navigator.cookieEnabled should return false when cookies are actually…

… blocked

https://bugs.webkit.org/show_bug.cgi?id=267789
rdar://121284878

Reviewed by Chris Dumez.

According to https://html.spec.whatwg.org/multipage/system-state.html#dom-navigator-cookieenabled, cookieEnabled should
return false when cookies cannot be set (i.e. cookies are blocked). However, in our current implementation, when cookies
are blocked, cookieEnabled may return true. This is because WebCookieJar::cookiesEnabled returns true when cookie accept
policy is not never, but WebKit does not rely on cookies accept policy to decide whether cookies should be blocked, see
NetworkStorageSession::shouldBlockCookies, where network process decides whether to block cookies.

Other cookies operations in WebCookieJar send sync messages to network process for answer. To make the result of
cookieEnabled consistent with the other operations, WebCookieJar::cookiesEnabled now also fetches the result from
network process. To avoid performance issues, instead of sending sync message, web process prefetches and cache the
result in Document. The cache is updated on demand, like when document navigates to another URL or when cookie blocking
policy changes.

* LayoutTests/http/tests/resourceLoadStatistics/exemptDomains/managed-domains-cookieEnabled-expected.txt: Added.
* LayoutTests/http/tests/resourceLoadStatistics/exemptDomains/managed-domains-cookieEnabled.html: Added.
* LayoutTests/http/tests/resourceLoadStatistics/resources/managed-domains-cookieEnabled-iframe.html: Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::setCookieURL):
(WebCore::Document::setFirstPartyForCookies):
(WebCore::Document::updateCachedCookiesEnabled):
* Source/WebCore/dom/Document.h:
(WebCore::Document::cachedCookiesEnabled const):
(WebCore::Document::setCachedCookiesEnabled):
(WebCore::Document::setFirstPartyForCookies): Deleted.
* Source/WebCore/loader/CookieJar.cpp:
(WebCore::CookieJar::cookiesEnabled):
(WebCore::CookieJar::remoteCookiesEnabled const):
(WebCore::CookieJar::cookiesEnabled const): Deleted.
* Source/WebCore/loader/CookieJar.h:
* Source/WebCore/platform/network/NetworkStorageSession.cpp:
(WebCore::NetworkStorageSession::setPrevalentDomainsToBlockAndDeleteCookiesFor):
(WebCore::NetworkStorageSession::setPrevalentDomainsToBlockButKeepCookiesFor):
(WebCore::NetworkStorageSession::setDomainsWithUserInteractionAsFirstParty):
(WebCore::NetworkStorageSession::setAppBoundDomains):
(WebCore::NetworkStorageSession::resetAppBoundDomains):
(WebCore::NetworkStorageSession::setManagedDomains):
(WebCore::NetworkStorageSession::resetManagedDomains):
(WebCore::NetworkStorageSession::cookiesEnabled const):
(WebCore::NetworkStorageSession::addCookiesEnabledStateObserver):
(WebCore::NetworkStorageSession::removeCookiesEnabledStateObserver):
(WebCore::NetworkStorageSession::cookieEnabledStateMayHaveChanged):
* Source/WebCore/platform/network/NetworkStorageSession.h:
(WebCore::CookiesEnabledStateObserver::~CookiesEnabledStateObserver):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::~NetworkConnectionToWebProcess):
(WebKit::NetworkConnectionToWebProcess::cookiesEnabledSync):
(WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
(WebKit::NetworkConnectionToWebProcess::cookieEnabledStateMayHaveChanged):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
(WebKit::NetworkConnectionToWebProcess::protectedConnection):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:
(WebKit::NetworkProcessConnection::updateCachedCookiesEnabled):
* Source/WebKit/WebProcess/Network/NetworkProcessConnection.h:
* Source/WebKit/WebProcess/Network/NetworkProcessConnection.messages.in:
* Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp:
(WebKit::WebCookieJar::cookiesEnabled):
(WebKit::WebCookieJar::remoteCookiesEnabledSync const):
(WebKit::WebCookieJar::remoteCookiesEnabled const):
(WebKit::WebCookieJar::cookiesEnabled const): Deleted.
* Source/WebKit/WebProcess/WebPage/WebCookieJar.h:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::setThirdPartyCookieBlockingMode):
(WebKit::WebProcess::updateCachedCookiesEnabled):
* Source/WebKit/WebProcess/WebProcess.h:

