Skip to content
Permalink
Browse files
REGRESSION(r228371): WebAutomationSession::deleteAllCookies doesn't d…
…elete some cookies

https://bugs.webkit.org/show_bug.cgi?id=184334
<rdar://problem/39212863>

Reviewed by Timothy Hatcher.

When WebDriver adds a cookie for 'localhost', it actually uses the domain '.localhost' per RFC.
When deleting cookies, we first fetch all cookies matching the document's hostname, and
then delete them one by one. However, this code path does not add the dot prefix. This causes
no cookies to match the requested domain, and thus none of them are deleted.

* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::domainByAddingDotPrefixIfNeeded): Extract this helper method.
(WebKit::WebAutomationSession::addSingleCookie): Use helper method.
(WebKit::WebAutomationSession::deleteAllCookies): Add a dot prefix when
requesting to delete all cookies for a hostname.


Canonical link: https://commits.webkit.org/199941@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230367 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
burg committed Apr 7, 2018
1 parent 88c8170 commit 8adff986dc4848727a89ef1992b1d4da9c288e7c
Showing with 34 additions and 8 deletions.
  1. +19 −0 Source/WebKit/ChangeLog
  2. +15 −8 Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp
@@ -1,3 +1,22 @@
2018-04-06 Brian Burg <bburg@apple.com>

REGRESSION(r228371): WebAutomationSession::deleteAllCookies doesn't delete some cookies
https://bugs.webkit.org/show_bug.cgi?id=184334
<rdar://problem/39212863>

Reviewed by Timothy Hatcher.

When WebDriver adds a cookie for 'localhost', it actually uses the domain '.localhost' per RFC.
When deleting cookies, we first fetch all cookies matching the document's hostname, and
then delete them one by one. However, this code path does not add the dot prefix. This causes
no cookies to match the requested domain, and thus none of them are deleted.

* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::domainByAddingDotPrefixIfNeeded): Extract this helper method.
(WebKit::WebAutomationSession::addSingleCookie): Use helper method.
(WebKit::WebAutomationSession::deleteAllCookies): Add a dot prefix when
requesting to delete all cookies for a hostname.

2018-04-06 Youenn Fablet <youenn@apple.com>

Response headers should be filtered when sent from NetworkProcess to WebProcess
@@ -1207,6 +1207,18 @@ void WebAutomationSession::didDeleteCookie(uint64_t callbackID, const String& er
callback->sendSuccess();
}

static String domainByAddingDotPrefixIfNeeded(String domain)
{
if (domain[0] != '.') {
// RFC 2965: If an explicitly specified value does not start with a dot, the user agent supplies a leading dot.
// Assume that any host that ends with a digit is trying to be an IP address.
if (!WebCore::URL::hostIsIPAddress(domain))
return makeString('.', domain);
}

return domain;
}

void WebAutomationSession::addSingleCookie(const String& browsingContextHandle, const JSON::Object& cookieObject, Ref<AddSingleCookieCallback>&& callback)
{
WebPageProxy* page = webPageProxyForHandle(browsingContextHandle);
@@ -1231,13 +1243,8 @@ void WebAutomationSession::addSingleCookie(const String& browsingContextHandle,
// Inherit the domain/host from the main frame's URL if it is not explicitly set.
if (domain.isEmpty())
domain = activeURL.host();
else if (domain[0] != '.') {
// RFC 2965: If an explicitly specified value does not start with a dot, the user agent supplies a leading dot.
// Assume that any host that ends with a digit is trying to be an IP address.
if (!WebCore::URL::hostIsIPAddress(domain))
domain = makeString('.', domain);
}
cookie.domain = domain;

cookie.domain = domainByAddingDotPrefixIfNeeded(domain);

if (!cookieObject.getString(WTF::ASCIILiteral("path"), cookie.path))
ASYNC_FAIL_WITH_PREDEFINED_ERROR_AND_DETAILS(MissingParameter, "The parameter 'path' was not found.");
@@ -1279,7 +1286,7 @@ void WebAutomationSession::deleteAllCookies(ErrorString& errorString, const Stri
ASSERT(activeURL.isValid());

WebCookieManagerProxy* cookieManager = m_processPool->supplement<WebCookieManagerProxy>();
cookieManager->deleteCookiesForHostname(page->websiteDataStore().sessionID(), activeURL.host());
cookieManager->deleteCookiesForHostname(page->websiteDataStore().sessionID(), domainByAddingDotPrefixIfNeeded(activeURL.host()));
}

void WebAutomationSession::getSessionPermissions(ErrorString&, RefPtr<JSON::ArrayOf<Inspector::Protocol::Automation::SessionPermissionData>>& out_permissions)

0 comments on commit 8adff98

Please sign in to comment.