WebKit Bugzilla
Attachment 362682 Details for
Bug 191645
: [Curl] Implement Cookie Accept Policy.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-191645-20190222115121.patch (text/plain), 33.26 KB, created by
Takashi Komori
on 2019-02-21 18:54:07 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Takashi Komori
Created:
2019-02-21 18:54:07 PST
Size:
33.26 KB
patch
obsolete
>Subversion Revision: 241916 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index c21b2f12f9501db7ccc915ea9419aa6489bbc0c6..5872ccd7885c2977202c00b5c1be302374728351 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,51 @@ >+2019-02-21 Takashi Komori <Takashi.Komori@sony.com> >+ >+ [Curl] Implement Cookie Accept Policy. >+ https://bugs.webkit.org/show_bug.cgi?id=191645 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Make Curl network layer respect to coookie accept policy. >+ This patch fixes tests below on TestRunner, but doesn't fix tests on DumpRenderTree. >+ >+ Tests: http/tests/cookies/only-accept-first-party-cookies.html >+ http/tests/cookies/third-party-cookie-relaxing.html >+ http/tests/security/cookies/third-party-cookie-blocking-redirect.html >+ http/tests/security/cookies/third-party-cookie-blocking-user-action.html >+ http/tests/security/cookies/third-party-cookie-blocking-xslt.xml >+ http/tests/security/cookies/third-party-cookie-blocking.html >+ >+ * platform/network/curl/CookieJarCurl.cpp: >+ (WebCore::cookiesForSession): >+ (WebCore::CookieJarCurl::setCookiesFromDOM const): >+ (WebCore::CookieJarCurl::setCookiesFromHTTPResponse const): >+ (WebCore::CookieJarCurl::setCookieAcceptPolicy const): >+ (WebCore::CookieJarCurl::cookieAcceptPolicy const): >+ (WebCore::CookieJarCurl::getRawCookies const): >+ * platform/network/curl/CookieJarCurl.h: >+ * platform/network/curl/CookieJarDB.cpp: >+ (WebCore::CookieJarDB::openDatabase): >+ (WebCore::CookieJarDB::isEnabled const): >+ (WebCore::CookieJarDB::checkCookieAcceptPolicy): >+ (WebCore::CookieJarDB::hasCookies): >+ (WebCore::CookieJarDB::searchCookies): >+ (WebCore::CookieJarDB::canAcceptCookie): >+ (WebCore::CookieJarDB::setCookie): >+ (WebCore::CookieJarDB::setEnabled): Deleted. >+ * platform/network/curl/CookieJarDB.h: >+ (WebCore::CookieJarDB::setAcceptPolicy): >+ (WebCore::CookieJarDB::acceptPolicy const): >+ * platform/network/curl/CookieUtil.cpp: >+ (WebCore::CookieUtil::isFirstPartyDomain): >+ (WebCore::CookieUtil::parseCookieAttributes): >+ (WebCore::CookieUtil::parseCookieHeader): >+ (WebCore::CookieUtil::defaultPathForURL): >+ * platform/network/curl/CookieUtil.h: >+ * platform/network/curl/CurlResourceHandleDelegate.cpp: >+ (WebCore::handleCookieHeaders): >+ (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): >+ * platform/network/curl/PublicSuffixCurl.cpp: >+ > 2019-02-21 Per Arne Vollan <pvollan@apple.com> > > Layout Test fast/text/international/khmer-selection.html is crashing >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index cba59768c20198cf950ebfc9ecfe2abdd76c7c86..2a46ed710bc8ac8ab03dcc269c7c36b315306f0c 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,18 @@ >+2019-02-21 Takashi Komori <Takashi.Komori@sony.com> >+ >+ [Curl] Implement Cookie Accept Policy. >+ https://bugs.webkit.org/show_bug.cgi?id=191645 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp: >+ (WebKit::WebCookieManager::platformSetHTTPCookieAcceptPolicy): >+ (WebKit::WebCookieManager::platformGetHTTPCookieAcceptPolicy): >+ * NetworkProcess/curl/NetworkDataTaskCurl.cpp: >+ (WebKit::NetworkDataTaskCurl::curlDidReceiveResponse): >+ (WebKit::NetworkDataTaskCurl::handleCookieHeaders): >+ * NetworkProcess/curl/NetworkDataTaskCurl.h: >+ > 2019-02-21 Alex Christensen <achristensen@webkit.org> > > API::HTTPCookieStore should expose setCookies() >diff --git a/Source/WebCore/platform/network/curl/CookieJarCurl.cpp b/Source/WebCore/platform/network/curl/CookieJarCurl.cpp >index f9b45e8b506e765941214f59a937579ba910dbe0..2c11568fce5b2891260da3be91f8917c085127a8 100644 >--- a/Source/WebCore/platform/network/curl/CookieJarCurl.cpp >+++ b/Source/WebCore/platform/network/curl/CookieJarCurl.cpp >@@ -39,7 +39,7 @@ > > namespace WebCore { > >-static String cookiesForSession(const NetworkStorageSession& session, const URL&, const URL& url, bool forHTTPHeader) >+static String cookiesForSession(const NetworkStorageSession& session, const URL& firstParty, const URL& url, bool forHTTPHeader) > { > StringBuilder cookies; > >@@ -47,7 +47,7 @@ static String cookiesForSession(const NetworkStorageSession& session, const URL& > auto searchHTTPOnly = (forHTTPHeader ? WTF::nullopt : Optional<bool> {false}); > auto secure = url.protocolIs("https") ? WTF::nullopt : Optional<bool> {false}; > >- if (auto result = cookieJarDB.searchCookies(url.string(), searchHTTPOnly, secure, WTF::nullopt)) { >+ if (auto result = cookieJarDB.searchCookies(firstParty, url, searchHTTPOnly, secure, WTF::nullopt)) { > for (auto& cookie : *result) { > if (!cookies.isEmpty()) > cookies.append("; "); >@@ -63,16 +63,15 @@ void CookieJarCurl::setCookiesFromDOM(const NetworkStorageSession& session, cons > { > UNUSED_PARAM(frameID); > UNUSED_PARAM(pageID); >- UNUSED_PARAM(firstParty); > > CookieJarDB& cookieJarDB = session.cookieDatabase(); >- cookieJarDB.setCookie(url.string(), value, CookieJarDB::Source::Script); >+ cookieJarDB.setCookie(firstParty, url, value, CookieJarDB::Source::Script); > } > >-void CookieJarCurl::setCookiesFromHTTPResponse(const NetworkStorageSession& session, const URL& url, const String& value) const >+void CookieJarCurl::setCookiesFromHTTPResponse(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& value) const > { > CookieJarDB& cookieJarDB = session.cookieDatabase(); >- cookieJarDB.setCookie(url.string(), value, CookieJarDB::Source::Network); >+ cookieJarDB.setCookie(firstParty, url, value, CookieJarDB::Source::Network); > } > > std::pair<String, bool> CookieJarCurl::cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const SameSiteInfo&, const URL& url, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const >@@ -98,6 +97,17 @@ std::pair<String, bool> CookieJarCurl::cookieRequestHeaderFieldValue(const Netwo > return cookieRequestHeaderFieldValue(session, headerFieldProxy.firstParty, headerFieldProxy.sameSiteInfo, headerFieldProxy.url, headerFieldProxy.frameID, headerFieldProxy.pageID, headerFieldProxy.includeSecureCookies); > } > >+void CookieJarCurl::setCookieAcceptPolicy(const NetworkStorageSession& session, CookieAcceptPolicy policy) const >+{ >+ auto& cookieJarDB = session.cookieDatabase(); >+ cookieJarDB.setAcceptPolicy(policy); >+} >+ >+CookieAcceptPolicy CookieJarCurl::cookieAcceptPolicy(const NetworkStorageSession& session) const >+{ >+ return session.cookieDatabase().acceptPolicy(); >+} >+ > bool CookieJarCurl::cookiesEnabled(const NetworkStorageSession& session) const > { > return session.cookieDatabase().isEnabled(); >@@ -109,7 +119,7 @@ bool CookieJarCurl::getRawCookies(const NetworkStorageSession& session, const UR > UNUSED_PARAM(pageID); > > CookieJarDB& cookieJarDB = session.cookieDatabase(); >- if (auto cookies = cookieJarDB.searchCookies(firstParty.string(), WTF::nullopt, WTF::nullopt, WTF::nullopt)) { >+ if (auto cookies = cookieJarDB.searchCookies(firstParty, firstParty, WTF::nullopt, WTF::nullopt, WTF::nullopt)) { > rawCookies = WTFMove(*cookies); > return true; > } >diff --git a/Source/WebCore/platform/network/curl/CookieJarCurl.h b/Source/WebCore/platform/network/curl/CookieJarCurl.h >index f1a4c789579d01e3b01376ae94d04d0cdc448dc6..8941023f8068ea7480b7c50d5ce6f8df55ce2b93 100644 >--- a/Source/WebCore/platform/network/curl/CookieJarCurl.h >+++ b/Source/WebCore/platform/network/curl/CookieJarCurl.h >@@ -37,12 +37,15 @@ enum class IncludeSecureCookies : bool; > struct Cookie; > struct CookieRequestHeaderFieldProxy; > struct SameSiteInfo; >+enum class CookieAcceptPolicy; > > class CookieJarCurl { > public: > std::pair<String, bool> cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const; > void setCookiesFromDOM(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, const String&) const; >- void setCookiesFromHTTPResponse(const