[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
beidson at apple.com
beidson at apple.com
Thu Apr 8 02:14:03 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit baa0d5d93107a1c492fea5849692dbf2ad13f978
Author: beidson at apple.com <beidson at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Mar 8 18:49:43 2010 +0000
Relax the 3rd party cookie policy in cases where it won't add a new tracking vector.
<rdar://problem/7163012> and https://bugs.webkit.org/show_bug.cgi?id=35824
Reviewed by Anders Carlsson.
WebCore:
Test: http/tests/cookies/third-party-cookie-relaxing.html
If the 3rd-party domain in question already has a cookie set, allow changes
by setting the first party url of the request to be the url of the request itself:
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::makeFinalRequest):
Ditto:
* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::start):
(WebCore::ResourceHandle::loadResourceSynchronously):
I've filed <rdar://problem/7728508> to track changing the policy in our networking layer.
LayoutTests:
* http/tests/cookies/resources/cookie-utility.php: Added.
* http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: Added.
* http/tests/cookies/third-party-cookie-relaxing-expected.txt: Added.
* http/tests/cookies/third-party-cookie-relaxing.html: Added.
* platform/gtk/Skipped:
* platform/qt/Skipped:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55672 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 68ba559..588bf60 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2010-03-08 Brady Eidson <beidson at apple.com>
+
+ Reviewed by Anders Carlsson.
+
+ Relax the 3rd party cookie policy in cases where it won't add a new tracking vector.
+ <rdar://problem/7163012> and https://bugs.webkit.org/show_bug.cgi?id=35824
+
+ * http/tests/cookies/resources/cookie-utility.php: Added.
+ * http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: Added.
+ * http/tests/cookies/third-party-cookie-relaxing-expected.txt: Added.
+ * http/tests/cookies/third-party-cookie-relaxing.html: Added.
+
+ * platform/gtk/Skipped:
+ * platform/qt/Skipped:
+
2010-03-08 Jian Li <jianli at chromium.org>
Reviewed by Dmitry Titov.
diff --git a/LayoutTests/http/tests/cookies/resources/cookie-utility.php b/LayoutTests/http/tests/cookies/resources/cookie-utility.php
new file mode 100644
index 0000000..f77aa38
--- /dev/null
+++ b/LayoutTests/http/tests/cookies/resources/cookie-utility.php
@@ -0,0 +1,40 @@
+<?php
+parse_str($_SERVER["QUERY_STRING"]);
+
+function deleteCookie($value, $name)
+{
+ setcookie($name, "deleted", time() - 86400);
+}
+
+if ($queryfunction == "deleteCookies") {
+ array_walk($_COOKIE, deleteCookie);
+ echo "Deleted all cookies";
+ return;
+}
+
+if ($queryfunction == "setFooCookie") {
+ setcookie("foo", "awesomevalue", time() + 86400);
+ echo "Set the foo cookie";
+ return;
+}
+
+if ($queryfunction == "setFooAndBarCookie") {
+ setcookie("foo", "awesomevalue", time() + 86400);
+ setcookie("bar", "anotherawesomevalue", time() + 86400);
+ echo "Set the foo and bar cookies";
+ return;
+}
+
+// Default for any other string is echo cookies.