Canonical link: https://commits.webkit.org/273522@main

LayoutTests/http/tests/resourceLoadStatistics/exemptDomains/managed-domains-cookieEnabled-expected.txt

@@ -0,0 +1,11 @@
+Tests that navigator.cookieEnabled returns correct value when managed domains are added.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Step 1: navigator.cookieEnabled is false
+Step 2: navigator.cookieEnabled is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/resourceLoadStatistics/exemptDomains/managed-domains-cookieEnabled.html

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <script src="/js-test-resources/js-test.js"></script>
+    <script src="../resources/util.js"></script>
+</head>
+<body>
+<iframe id="iframe" src="http://localhost:8000/resourceLoadStatistics/resources/managed-domains-cookieEnabled-iframe.html" onload="runTest()"></iframe>
+<script>
+    description("Tests that navigator.cookieEnabled returns correct value when managed domains are added.");
+    jsTestIsAsync = true;
+    var iframeElement = document.getElementById("iframe");
+    var currentStep = 1;
+
+    function messageReceived(event) {
+        debug("Step " + currentStep + ": " + event.data);
+        ++currentStep;
+        runTest();
+    }
+
+    function enableFeatures(enabled, callback) {
+        setEnableFeature(enabled, () => {
+            testRunner.setStatisticsShouldBlockThirdPartyCookies(enabled, callback);
+        });
+    }
+
+    function runTest() {
+        switch(currentStep) {
+        case 1:
+            setEnableFeature(true, () => {
+                testRunner.setStatisticsShouldBlockThirdPartyCookies(true, () => {
+                    iframeElement.contentWindow.postMessage("getCookieEnabled", "*");
+                });
+            });
+            break;
+        case 2:
+            testRunner.setManagedDomains([ "http://127.0.0.1:8000" ], () => {
+                iframeElement.contentWindow.postMessage("getCookieEnabled", "*");
+            });
+            break;
+        case 3:
+            testRunner.setStatisticsShouldBlockThirdPartyCookies(true, () => {
+                setEnableFeature(false, finishJSTest);
+            });
+        }
+    }
+
+    addEventListener("message", messageReceived);
+</script>
+</body>
+</html>

LayoutTests/http/tests/resourceLoadStatistics/resources/managed-domains-cookieEnabled-iframe.html

@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<script>
+    addEventListener("message", () => {
+        parent.postMessage("navigator.cookieEnabled is " + navigator.cookieEnabled, "*");
+    });
+</script>
+</html>

Source/WebCore/dom/Document.cpp

@@ -6342,8 +6342,33 @@ void Document::setCookieURL(const URL& url)
 {
     if (m_cookieURL == url)
         return;
+
     m_cookieURL = url;
     invalidateDOMCookieCache();
+    updateCachedCookiesEnabled();
+}
+
+void Document::setFirstPartyForCookies(const URL& url)
+{
+    if (m_firstPartyForCookies == url)
+        return;
+
+    m_firstPartyForCookies = url;
+    updateCachedCookiesEnabled();
+}
+
+void Document::updateCachedCookiesEnabled()
+{
+    RefPtr page = this->page();
+    if (!page || !page->settings().cookieEnabled() || canAccessResource(ScriptExecutionContext::ResourceType::Cookies) == ScriptExecutionContext::HasResourceAccess::No) {
+        setCachedCookiesEnabled(false);
+        return;
+    }
+
+    page->cookieJar().remoteCookiesEnabled(*this, [weakDocument = WeakPtr { *this }](bool enabled) mutable {
+        if (RefPtr document = weakDocument.get())
+            document->setCachedCookiesEnabled(enabled);
+    });
 }
 
 static bool isValidNameNonASCII(const LChar* characters, unsigned length)

Source/WebCore/dom/Document.h

@@ -1133,7 +1133,10 @@ class Document
     //       domain.
     //
     const URL& firstPartyForCookies() const { return m_firstPartyForCookies; }
-    void setFirstPartyForCookies(const URL& url) { m_firstPartyForCookies = url; }
+    void setFirstPartyForCookies(const URL&);
+    std::optional<bool> cachedCookiesEnabled() const { return m_cachedCookiesEnabled; }
+    void setCachedCookiesEnabled(bool enabled) { m_cachedCookiesEnabled = enabled; }
+    WEBCORE_EXPORT void updateCachedCookiesEnabled();
 
     WEBCORE_EXPORT bool isFullyActive() const;
 
@@ -2568,6 +2571,7 @@ class Document
     RefPtr<ResizeObserver> m_resizeObserverForContainIntrinsicSize;
 
     const std::optional<FrameIdentifier> m_frameIdentifier;
+    std::optional<bool> m_cachedCookiesEnabled;
 };
 
 Element* eventTargetElementForDocument(Document*);

Source/WebCore/loader/CookieJar.cpp

@@ -132,15 +132,29 @@ void CookieJar::setCookies(Document& document, const URL& url, const String& coo
         ASSERT_NOT_REACHED();
 }
 
-bool CookieJar::cookiesEnabled(const Document&) const
+bool CookieJar::cookiesEnabled(Document& document)
 {
+    auto cookieURL = document.cookieURL();
+    if (cookieURL.isEmpty())
+        return false;
+
+    auto pageID = document.pageID();
+    std::optional<FrameIdentifier> frameID;
+    if (auto* frame = document.frame())
+        frameID = frame->loader().frameID();
+
     if (auto* session = m_storageSessionProvider->storageSession())
-        return session->cookieAcceptPolicy() != HTTPCookieAcceptPolicy::Never;
+        return session->cookiesEnabled(document.firstPartyForCookies(), cookieURL, frameID, pageID, shouldRelaxThirdPartyCookieBlocking(document));
 
     ASSERT_NOT_REACHED();
     return false;
 }
 
+void CookieJar::remoteCookiesEnabled(const Document&, CompletionHandler<void(bool)>&& completionHandler) const
+{
+    completionHandler(false);
+}
+
 std::pair<String, SecureCookiesAccessed> CookieJar::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies) const
 {
     if (auto* session = m_storageSessionProvider->storageSession()) {

Source/WebCore/loader/CookieJar.h

@@ -59,7 +59,8 @@ class WEBCORE_EXPORT CookieJar : public RefCounted<CookieJar>, public CanMakeWea
     virtual String cookies(Document&, const URL&) const;
     virtual void setCookies(Document&, const URL&, const String& cookieString);
 
-    virtual bool cookiesEnabled(const Document&) const;
+    virtual bool cookiesEnabled(Document&);
+    virtual void remoteCookiesEnabled(const Document&, CompletionHandler<void(bool)>&&) const;
     virtual std::pair<String, SecureCookiesAccessed> cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo&, const URL&, std::optional<FrameIdentifier>, std::optional<PageIdentifier>, IncludeSecureCookies) const;
     virtual bool getRawCookies(const Document&, const URL&, Vector<Cookie>&) const;
     virtual void setRawCookie(const Document&, const Cookie&);