NetworkStorageSession&, const URL&, const String&) const; >+ void setCookiesFromHTTPResponse(const NetworkStorageSession&, const URL& firstParty, const URL&, const String&) const; >+ void setCookieAcceptPolicy(const NetworkStorageSession&, CookieAcceptPolicy) const; >+ CookieAcceptPolicy cookieAcceptPolicy(const NetworkStorageSession&) const; > bool cookiesEnabled(const NetworkStorageSession&) const; > std::pair<String, bool> cookieRequestHeaderFieldValue(const NetworkStorageSession&, const URL& firstParty, const SameSiteInfo&, const URL&, Optional<uint64_t> frameID, Optional<uint64_t> pageID, IncludeSecureCookies) const; > std::pair<String, bool> cookieRequestHeaderFieldValue(const NetworkStorageSession&, const CookieRequestHeaderFieldProxy&) const; >diff --git a/Source/WebCore/platform/network/curl/CookieJarDB.cpp b/Source/WebCore/platform/network/curl/CookieJarDB.cpp >index eec951ef69c8f72a9591e074eab83528de4c6d00..fa4a9ff4e6a76bb9b3bfab18c67a6053d9457757 100644 >--- a/Source/WebCore/platform/network/curl/CookieJarDB.cpp >+++ b/Source/WebCore/platform/network/curl/CookieJarDB.cpp >@@ -27,16 +27,13 @@ > > #include "CookieUtil.h" > #include "Logging.h" >+#include "PublicSuffix.h" > #include "SQLiteFileSystem.h" > #include <wtf/FileSystem.h> > #include <wtf/MonotonicTime.h> > #include <wtf/URL.h> > #include <wtf/text/StringConcatenateNumbers.h> > >-#if ENABLE(PUBLIC_SUFFIX_LIST) >-#include "PublicSuffix.h" >-#endif >- > namespace WebCore { > > #define CORRUPT_MARKER_SUFFIX "-corrupted" >@@ -61,6 +58,8 @@ namespace WebCore { > "CREATE INDEX IF NOT EXISTS domain_index ON Cookie(domain);" > #define CREATE_PATH_INDEX_SQL \ > "CREATE INDEX IF NOT EXISTS path_index ON Cookie(path);" >+#define CHECK_EXISTS_COOKIE_SQL \ >+ "SELECT domain FROM Cookie WHERE ((domain = ?) OR (domain GLOB ?));" > #define CHECK_EXISTS_HTTPONLY_COOKIE_SQL \ > "SELECT name FROM Cookie WHERE (name = ?) AND (domain = ?) AND (path = ?) AND (httponly = 1);" > #define SET_COOKIE_SQL \ >@@ -82,11 +81,6 @@ namespace WebCore { > static constexpr int schemaVersion = 1; > > >-void CookieJarDB::setEnabled(bool enable) >-{ >- m_isEnabled = enable; >-} >- > CookieJarDB::CookieJarDB(const String& databasePath) > : m_databasePath(databasePath) > { >@@ -162,6 +156,7 @@ bool CookieJarDB::openDatabase() > > // create prepared statements > createPrepareStatement(SET_COOKIE_SQL); >+ createPrepareStatement(CHECK_EXISTS_COOKIE_SQL); > createPrepareStatement(CHECK_EXISTS_HTTPONLY_COOKIE_SQL); > createPrepareStatement(DELETE_COOKIE_BY_NAME_DOMAIN_PATH_SQL); > createPrepareStatement(DELETE_COOKIE_BY_NAME_DOMAIN_SQL); >@@ -309,17 +304,61 @@ bool CookieJarDB::isEnabled() const > if (m_databasePath.isEmpty()) > return false; > >- return m_isEnabled; >+ return (m_acceptPolicy == CookieAcceptPolicy::Always || m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain || m_acceptPolicy == CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain); >+} >+ >+bool CookieJarDB::checkCookieAcceptPolicy(const URL& firstParty, const URL& url) >+{ >+ if (m_acceptPolicy == CookieAcceptPolicy::Always) >+ return true; >+ >+ // See https://bugs.webkit.org/show_bug.cgi?id=193458#c0 >+ if (m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain || m_acceptPolicy == CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain) { >+ if (firstParty == url) >+ return true; >+ >+ if (CookieUtil::isFirstPartyDomain(firstParty, url)) >+ return true; >+ >+ // third-party resources can read or write cookies if they have pre-existing cookies. >+ if (m_acceptPolicy == CookieAcceptPolicy::OnlyFromMainDocumentDomain && hasCookies(url)) >+ return true; >+ } >+ >+ return false; > } > >-Optional<Vector<Cookie>> CookieJarDB::searchCookies(const String& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session) >+bool CookieJarDB::hasCookies(const URL& url) >+{ >+ String host = url.host().convertToASCIILowercase(); >+ if (host.isEmpty()) >+ return false; >+ >+ String topPrivateDomain = topPrivatelyControlledDomain(host); >+ >+ auto& statement = preparedStatement(CHECK_EXISTS_COOKIE_SQL); >+ >+ if (CookieUtil::isIPAddress(host) || !host.contains('.') || topPrivateDomain.isEmpty()) { >+ statement.bindText(1, host); >+ statement.bindNull(2); >+ } else { >+ statement.bindText(1, topPrivateDomain); >+ statement.bindText(2, String("*.") + topPrivateDomain); >+ } >+ >+ return statement.step() == SQLITE_ROW; >+} >+ >+Optional<Vector<Cookie>> CookieJarDB::searchCookies(const URL& firstParty, const URL& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session) > { > if (!isEnabled() || !m_database.isOpen()) > return WTF::nullopt; > >- URL requestUrlObj({ }, requestUrl); >- String requestHost(requestUrlObj.host().toString().convertToASCIILowercase()); >- String requestPath(requestUrlObj.path().convertToASCIILowercase()); >+ if (!checkCookieAcceptPolicy(firstParty, requestUrl)) >+ return WTF::nullopt; >+ >+ String requestHost = requestUrl.host().convertToASCIILowercase(); >+ String requestPath = requestUrl.path().convertToASCIILowercase(); > > if (requestHost.isEmpty()) > return WTF::nullopt; >@@ -349,22 +388,11 @@ Optional<Vector<Cookie>> CookieJarDB::searchCookies(const String& requestUrl, co > if (CookieUtil::isIPAddress(requestHost) || !requestHost.contains('.')) > pstmt->bindNull(5); > else { >-#if ENABLE(PUBLIC_SUFFIX_LIST) > String topPrivateDomain = topPrivatelyControlledDomain(requestHost); > if (!topPrivateDomain.isEmpty()) > pstmt->bindText(5, String("*.") + topPrivateDomain); > else > pstmt->bindNull(5); >-#else >- // Fallback to glob for cookies under the second level domain e.g. *.domain.com >- // This will return too many cookies under multilevel tlds such as *.co.uk, but they will get filtered out later. >- size_t topLevelSeparator = requestHost.reverseFind('.'); >- size_t secondLevelSeparator = requestHost.reverseFind('.', topLevelSeparator-1); >- String localDomain = secondLevelSeparator == notFound ? requestHost : requestHost.substring(secondLevelSeparator+1); >- >- ASSERT(!localDomain.isEmpty()); >- pstmt->bindText(5, String("*.") + localDomain); >-#endif > } > > if (!pstmt) >@@ -424,18 +452,19 @@ bool CookieJarDB::hasHttpOnlyCookie(const String& name, const String& domain, co > return statement.step() == SQLITE_ROW; > } > >-bool CookieJarDB::canAcceptCookie(const Cookie& cookie, const String& host, CookieJarDB::Source source) >+bool CookieJarDB::canAcceptCookie(const Cookie& cookie, const URL& firstParty, const URL& url, CookieJarDB::Source source) > { >-#if ENABLE(PUBLIC_SUFFIX_LIST) > if (isPublicSuffix(cookie.domain)) > return false; >-#endif > > bool fromJavaScript = source == CookieJarDB::Source::Script; > if (fromJavaScript && (cookie.httpOnly || hasHttpOnlyCookie(cookie.name, cookie.domain, cookie.path))) > return false; > >- if (!CookieUtil::domainMatch(cookie.domain, host)) >+ if (!CookieUtil::domainMatch(cookie.domain, url.host().convertToASCIILowercase())) >+ return false; >+ >+ if (!checkCookieAcceptPolicy(firstParty, url)) > return false; > > return true; >@@ -461,7 +490,7 @@ bool CookieJarDB::setCookie(const Cookie& cookie) > return checkSQLiteReturnCode(statement.step()); > } > >-bool CookieJarDB::setCookie(const String& url, const String& body, CookieJarDB::Source source) >+bool CookieJarDB::setCookie(const URL& firstParty, const URL& url, const String& body, CookieJarDB::Source source) > { > if (!isEnabled() || !m_database.isOpen()) > return false; >@@ -469,21 +498,17 @@ bool CookieJarDB::setCookie(const String& url, const String& body, CookieJarDB:: > if (url.isEmpty() || body.isEmpty()) > return false; > >- URL urlObj({ }, url); >- String host(urlObj.host().toString()); >- String path(urlObj.path()); >- > auto cookie = CookieUtil::parseCookieHeader(body); > if (!cookie) > return false; > > if (cookie->domain.isEmpty()) >- cookie->domain = String(host); >+ cookie->domain = url.host().convertToASCIILowercase(); > > if (cookie->path.isEmpty()) >- cookie->path = CookieUtil::defaultPathForURL(urlObj); >+ cookie->path = CookieUtil::defaultPathForURL(url); > >- if (!canAcceptCookie(*cookie, host, source)) >+ if (!canAcceptCookie(*cookie, firstParty, url, source)) > return