Bug 188609

Summary: [Curl] Implement default cookie path handling correctly as outlined in RFC6265.
Product: WebKit Reporter: Basuke Suzuki <Basuke.Suzuki>
Component: PlatformAssignee: Basuke Suzuki <Basuke.Suzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, Basuke.Suzuki, chris.reid, commit-queue, darin, ews-watchlist, galpeter, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
PATCH
none
PATCH none

Description Basuke Suzuki 2018-08-15 11:54:51 PDT 
Curl implementation of default cookie path was wrong so that some cookies cannot be accessible. It should be generated as outlined in:
    https://tools.ietf.org/html/rfc6265#section-5.1.4
Comment 1 Basuke Suzuki 2018-08-15 12:17:00 PDT 
Created attachment 347192 [details]
PATCH
Comment 2 Basuke Suzuki 2018-08-15 13:03:00 PDT 
Created attachment 347196 [details]
PATCH
Comment 3 Alex Christensen 2018-08-15 13:07:51 PDT 
Comment on attachment 347196 [details]
PATCH

View in context: https://bugs.webkit.org/attachment.cgi?id=347196&action=review

> Source/WebCore/platform/network/curl/CookieUtil.cpp:189
> +    if (!lastSlashPosition)

notFound
Comment 4 Christopher Reid 2018-08-15 14:16:16 PDT 
(In reply to Alex Christensen from comment #3)
> Comment on attachment 347196 [details]
> PATCH
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=347196&action=review
> 
> > Source/WebCore/platform/network/curl/CookieUtil.cpp:189
> > +    if (!lastSlashPosition)
> 
> notFound

I think this confusion is from the style checker complaining about comparison with 0 and !lastSlashPosition was done to make it happy.
We do actually want to check if the lastSlashPosition is 0 so '/path' returns '/' instead of empty string. We also know that there is always at least one slash in the path string from the condition above.

I think it should be changed to lastSlashPosition == 0 ignoring the style checker.
Comment 5 Alex Christensen 2018-08-15 14:35:59 PDT 
Comment on attachment 347196 [details]
PATCH

View in context: https://bugs.webkit.org/attachment.cgi?id=347196&action=review

>>> Source/WebCore/platform/network/curl/CookieUtil.cpp:189
>>> +    if (!lastSlashPosition)
>> 
>> notFound
> 
> I think this confusion is from the style checker complaining about comparison with 0 and !lastSlashPosition was done to make it happy.
> We do actually want to check if the lastSlashPosition is 0 so '/path' returns '/' instead of empty string. We also know that there is always at least one slash in the path string from the condition above.
> 
> I think it should be changed to lastSlashPosition == 0 ignoring the style checker.

If path is null, reverseFind returns notFound.  We already have a check for that above, so no problem here.
Comment 6 WebKit Commit Bot 2018-08-15 15:03:36 PDT 
Comment on attachment 347196 [details]
PATCH

Clearing flags on attachment: 347196

Committed r234901: <https://trac.webkit.org/changeset/234901>
Comment 7 WebKit Commit Bot 2018-08-15 15:03:37 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 8 Radar WebKit Bug Importer 2018-08-15 15:04:34 PDT 
<rdar://problem/43352196>