Cherry-pick f7bf409. rdar://115081644

Add a quirk for accounts.google.com for the third party IP cookie expiry capping heuristic https://bugs.webkit.org/show_bug.cgi?id=262062 rdar://115081644 Reviewed by John Wilander and Charlie Wolfe. This patch: 1. Adds a quirk to avoid treating requests to `accounts.google.com` as being from a third party IP *only under google.com*, for the purposes of applying 7-day expiry restrictions on incoming cookies. 2. Contains various cleanup around the `NetworkTaskCocoa.mm` file: - Add a missing `namespace WebKit` around the implementation file, and moves the existing `using namespace WebCore` behind the WebKit namespace. - Add missing source includes (which are currently not necessary, due to unified sources). - Consistently use `#import` throughout this Cocoa-specific header and implementation file. * Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h: * Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm: (WebKit::NetworkTaskCocoa::applyCookiePolicyForThirdPartyCloaking): Add the quirk; note that we only need to check the host of the requested URL here, because we only get to this codepath in the case where the request is already a first party subdomain of google.com. (computeIsAlwaysOnLoggingAllowed): Deleted. (NetworkTaskCocoa::NetworkTaskCocoa): Deleted. (shouldCapCookieExpiryForThirdPartyIPAddress): Deleted. (NetworkTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const): Deleted. (NetworkTaskCocoa::statelessCookieStorage): Deleted. (NetworkTaskCocoa::lastRemoteIPAddress): Deleted. (NetworkTaskCocoa::lastCNAMEDomain): Deleted. (NetworkTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk const): Deleted. (NetworkTaskCocoa::applyCookiePolicyForThirdPartyCloaking): Deleted. (NetworkTaskCocoa::blockCookies): Deleted. (NetworkTaskCocoa::unblockCookies): Deleted. (NetworkTaskCocoa::updateTaskWithFirstPartyForSameSiteCookies): Deleted. (NetworkTaskCocoa::willPerformHTTPRedirection): Deleted. Canonical link: https://commits.webkit.org/268423@main Identifier: 265870.601@safari-7616.2.9.10-branch
WebKit · Sep 28, 2023 · 770aa95 · 770aa95
1 parent fc339e3
commit 770aa95
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 9 deletions.
diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h b/Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h
@@ -25,12 +25,12 @@
 
 #pragma once
 
-#include "NetworkDataTask.h"
-#include <WebCore/FrameIdentifier.h>
-#include <WebCore/PageIdentifier.h>
-#include <WebCore/ResourceRequest.h>
-#include <WebCore/ResourceResponse.h>
-#include <WebCore/ShouldRelaxThirdPartyCookieBlocking.h>
+#import "NetworkDataTask.h"
+#import <WebCore/FrameIdentifier.h>
+#import <WebCore/PageIdentifier.h>
+#import <WebCore/ResourceRequest.h>
+#import <WebCore/ResourceResponse.h>
+#import <WebCore/ShouldRelaxThirdPartyCookieBlocking.h>
 
 OBJC_CLASS NSArray;
 OBJC_CLASS NSString;

diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm
@@ -24,8 +24,19 @@
  */
 
 #import "config.h"
-#include "NetworkTaskCocoa.h"
-
+#import "NetworkTaskCocoa.h"
+
+#import "Logging.h"
+#import "NetworkProcess.h"
+#import "NetworkSession.h"
+#import <WebCore/DNS.h>
+#import <WebCore/NetworkStorageSession.h>
+#import <WebCore/RegistrableDomain.h>
+#import <pal/spi/cf/CFNetworkSPI.h>
+#import <wtf/BlockPtr.h>
+#import <wtf/WeakObjCPtr.h>
+
+namespace WebKit {
 using namespace WebCore;
 
 static inline bool computeIsAlwaysOnLoggingAllowed(NetworkSession& session)
@@ -155,7 +166,14 @@ static bool shouldCapCookieExpiryForThirdPartyIPAddress(const WebCore::IPAddress
             if (!remoteAddress)
                 return cookiesSetInResponse;
 
-            if (shouldCapCookieExpiryForThirdPartyIPAddress(*remoteAddress, *firstPartyAddress)) {
+            auto needsThirdPartyIPAddressQuirk = [] (const URL& requestURL) {
+                // We only apply this quirk if we're already on google.com; otherwise, we would've
+                // already bailed at the top of this method, due to the request being third party.
+                // Note that this only applies to "accounts.google.com" (excluding subdomains).
+                return requestURL.host() == "accounts.google.com"_s;
+            };
+
+            if (shouldCapCookieExpiryForThirdPartyIPAddress(*remoteAddress, *firstPartyAddress) && !needsThirdPartyIPAddressQuirk(requestURL)) {
                 cookiesSetInResponse = cookiesByCappingExpiry(cookiesSetInResponse, ageCapForCNAMECloakedCookies);
                 if (debugLoggingEnabled) {
                     for (NSHTTPCookie *cookie in cookiesSetInResponse)
@@ -246,3 +264,5 @@ static bool shouldCapCookieExpiryForThirdPartyIPAddress(const WebCore::IPAddress
     updateTaskWithFirstPartyForSameSiteCookies(task(), request);
     completionHandler(WTFMove(request));
 }
+
+} // namespace WebKit