Source/WebCore/platform/network/NetworkStorageSession.cpp

@@ -210,18 +210,24 @@ void NetworkStorageSession::setPrevalentDomainsToBlockAndDeleteCookiesFor(const
 {
     m_registrableDomainsToBlockAndDeleteCookiesFor.clear();
     m_registrableDomainsToBlockAndDeleteCookiesFor.add(domains.begin(), domains.end());
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::OnlyAccordingToPerDomainPolicy)
+        cookieEnabledStateMayHaveChanged();
 }
 
 void NetworkStorageSession::setPrevalentDomainsToBlockButKeepCookiesFor(const Vector<RegistrableDomain>& domains)
 {
     m_registrableDomainsToBlockButKeepCookiesFor.clear();
     m_registrableDomainsToBlockButKeepCookiesFor.add(domains.begin(), domains.end());
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::OnlyAccordingToPerDomainPolicy)
+        cookieEnabledStateMayHaveChanged();
 }
 
 void NetworkStorageSession::setDomainsWithUserInteractionAsFirstParty(const Vector<RegistrableDomain>& domains)
 {
     m_registrableDomainsWithUserInteractionAsFirstParty.clear();
     m_registrableDomainsWithUserInteractionAsFirstParty.add(domains.begin(), domains.end());
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::AllOnSitesWithoutUserInteraction)
+        cookieEnabledStateMayHaveChanged();
 }
 
 void NetworkStorageSession::setDomainsWithCrossPageStorageAccess(const HashMap<TopFrameDomain, SubResourceDomain>& domains)
@@ -373,23 +379,31 @@ void NetworkStorageSession::setThirdPartyCookieBlockingMode(ThirdPartyCookieBloc
 void NetworkStorageSession::setAppBoundDomains(HashSet<RegistrableDomain>&& domains)
 {
     m_appBoundDomains = WTFMove(domains);
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::AllExceptBetweenAppBoundDomains)
+        cookieEnabledStateMayHaveChanged();
 }
 
 void NetworkStorageSession::resetAppBoundDomains()
 {
     m_appBoundDomains.clear();
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::AllExceptBetweenAppBoundDomains)
+        cookieEnabledStateMayHaveChanged();
 }
 #endif
 
 #if ENABLE(MANAGED_DOMAINS)
 void NetworkStorageSession::setManagedDomains(HashSet<RegistrableDomain>&& domains)
 {
     m_managedDomains = WTFMove(domains);
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::AllExceptManagedDomains)
+        cookieEnabledStateMayHaveChanged();
 }
 
 void NetworkStorageSession::resetManagedDomains()
 {
     m_managedDomains.clear();
+    if (m_thirdPartyCookieBlockingMode == ThirdPartyCookieBlockingMode::AllExceptManagedDomains)
+        cookieEnabledStateMayHaveChanged();
 }
 #endif
 
@@ -519,4 +533,25 @@ void NetworkStorageSession::deleteCookies(const ClientOrigin& origin, Completion
 }
 #endif
 
+bool NetworkStorageSession::cookiesEnabled(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) const
+{
+    return !shouldBlockCookies(firstParty, url, frameID, pageID, shouldRelaxThirdPartyCookieBlocking);
+}
+
+void NetworkStorageSession::addCookiesEnabledStateObserver(CookiesEnabledStateObserver& observer)
+{
+    m_cookiesEnabledStateObservers.add(observer);
+}
+
+void NetworkStorageSession::removeCookiesEnabledStateObserver(CookiesEnabledStateObserver& observer)
+{
+    m_cookiesEnabledStateObservers.remove(observer);
+}
+
+void NetworkStorageSession::cookieEnabledStateMayHaveChanged()
+{
+    for (auto& observer : m_cookiesEnabledStateObservers)
+        observer.cookieEnabledStateMayHaveChanged();
+}
+
 }

Source/WebCore/platform/network/NetworkStorageSession.h

@@ -40,6 +40,7 @@
 #include <wtf/RobinHoodHashMap.h>
 #include <wtf/Vector.h>
 #include <wtf/WallTime.h>
+#include <wtf/WeakHashSet.h>
 #include <wtf/WeakPtr.h>
 #include <wtf/text/WTFString.h>
 
@@ -101,6 +102,12 @@ class CookieChangeObserver : public CanMakeCheckedPtr {
 };
 #endif
 