false; > > return setCookie(*cookie); >diff --git a/Source/WebCore/platform/network/curl/CookieJarDB.h b/Source/WebCore/platform/network/curl/CookieJarDB.h >index de58032e335ad89bb03893c30e0420a5665ee9e7..d585049da4997e71456984d8ac52e45214dbf2ae 100644 >--- a/Source/WebCore/platform/network/curl/CookieJarDB.h >+++ b/Source/WebCore/platform/network/curl/CookieJarDB.h >@@ -36,6 +36,13 @@ > > namespace WebCore { > >+enum class CookieAcceptPolicy { >+ Always, >+ Never, >+ OnlyFromMainDocumentDomain, >+ ExclusivelyFromMainDocumentDomain >+}; >+ > class CookieJarDB { > WTF_MAKE_NONCOPYABLE(CookieJarDB); > >@@ -44,12 +51,15 @@ public: > Network, > Script > }; >+ > void open(); > bool isEnabled() const; >- void setEnabled(bool); > >- Optional<Vector<Cookie>> searchCookies(const String& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session); >- bool setCookie(const String& url, const String& cookie, Source); >+ void setAcceptPolicy(CookieAcceptPolicy policy) { m_acceptPolicy = policy; } >+ CookieAcceptPolicy acceptPolicy() const { return m_acceptPolicy; } >+ >+ Optional<Vector<Cookie>> searchCookies(const URL& firstParty, const URL& requestUrl, const Optional<bool>& httpOnly, const Optional<bool>& secure, const Optional<bool>& session); >+ bool setCookie(const URL& firstParty, const URL&, const String& cookie, Source); > bool setCookie(const Cookie&); > > bool deleteCookie(const String& url, const String& name); >@@ -60,8 +70,7 @@ public: > WEBCORE_EXPORT ~CookieJarDB(); > > private: >- >- bool m_isEnabled { true }; >+ CookieAcceptPolicy m_acceptPolicy { CookieAcceptPolicy::Always }; > String m_databasePath; > > bool m_detectedDatabaseCorruption { false }; >@@ -88,7 +97,9 @@ private: > > bool deleteCookieInternal(const String& name, const String& domain, const String& path); > bool hasHttpOnlyCookie(const String& name, const String& domain, const String& path); >- bool canAcceptCookie(const Cookie&, const String& host, CookieJarDB::Source); >+ bool canAcceptCookie(const Cookie&, const URL& firstParty, const URL&, CookieJarDB::Source); >+ bool checkCookieAcceptPolicy(const URL& firstParty, const URL&); >+ bool hasCookies(const URL&); > > SQLiteDatabase m_database; > HashMap<String, std::unique_ptr<SQLiteStatement>> m_statements; >diff --git a/Source/WebCore/platform/network/curl/CookieUtil.cpp b/Source/WebCore/platform/network/curl/CookieUtil.cpp >index 1bdb84c61bbab2591a1708987d195d5cbe40cf9d..f8b90bb36a68a439fe95b15eee3837e36028cacd 100644 >--- a/Source/WebCore/platform/network/curl/CookieUtil.cpp >+++ b/Source/WebCore/platform/network/curl/CookieUtil.cpp >@@ -28,6 +28,7 @@ > #if USE(CURL) > > #include "Cookie.h" >+#include "PublicSuffix.h" > > #include <wtf/DateMath.h> > #include <wtf/Optional.h> >@@ -79,6 +80,23 @@ bool domainMatch(const String& cookieDomain, const String& host) > return false; > } > >+bool isFirstPartyDomain(const URL& firstParty, const URL& url) >+{ >+ String domain = topPrivatelyControlledDomain(firstParty.host().toString()); >+ String host = url.host().convertToASCIILowercase(); >+ >+ auto index = host.reverseFind(domain); >+ bool tailMatch = (index != WTF::notFound && index + domain.length() == host.length()); >+ >+ if (tailMatch && !index) >+ return true; >+ >+ if (tailMatch && index > 0 && host[index - 1] == '.') >+ return true; >+ >+ return false; >+} >+ > static Optional<double> parseExpires(const char* expires) > { > double tmp = WTF::parseDateFromNullTerminatedCharacters(expires); >@@ -113,7 +131,7 @@ static void parseCookieAttributes(const String& attribute, bool& hasMaxAge, Cook > if (!isIPAddress(attributeValue) && !attributeValue.startsWith('.') && attributeValue.find('.') != notFound) > attributeValue = "." + attributeValue; > >- result.domain = attributeValue; >+ result.domain = attributeValue.convertToASCIILowercase(); > > } else if (equalIgnoringASCIICase(attributeName, "max-age")) { > bool ok; >@@ -133,7 +151,7 @@ static void parseCookieAttributes(const String& attribute, bool& hasMaxAge, Cook > } > } else if (equalIgnoringASCIICase(attributeName, "path")) { > if (!attributeValue.isEmpty() && attributeValue.startsWith('/')) >- result.path = attributeValue; >+ result.path = attributeValue.convertToASCIILowercase(); > } > } > >@@ -150,7 +168,7 @@ Optional<Cookie> parseCookieHeader(const String& cookieLine) > > String cookieName; > String cookieValue; >- size_t assignmentPosition = cookieLine.find('='); >+ size_t assignmentPosition = cookiePair.find('='); > > // RFC6265 says to ignore cookies pairs with empty names or no assignment character > // but browsers seem to treat this type of cookie string as the cookie value >@@ -178,7 +196,7 @@ String defaultPathForURL(const URL& url) > { > // Algorithm to generate the default path is outlined in https://tools.ietf.org/html/rfc6265#section-5.1.4 > >- String path = url.path(); >+ String path = url.path().convertToASCIILowercase(); > if (path.isEmpty() || !path.startsWith('/')) > return "/"; > >diff --git a/Source/WebCore/platform/network/curl/CookieUtil.h b/Source/WebCore/platform/network/curl/CookieUtil.h >index 956c153a93bf301743b8eeadc11900017f5123ec..7b50980a2d7c18d146e525bdb51608fab30b0bdc 100644 >--- a/Source/WebCore/platform/network/curl/CookieUtil.h >+++ b/Source/WebCore/platform/network/curl/CookieUtil.h >@@ -39,6 +39,7 @@ Optional<Cookie> parseCookieHeader(const String&); > bool isIPAddress(const String&); > > bool domainMatch(const String& cookieDomain, const String& host); >+bool isFirstPartyDomain(const URL& firstParty, const URL&); > > WEBCORE_EXPORT String defaultPathForURL(const URL&); > >diff --git a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >index 5bdafcda4fa3e2af5f6f15021a53f0abc970c1ce..e675f02665249da68e7a3e49ea2082140dfd6090 100644 >--- a/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >+++ b/Source/WebCore/platform/network/curl/CurlResourceHandleDelegate.cpp >@@ -85,7 +85,7 @@ void CurlResourceHandleDelegate::curlDidSendData(CurlRequest& request, unsigned > client()->didSendData(&m_handle, bytesSent, totalBytesToBeSent); > } > >-static void handleCookieHeaders(ResourceHandleInternal* d, const CurlResponse& response) >+static void handleCookieHeaders(ResourceHandleInternal* d, const ResourceRequest& request, const CurlResponse& response) > { > static const auto setCookieHeader = "set-cookie: "; > >@@ -94,7 +94,7 @@ static void handleCookieHeaders(ResourceHandleInternal* d, const CurlResponse& r > for (const auto& header : response.headers) { > if (header.startsWithIgnoringASCIICase(setCookieHeader)) { > const auto contents = header.right(header.length() - strlen(setCookieHeader)); >- cookieJar.setCookiesFromHTTPResponse(storageSession, response.url, contents); >+ cookieJar.setCookiesFromHTTPResponse(storageSession, request.firstPartyForCookies(), response.url, contents); > } > } > } >@@ -112,7 +112,7 @@ void CurlResourceHandleDelegate::curlDidReceiveResponse(CurlRequest& request, co > m_response.setCertificateInfo(request.certificateInfo().isolatedCopy()); > m_response.setDeprecatedNetworkLoadMetrics(request.networkLoadMetrics().isolatedCopy()); > >- handleCookieHeaders(d(), receivedResponse); >+ handleCookieHeaders(d(), request.resourceRequest(), receivedResponse); > > if (m_response.shouldRedirect()) { > m_handle.willSendRequest(); >diff --git a/Source/WebCore/platform/network/curl/PublicSuffixCurl.cpp b/Source/WebCore/platform/network/curl/PublicSuffixCurl.cpp >index 5f4d1fd4b98b9e355920b40166733b1ec630eddb..a88c83be757acd4ee39cfb088150c5e3f6047b00 100644 >--- a/Source/WebCore/platform/network/curl/PublicSuffixCurl.cpp >+++ b/Source/WebCore/platform/network/curl/PublicSuffixCurl.cpp >@@ -26,8 +26,6 @@ > #include "config.h" > #include "PublicSuffix.h" > >-#if ENABLE(PUBLIC_SUFFIX_LIST) >- > #include <libpsl.h> > #include <wtf/URL.h> > >@@ -70,5 +68,3 @@ String topPrivatelyControlledDomain(const String& domain) > } > > } // namespace WebCore >- >-#endif // ENABLE(PUBLIC_SUFFIX_LIST) >diff --git a/Source/WebKit/NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp b/Source/WebKit/NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp >index eb6bff1fcae02bc50da7be5a4bc091cf67dc9b27..4a829c26461551a7bd5f2b00326db56c6139e360 100644 >--- a/Source/WebKit/NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp >+++ b/Source/WebKit/NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp >@@ -26,16 +26,51 @@ > #include "config.h" > #include "WebCookieManager.h" > >+#include "NetworkProcess.h" >+#include <WebCore/NetworkStorageSession.h> >+ > namespace WebKit { > > using namespace WebCore; > >-void WebCookieManager::platformSetHTTPCookieAcceptPolicy(HTTPCookieAcceptPolicy) >+void WebCookieManager::platformSetHTTPCookieAcceptPolicy(HTTPCookieAcceptPolicy policy) > { >+ CookieAcceptPolicy curlPolicy = CookieAcceptPolicy::OnlyFromMainDocumentDomain; >+ switch (policy) { >+ case HTTPCookieAcceptPolicyAlways: >+ curlPolicy = CookieAcceptPolicy::Always; >+ break; >+ case HTTPCookieAcceptPolicyNever: >+ curlPolicy = CookieAcceptPolicy::Never; >+ break; >+ case HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain: >+ curlPolicy = CookieAcceptPolicy::OnlyFromMainDocumentDomain; >+ break; >+ case HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain: >+ curlPolicy = CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain; >+ break; >+ } >+ >+ m_process.forEachNetworkStorageSession([curlPolicy] (const auto& networkStorageSession) { >+ networkStorageSession.cookieStorage().setCookieAcceptPolicy(networkStorageSession, curlPolicy); >+ }); > } > > HTTPCookieAcceptPolicy WebCookieManager::platformGetHTTPCookieAcceptPolicy() > { >+ const auto& networkStorageSession = m_process.defaultStorageSession(); >+ switch (networkStorageSession.cookieStorage().cookieAcceptPolicy(networkStorageSession)) { >+ case CookieAcceptPolicy::Always: >+ return HTTPCookieAcceptPolicyAlways; >+ case CookieAcceptPolicy::Never: >+ return HTTPCookieAcceptPolicyNever; >+ case CookieAcceptPolicy::OnlyFromMainDocumentDomain: >+ return HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain; >+ case CookieAcceptPolicy::ExclusivelyFromMainDocumentDomain: >+ return HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain; >+ } >+ >+ ASSERT_NOT_REACHED(); > return HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain; > } > >diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >index 67786fd9c20f1f37b036e4bb20fd28aa65cd4af9..5ee059e1530528b1b3fc7d486aeb94721ed7abd3 100644 >--- a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >+++ b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp >@@ -149,7 +149,7 @@ void NetworkDataTaskCurl::curlDidReceiveResponse(CurlRequest& request, const Cur > m_response = ResourceResponse(receivedResponse); > m_response.setDeprecatedNetworkLoadMetrics(request.networkLoadMetrics().isolatedCopy()); > >- handleCookieHeaders(receivedResponse); >+ handleCookieHeaders(request.resourceRequest(), receivedResponse); > > if (m_response.shouldRedirect()) { > willPerformHTTPRedirection(); >@@ -436,7 +436,7 @@ void NetworkDataTaskCurl::appendCookieHeader(WebCore::ResourceRequest& request) > request.addHTTPHeaderField(HTTPHeaderName::Cookie, cookieHeaderField); > } > >-void NetworkDataTaskCurl::handleCookieHeaders(const CurlResponse& response) >+void NetworkDataTaskCurl::handleCookieHeaders(const WebCore::ResourceRequest& request, const CurlResponse& response) > { > static const auto setCookieHeader = "set-cookie: "; > >@@ -445,7 +445,7 @@ void NetworkDataTaskCurl::handleCookieHeaders(const CurlResponse& response) > for (auto header : response.headers) { > if (header.startsWithIgnoringASCIICase(setCookieHeader)) { > String setCookieString = header.right(header.length() - strlen(setCookieHeader)); >- cookieJar.setCookiesFromHTTPResponse(storageSession, response.url, setCookieString); >+ cookieJar.setCookiesFromHTTPResponse(storageSession, request.firstPartyForCookies(), response.url, setCookieString); > } > } > } >diff --git a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h >index 3c07de5184998e4c158e9ef7bdafa83aea9eeba1..5fdb792d72f3ed859f05dffdd66c2c47886f5d62 100644 >--- a/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h >+++ b/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h >@@ -79,7 +79,7 @@ private: > void restartWithCredential(const WebCore::ProtectionSpace&, const WebCore::Credential&); > > void appendCookieHeader(WebCore::ResourceRequest&); >- void handleCookieHeaders(const WebCore::CurlResponse&); >+ void handleCookieHeaders(const WebCore::ResourceRequest&, const WebCore::CurlResponse&); > > State m_state { State::Suspended }; > >diff --git a/Tools/ChangeLog b/Tools/ChangeLog >index 7b24a87773a53f6d84aea224a7dbdb2f2572fd4c..e16d28482492905a3ecfd573d535f037b1f77907 100644 >--- a/Tools/ChangeLog >+++ b/Tools/ChangeLog >@@ -1,3 +1,13 @@ >+2019-02-21 Takashi Komori <Takashi.Komori@sony.com> >+ >+ [Curl] Implement Cookie Accept Policy. >+ https://bugs.webkit.org/show_bug.cgi?id=191645 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp: >+ (TestWebKitAPI::Curl::TEST_F): >+ > 2019-02-21 Tim Horton <timothy_horton@apple.com> > > Fix the macOS build >diff --git a/Tools/TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp b/Tools/TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp >index b40b0d5a0a5e5fb5f4919a3da2c2fed6fcbc1c4e..92d8a192ca7b2a1081565997b0ea5b1f9aea8f65 100644 >--- a/Tools/TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp >+++ b/Tools/TestWebKitAPI/Tests/WebCore/curl/Cookies.cpp >@@ -46,7 +46,7 @@ public: > > m_cookieJar = std::make_unique<WebCore::CookieJarDB>(FileSystem::pathByAppendingComponent(m_cookieDirectory, "cookiedb.sql")); > m_cookieJar->open(); >- m_cookieJar->setEnabled(true); >+ m_cookieJar->setAcceptPolicy(CookieAcceptPolicy::Always); > } > > void TearDown() final >@@ -64,26 +64,30 @@ protected: > > TEST_F(CurlCookies, RejectTailmatchFailureDomain) > { >+ URL url(URL(), "http://example.com"); >+ > // success: domain match >- EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=example.com", CookieJarDB::Source::Network)); >+ EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=example.com", CookieJarDB::Source::Network)); > // success: wildcard of domains >- EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=.example.com", CookieJarDB::Source::Network)); >+ EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=.example.com", CookieJarDB::Source::Network)); > // failure: specific sub domain >- EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=www.example.com", CookieJarDB::Source::Network)); >+ EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=www.example.com", CookieJarDB::Source::Network)); > // failure: different domain >- EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar; Domain=sample.com", CookieJarDB::Source::Network)); >+ EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; Domain=sample.com", CookieJarDB::Source::Network)); > } > > TEST_F(CurlCookies, TestHttpOnlyCase) > { >+ URL url(URL(), "http://example.com"); >+ > // success: from network >- EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "foo=bar; HttpOnly", CookieJarDB::Source::Network)); >+ EXPECT_TRUE(m_cookieJar->setCookie(url, url, "foo=bar; HttpOnly", CookieJarDB::Source::Network)); > // success: wildcard of domains >- EXPECT_TRUE(m_cookieJar->setCookie("http://example.com", "bingo=bongo;", CookieJarDB::Source::Script)); >+ EXPECT_TRUE(m_cookieJar->setCookie(url, url, "bingo=bongo;", CookieJarDB::Source::Script)); > // failure: foo is already stored as HttpOnly >- EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar;", CookieJarDB::Source::Script)); >+ EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar;", CookieJarDB::Source::Script)); > // failure: inconsistent. Source is Script, but attribute says HttpOnly >- EXPECT_FALSE(m_cookieJar->setCookie("http://example.com", "foo=bar; HttpOnly", CookieJarDB::Source::Script)); >+ EXPECT_FALSE(m_cookieJar->setCookie(url, url, "foo=bar; HttpOnly", CookieJarDB::Source::Script)); > } > > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362682">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 191645
:
361383
|
362282
|
362283
|
362288
|
362484
|
362682
|
362684
|
362979
|
363211
|
363220
|
363499
|
363580
|
363593
|
363599
|
363614