisticsSetFirstPartyHostCNAMEDomain")) {
+        ASSERT(WKGetTypeID(messageBody) == WKDictionaryGetTypeID());
+        WKDictionaryRef messageBodyDictionary = static_cast<WKDictionaryRef>(messageBody);
+        WKRetainPtr<WKStringRef> firstPartyURLStringKey = adoptWK(WKStringCreateWithUTF8CString("FirstPartyURL"));
+        WKRetainPtr<WKStringRef> cnameURLStringKey = adoptWK(WKStringCreateWithUTF8CString("CNAME"));
+        WKStringRef firstPartyURLString = static_cast<WKStringRef>(WKDictionaryGetItemForKey(messageBodyDictionary, firstPartyURLStringKey.get()));
+        WKStringRef cnameURLString = static_cast<WKStringRef>(WKDictionaryGetItemForKey(messageBodyDictionary, cnameURLStringKey.get()));
+        TestController::singleton().setStatisticsFirstPartyHostCNAMEDomain(firstPartyURLString, cnameURLString);
+        return;
+    }
+    if (WKStringIsEqualToUTF8CString(messageName, "StatisticsSetThirdPartyCNAMEDomain")) {
+        ASSERT(WKGetTypeID(messageBody) == WKStringGetTypeID());
+        WKStringRef cnameURLString = static_cast<WKStringRef>(messageBody);
+        TestController::singleton().setStatisticsThirdPartyCNAMEDomain(cnameURLString);
+        return;
+    }
     if (WKStringIsEqualToUTF8CString(messageName, "StatisticsResetToConsistentState")) {
         if (m_shouldDumpResourceLoadStatistics)
 …
+}
+void TestInvocation::didSetFirstPartyHostCNAMEDomain()
+{
+    WKRetainPtr<WKStringRef> messageName = adoptWK(WKStringCreateWithUTF8CString("CallDidSetFirstPartyHostCNAMEDomain"));
+    WKPagePostMessageToInjectedBundle(TestController::singleton().mainWebView()->page(), messageName.get(), nullptr);
+}
+void TestInvocation::didSetThirdPartyCNAMEDomain()
+{
+    WKRetainPtr<WKStringRef> messageName = adoptWK(WKStringCreateWithUTF8CString("CallDidSetThirdPartyCNAMEDomain"));
+    WKPagePostMessageToInjectedBundle(TestController::singleton().mainWebView()->page(), messageName.get(), nullptr);
+}
 void TestInvocation::didResetStatisticsToConsistentState()
+{

trunk/Tools/WebKitTestRunner/TestInvocation.h

r261963	r265389
78	78	void didSetFirstPartyWebsiteDataRemovalMode();
79	79	void didSetToSameSiteStrictCookies();
	80	void didSetFirstPartyHostCNAMEDomain();
	81	void didSetThirdPartyCNAMEDomain();
80	82	void didResetStatisticsToConsistentState();
81	83	void didSetBlockCookiesForHost();

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 265389 in webkit

Legend:

Download in other formats: