REGRESSION(r228371): WebAutomationSession::deleteAllCookies doesn't d…

…elete some cookies https://bugs.webkit.org/show_bug.cgi?id=184334 <rdar://problem/39212863> Reviewed by Timothy Hatcher. When WebDriver adds a cookie for 'localhost', it actually uses the domain '.localhost' per RFC. When deleting cookies, we first fetch all cookies matching the document's hostname, and then delete them one by one. However, this code path does not add the dot prefix. This causes no cookies to match the requested domain, and thus none of them are deleted. * UIProcess/Automation/WebAutomationSession.cpp: (WebKit::domainByAddingDotPrefixIfNeeded): Extract this helper method. (WebKit::WebAutomationSession::addSingleCookie): Use helper method. (WebKit::WebAutomationSession::deleteAllCookies): Add a dot prefix when requesting to delete all cookies for a hostname. Canonical link: https://commits.webkit.org/199941@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230367 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Apr 7, 2018 · 8adff986dc4848727a89ef1992b1d4da9c288e7c · 8adff98
1 parent 88c8170
commit 8adff986dc4848727a89ef1992b1d4da9c288e7c
Showing with 34 additions and 8 deletions.

+19 −0 Source/WebKit/ChangeLog

+15 −8 Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,22 @@
+2018-04-06  Brian Burg  <bburg@apple.com>
+
+        REGRESSION(r228371): WebAutomationSession::deleteAllCookies doesn't delete some cookies
+        https://bugs.webkit.org/show_bug.cgi?id=184334
+        <rdar://problem/39212863>
+
+        Reviewed by Timothy Hatcher.
+
+        When WebDriver adds a cookie for 'localhost', it actually uses the domain '.localhost' per RFC.
+        When deleting cookies, we first fetch all cookies matching the document's hostname, and
+        then delete them one by one. However, this code path does not add the dot prefix. This causes
+        no cookies to match the requested domain, and thus none of them are deleted.
+
+        * UIProcess/Automation/WebAutomationSession.cpp:
+        (WebKit::domainByAddingDotPrefixIfNeeded): Extract this helper method.
+        (WebKit::WebAutomationSession::addSingleCookie): Use helper method.
+        (WebKit::WebAutomationSession::deleteAllCookies): Add a dot prefix when
+        requesting to delete all cookies for a hostname.
+
 2018-04-06  Youenn Fablet  <youenn@apple.com>
 
         Response headers should be filtered when sent from NetworkProcess to WebProcess

diff --git a/Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp b/Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp
@@ -1207,6 +1207,18 @@ void WebAutomationSession::didDeleteCookie(uint64_t callbackID, const String& er
     callback->sendSuccess();
 }
 
+static String domainByAddingDotPrefixIfNeeded(String domain)
+{
+    if (domain[0] != '.') {
+        // RFC 2965: If an explicitly specified value does not start with a dot, the user agent supplies a leading dot.
+        // Assume that any host that ends with a digit is trying to be an IP address.
+        if (!WebCore::URL::hostIsIPAddress(domain))
+            return makeString('.', domain);
+    }
+
+    return domain;
+}
+
 void WebAutomationSession::addSingleCookie(const String& browsingContextHandle, const JSON::Object& cookieObject, Ref<AddSingleCookieCallback>&& callback)
 {
     WebPageProxy* page = webPageProxyForHandle(browsingContextHandle);
@@ -1231,13 +1243,8 @@ void WebAutomationSession::addSingleCookie(const String& browsingContextHandle,
     // Inherit the domain/host from the main frame's URL if it is not explicitly set.
     if (domain.isEmpty())
         domain = activeURL.host();
-    else if (domain[0] != '.') {
-        // RFC 2965: If an explicitly specified value does not start with a dot, the user agent supplies a leading dot.
-        // Assume that any host that ends with a digit is trying to be an IP address.
-        if (!WebCore::URL::hostIsIPAddress(domain))
-            domain = makeString('.', domain);
-    }
-    cookie.domain = domain;
+
+    cookie.domain = domainByAddingDotPrefixIfNeeded(domain);
 
     if (!cookieObject.getString(WTF::ASCIILiteral("path"), cookie.path))
         ASYNC_FAIL_WITH_PREDEFINED_ERROR_AND_DETAILS(MissingParameter, "The parameter 'path' was not found.");
@@ -1279,7 +1286,7 @@ void WebAutomationSession::deleteAllCookies(ErrorString& errorString, const Stri
     ASSERT(activeURL.isValid());
 
     WebCookieManagerProxy* cookieManager = m_processPool->supplement<WebCookieManagerProxy>();
-    cookieManager->deleteCookiesForHostname(page->websiteDataStore().sessionID(), activeURL.host());
+    cookieManager->deleteCookiesForHostname(page->websiteDataStore().sessionID(), domainByAddingDotPrefixIfNeeded(activeURL.host()));
 }
 
 void WebAutomationSession::getSessionPermissions(ErrorString&, RefPtr<JSON::ArrayOf<Inspector::Protocol::Automation::SessionPermissionData>>& out_permissions)