+function echoCookie($value, $name)
+{
+ echo "$name = $value\n";
+}
+
+function echoAllCookies()
+{
+ echo "Cookies are:\n";
+ array_walk($_COOKIE, echoCookie);
+}
+
+?>
diff --git a/LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html b/LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html
new file mode 100644
index 0000000..e948d8a
--- /dev/null
+++ b/LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html
@@ -0,0 +1,47 @@
+<html>
+<script>
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+window.onmessage = function(evt)
+{
+ if (evt.data == "showCookies") {
+ showCookies();
+ return;
+ } else if (evt.data.split(" ")[0] == "sendXHR") {
+ sendXHR(evt.data.split(" ")[1]);
+ return;
+ } else
+ alert("Unknown message.");
+}
+
+var stage = 1;
+function showCookies()
+{
+ alert("Test stage " + stage++ + " document.cookie is: " + document.cookie);
+ parent.window.postMessage("done", "*");
+}
+
+function sendXHR(queryCommand)
+{
+ var baseurl = "http://localhost:8000/cookies/resources/cookie-utility.php";
+ var url = queryCommand ? baseurl + "?queryfunction=" + queryCommand : baseurl;
+ alert(url);
+ var req = new XMLHttpRequest();
+ req.open('GET', url, false);
+ req.send();
+
+ if (req.status == 200)
+ alert("XHR response - " + req.responseText);
+ else
+ alert("xhr error");
+
+ parent.window.postMessage("done", "*");
+}
+
+</script>
+<body>
+HELLO THERE
+</body>
+</html>
diff --git a/LayoutTests/http/tests/cookies/third-party-cookie-relaxing-expected.txt b/LayoutTests/http/tests/cookies/third-party-cookie-relaxing-expected.txt
new file mode 100644
index 0000000..184a97a
--- /dev/null
+++ b/LayoutTests/http/tests/cookies/third-party-cookie-relaxing-expected.txt
@@ -0,0 +1,47 @@
+ALERT:
+
+ALERT: Allowing all cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=deleteCookies
+ALERT: XHR response - Deleted all cookies
+ALERT: Test stage 1 document.cookie is:
+ALERT: Restricting to first party only cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=setFooCookie
+ALERT: XHR response - Set the foo cookie
+ALERT: Test stage 2 document.cookie is:
+ALERT:
+
+ALERT: Allowing all cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=deleteCookies
+ALERT: XHR response - Deleted all cookies
+ALERT: Test stage 3 document.cookie is:
+ALERT: Restricting to first party only cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=setFooAndBarCookie
+ALERT: XHR response - Set the foo and bar cookies
+ALERT: Test stage 4 document.cookie is:
+ALERT:
+
+ALERT: Allowing all cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=deleteCookies
+ALERT: XHR response - Deleted all cookies
+ALERT: Test stage 5 document.cookie is:
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=setFooCookie
+ALERT: XHR response - Set the foo cookie
+ALERT: Test stage 6 document.cookie is: foo=awesomevalue
+ALERT: Restricting to first party only cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=deleteCookies
+ALERT: XHR response - Deleted all cookies
+ALERT: Test stage 7 document.cookie is:
+ALERT:
+
+ALERT: Allowing all cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=deleteCookies
+ALERT: XHR response - Deleted all cookies
+ALERT: Test stage 8 document.cookie is:
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=setFooCookie
+ALERT: XHR response - Set the foo cookie
+ALERT: Test stage 9 document.cookie is: foo=awesomevalue
+ALERT: Restricting to first party only cookies
+ALERT: http://localhost:8000/cookies/resources/cookie-utility.php?queryfunction=setFooAndBarCookie
+ALERT: XHR response - Set the foo and bar cookies
+ALERT: Test stage 10 document.cookie is: bar=anotherawesomevalue; foo=awesomevalue
+
diff --git a/LayoutTests/http/tests/cookies/third-party-cookie-relaxing.html b/LayoutTests/http/tests/cookies/third-party-cookie-relaxing.html
new file mode 100644
index 0000000..803830b
--- /dev/null
+++ b/LayoutTests/http/tests/cookies/third-party-cookie-relaxing.html
@@ -0,0 +1,92 @@
+<html>
+<head>
+<script>
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+window.onmessage = function(evt)
+{
+ if (evt.data != "done") {
+ alert("Unexpected message: " + evt.data);
+ return;
+ }
+
+ runNextTestOrFinish();
+}
+
+function allowAllCookies()
+{
+ alert("Allowing all cookies");
+ if (window.layoutTestController)
+ layoutTestController.setAlwaysAcceptCookies(true);
+ runNextTestOrFinish();
+}
+
+function restrictCookies()
+{
+ alert("Restricting to first party only cookies");
+ if (window.layoutTestController)
+ layoutTestController.setAlwaysAcceptCookies(false);
+ runNextTestOrFinish();
+}
+
+function deleteAllCookies()
+{
+ sendXHR("deleteCookies");
+}
+
+function echoCookies()
+{
+ window.frames[0].postMessage("showCookies", "*");
+}
+
+function sendXHR(command)
+{
+ window.frames[0].postMessage("sendXHR " + command, "*");
+}
+
+function setFooCookie()
+{
+ sendXHR("setFooCookie");
+}
+
+function setFooAndBarCookies()
+{
+ sendXHR("setFooAndBarCookie");
+}
+
+function startNewTest()
+{
+ alert("\n");
+ runNextTestOrFinish();
+}
+
+var currentFunction = 0;
+var functions = new Array(
+ startNewTest, allowAllCookies, deleteAllCookies, echoCookies, restrictCookies, setFooCookie, echoCookies,
+ startNewTest, allowAllCookies, deleteAllCookies, echoCookies, restrictCookies, setFooAndBarCookies, echoCookies,
+ startNewTest, allowAllCookies, deleteAllCookies, echoCookies, setFooCookie, echoCookies, restrictCookies, deleteAllCookies, echoCookies,
+ startNewTest, allowAllCookies, deleteAllCookies, echoCookies, setFooCookie, echoCookies, restrictCookies, setFooAndBarCookies, echoCookies
+);
+
+function runNextTestOrFinish()
+{
+ if (currentFunction >= functions.length) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ return;
+ }
+
+ var functionToRun = currentFunction++;
+ functions[functionToRun]();
+}
+
+</script>
+</head>
+<body onload="runNextTestOrFinish();">
+<iframe id='testFrame' src="http://localhost:8000/cookies/resources/third-party-cookie-relaxing-iframe.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/platform/gtk/Skipped b/LayoutTests/platform/gtk/Skipped
index 8891801..ebe7b9d 100644
--- a/LayoutTests/platform/gtk/Skipped
+++ b/LayoutTests/platform/gtk/Skipped
@@ -5809,6 +5809,9 @@ fast/dom/Geolocation/permission-denied.html
# https://bugs.webkit.org/show_bug.cgi?id=35793
media/video-preload.html
+# https://bugs.webkit.org/show_bug.cgi?id=35824 - Doesn't apply to platforms that don't enforce the CFNetwork-style 3rd party cookie policy
+http/tests/cookies/third-party-cookie-relaxing.html
+
# Needs double click support in DRT
# See https://bugs.webkit.org/show_bug.cgi?id=35862
fast/events/zoom-dblclick.html
diff --git a/LayoutTests/platform/qt/Skipped b/LayoutTests/platform/qt/Skipped
index 184f476..27e7069 100644
--- a/LayoutTests/platform/qt/Skipped
+++ b/LayoutTests/platform/qt/Skipped
@@ -5095,3 +5095,9 @@ java
# see https://bugs.webkit.org/show_bug.cgi?id=33180.
# Core functionality is tested in plugins/private-browsing-mode-2.html
plugins/private-browsing-mode.html
+
+# Qt's DRT doesn't not seem to support the layoutTestController.evaluateScriptInIsolatedWorld() call.
+storage/open-database-creation-callback-isolated-world.html
+
+# https://bugs.webkit.org/show_bug.cgi?id=35824 - Doesn't apply to platforms that don't enforce the CFNetwork-style 3rd party cookie policy
+http/tests/cookies/third-party-cookie-relaxing.html
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c2b7bf5..4b2ce8f 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2010-03-08 Brady Eidson <beidson at apple.com>
+
+ Reviewed by Anders Carlsson.
+
+ Relax the 3rd party cookie policy in cases where it won't add a new tracking vector.
+ <rdar://problem/7163012> and https://bugs.webkit.org/show_bug.cgi?id=35824
+
+ Test: http/tests/cookies/third-party-cookie-relaxing.html
+
+ If the 3rd-party domain in question already has a cookie set, allow changes
+ by setting the first party url of the request to be the url of the request itself:
+ * platform/network/cf/ResourceHandleCFNet.cpp:
+ (WebCore::makeFinalRequest):
+
+ Ditto:
+ * platform/network/mac/ResourceHandleMac.mm:
+ (WebCore::ResourceHandle::start):
+ (WebCore::ResourceHandle::loadResourceSynchronously):
+
+ I've filed <rdar://problem/7728508> to track changing the policy in our networking layer.