+class CookiesEnabledStateObserver : public CanMakeWeakPtr<CookiesEnabledStateObserver> {
+public:
+    virtual ~CookiesEnabledStateObserver() { }
+    virtual void cookieEnabledStateMayHaveChanged() = 0;
+};
+
 class NetworkStorageSession : public CanMakeWeakPtr<NetworkStorageSession> {
     WTF_MAKE_NONCOPYABLE(NetworkStorageSession); WTF_MAKE_FAST_ALLOCATED;
 public:
@@ -181,13 +188,17 @@ class NetworkStorageSession : public CanMakeWeakPtr<NetworkStorageSession> {
     WEBCORE_EXPORT std::optional<Vector<Cookie>> cookiesForDOMAsVector(const URL& firstParty, const SameSiteInfo&, const URL&, std::optional<FrameIdentifier>, std::optional<PageIdentifier>, IncludeSecureCookies, ApplyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking, CookieStoreGetOptions&&) const;
     WEBCORE_EXPORT std::pair<String, bool> cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo&, const URL&, std::optional<FrameIdentifier>, std::optional<PageIdentifier>, IncludeSecureCookies, ApplyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking) const;
     WEBCORE_EXPORT std::pair<String, bool> cookieRequestHeaderFieldValue(const CookieRequestHeaderFieldProxy&) const;
+    WEBCORE_EXPORT bool cookiesEnabled(const URL& firstParty, const URL&, std::optional<FrameIdentifier>, std::optional<PageIdentifier>, ShouldRelaxThirdPartyCookieBlocking) const;
 
     WEBCORE_EXPORT Vector<Cookie> domCookiesForHost(const String& host);
 
 #if HAVE(COOKIE_CHANGE_LISTENER_API)
     WEBCORE_EXPORT void startListeningForCookieChangeNotifications(CookieChangeObserver&, const String& host);
     WEBCORE_EXPORT void stopListeningForCookieChangeNotifications(CookieChangeObserver&, const HashSet<String>& hosts);
 #endif
+    WEBCORE_EXPORT void addCookiesEnabledStateObserver(CookiesEnabledStateObserver&);
+    WEBCORE_EXPORT void removeCookiesEnabledStateObserver(CookiesEnabledStateObserver&);
+    void cookieEnabledStateMayHaveChanged();
 
     WEBCORE_EXPORT void setTrackingPreventionEnabled(bool);
     WEBCORE_EXPORT bool trackingPreventionEnabled() const;
@@ -281,6 +292,7 @@ class NetworkStorageSession : public CanMakeWeakPtr<NetworkStorageSession> {
     RetainPtr<NSMutableSet> m_subscribedDomainsForCookieChanges;
     MemoryCompactRobinHoodHashMap<String, HashSet<CheckedPtr<CookieChangeObserver>>> m_cookieChangeObservers;
 #endif
+    WeakHashSet<CookiesEnabledStateObserver> m_cookiesEnabledStateObservers;
 
     CredentialStorage m_credentialStorage;
 

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

@@ -190,6 +190,8 @@ NetworkConnectionToWebProcess::~NetworkConnectionToWebProcess()
     if (auto* networkStorageSession = storageSession())
         networkStorageSession->stopListeningForCookieChangeNotifications(*this, m_hostsWithCookieListeners);
 #endif
+    if (auto* networkStorageSession = storageSession())
+        networkStorageSession->removeCookiesEnabledStateObserver(*this);
 
 #if USE(LIBWEBRTC)
     if (m_rtcProvider)
@@ -786,6 +788,25 @@ void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, con
 #endif
 }
 