+
2010-03-08 Jian Li <jianli at chromium.org>
Reviewed by Dmitry Titov.
diff --git a/WebCore/platform/network/cf/ResourceHandleCFNet.cpp b/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
index a6c90e5..472f247 100644
--- a/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
+++ b/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
@@ -350,7 +350,16 @@ static CFURLRequestRef makeFinalRequest(const ResourceRequest& request, bool sho
if (CFHTTPCookieStorageRef cookieStorage = currentCookieStorage()) {
CFURLRequestSetHTTPCookieStorage(newRequest, cookieStorage);
- CFURLRequestSetHTTPCookieStorageAcceptPolicy(newRequest, CFHTTPCookieStorageGetCookieAcceptPolicy(cookieStorage));
+ CFHTTPCookieStorageAcceptPolicy policy = CFHTTPCookieStorageGetCookieAcceptPolicy(cookieStorage);
+ CFURLRequestSetHTTPCookieStorageAcceptPolicy(newRequest, policy);
+
+ // If a URL already has cookies, then we'll relax the 3rd party cookie policy and accept new cookies.
+ if (policy == CFHTTPCookieStorageAcceptPolicyOnlyFromMainDocumentDomain) {
+ CFURLRef url = CFURLRequestGetURL(newRequest);
+ RetainPtr<CFArrayRef> cookies(AdoptCF, CFHTTPCookieStorageCopyCookiesForURL(cookieStorage, url, false));
+ if (CFArrayGetCount(cookies.get()))
+ CFURLRequestSetMainDocumentURL(newRequest, url);
+ }
}
return newRequest;
diff --git a/WebCore/platform/network/mac/ResourceHandleMac.mm b/WebCore/platform/network/mac/ResourceHandleMac.mm
index 0c67cfb..b4b5c2e 100644
--- a/WebCore/platform/network/mac/ResourceHandleMac.mm
+++ b/WebCore/platform/network/mac/ResourceHandleMac.mm
@@ -223,6 +223,12 @@ bool ResourceHandle::start(Frame* frame)
d->m_needsSiteSpecificQuirks = frame->settings() && frame->settings()->needsSiteSpecificQuirks();
+ // If a URL already has cookies, then we'll relax the 3rd party cookie policy and accept new cookies.
+ NSHTTPCookieStorage *sharedStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
+ if ([sharedStorage cookieAcceptPolicy] == NSHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain
+ && [[sharedStorage cookiesForURL:d->m_request.url()] count])
+ d->m_request.setFirstPartyForCookies(d->m_request.url());
+
NSURLConnection *connection;
if (d->m_shouldContentSniff || frame->settings()->localFileContentSniffingEnabled())
@@ -419,13 +425,22 @@ void ResourceHandle::loadResourceSynchronously(const ResourceRequest& request, S
ASSERT(!request.isEmpty());
- NSURLRequest *nsRequest;
+ NSMutableURLRequest *mutableRequest = nil;
if (!shouldContentSniffURL(request.url())) {
- NSMutableURLRequest *mutableRequest = [[request.nsURLRequest() mutableCopy] autorelease];
+ mutableRequest = [[request.nsURLRequest() mutableCopy] autorelease];
wkSetNSURLRequestShouldContentSniff(mutableRequest, NO);
- nsRequest = mutableRequest;
- } else
- nsRequest = request.nsURLRequest();
+ }
+
+ // If a URL already has cookies, then we'll ignore the 3rd party cookie policy and accept new cookies.
+ NSHTTPCookieStorage *sharedStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
+ if ([sharedStorage cookieAcceptPolicy] == NSHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain
+ && [[sharedStorage cookiesForURL:request.url()] count]) {
+ if (!mutableRequest)
+ mutableRequest = [[request.nsURLRequest() mutableCopy] autorelease];
+ [mutableRequest setMainDocumentURL:[mutableRequest URL]];
+ }
+
+ NSURLRequest *nsRequest = mutableRequest ? mutableRequest : request.nsURLRequest();
BEGIN_BLOCK_OBJC_EXCEPTIONS;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list