+void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
+{
+    cookiesEnabled(firstParty, url, frameID, pageID, shouldRelaxThirdPartyCookieBlocking, WTFMove(completionHandler));
+}
+
+void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
+{
+    NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false));
+
+    auto* networkStorageSession = storageSession();
+    if (!networkStorageSession) {
+        completionHandler(false);
+        return;
+    }
+
+    networkStorageSession->addCookiesEnabledStateObserver(*this);
+    completionHandler(networkStorageSession->cookiesEnabled(firstParty, url, frameID, pageID, shouldRelaxThirdPartyCookieBlocking));
+}
+
 void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String, bool)>&& completionHandler)
 {
     NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
@@ -911,6 +932,11 @@ void NetworkConnectionToWebProcess::allCookiesDeleted()
 
 #endif
 
+void NetworkConnectionToWebProcess::cookieEnabledStateMayHaveChanged()
+{
+    protectedConnection()->send(Messages::NetworkProcessConnection::UpdateCachedCookiesEnabled(), 0);
+}
+
 void NetworkConnectionToWebProcess::registerInternalFileBlobURL(const URL& url, const String& path, const String& replacementPath, SandboxExtension::Handle&& extensionHandle, const String& contentType)
 {
     NETWORK_PROCESS_MESSAGE_CHECK(!url.isEmpty());

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h

@@ -125,8 +125,12 @@ class NetworkConnectionToWebProcess
 #if HAVE(COOKIE_CHANGE_LISTENER_API)
     , public WebCore::CookieChangeObserver
 #endif
+    , public WebCore::CookiesEnabledStateObserver
     , public IPC::Connection::Client {
 public:
+    using MessageReceiver::weakPtrFactory;
+    using MessageReceiver::WeakValueType;
+    using MessageReceiver::WeakPtrImplType;
     using RegistrableDomain = WebCore::RegistrableDomain;
 
     static Ref<NetworkConnectionToWebProcess> create(NetworkProcess&, WebCore::ProcessIdentifier, PAL::SessionID, NetworkProcessConnectionParameters&&, IPC::Connection::Identifier);
@@ -269,6 +273,8 @@ class NetworkConnectionToWebProcess
     void getRawCookies(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::ApplyTrackingPrevention, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&&);
     void setRawCookie(const WebCore::Cookie&);
     void deleteCookie(const URL&, const String& cookieName, CompletionHandler<void()>&&);
+    void cookiesEnabledSync(const URL& firstParty, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool enabled)>&&);
+    void cookiesEnabled(const URL& firstParty, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool enabled)>&&);
 
     void cookiesForDOMAsync(const URL&, const WebCore::SameSiteInfo&, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::IncludeSecureCookies, WebCore::ApplyTrackingPrevention, WebCore::ShouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&&, CompletionHandler<void(std::optional<Vector<WebCore::Cookie>>&&)>&&);
     void setCookieFromDOMAsync(const URL&, const WebCore::SameSiteInfo&, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::ApplyTrackingPrevention, WebCore::Cookie&&, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&&);
@@ -358,6 +364,8 @@ class NetworkConnectionToWebProcess
     void cookiesDeleted(const String& host, const Vector<WebCore::Cookie>&) final;
     void allCookiesDeleted() final;
 #endif
+    // WebCore::CookiesEnabledStateObserver
+    void cookieEnabledStateMayHaveChanged() final;
 
 #if ENABLE(DECLARATIVE_WEB_PUSH)
     void navigatorSubscribeToPushService(URL&& scopeURL, Vector<uint8_t>&& applicationServerKey, CompletionHandler<void(Expected<WebCore::PushSubscriptionData, WebCore::ExceptionData>&&)>&&);
@@ -420,6 +428,7 @@ class NetworkConnectionToWebProcess
     void paymentCoordinatorAddMessageReceiver(WebPaymentCoordinatorProxy&, IPC::ReceiverName, IPC::MessageReceiver&) final;
     void paymentCoordinatorRemoveMessageReceiver(WebPaymentCoordinatorProxy&, IPC::ReceiverName) final;
 #endif
+    Ref<IPC::Connection> protectedConnection() { return m_connection; }
 
     Ref<IPC::Connection> m_connection;
     Ref<NetworkProcess> m_networkProcess;