Apply cookie policy on WebSocket request

https://bugs.webkit.org/show_bug.cgi?id=254220
rdar://106831525

Reviewed by Alex Christensen.

WebKit's cookie policy was not correctly applied in the WebSocket handshake. In
this patch we now use the same logic in WebSocket requests as we already used
in HTTP requests. This policy is applied during HTTP redirects, as well. The
shared logic is moved into a new common base class that is shared by
WebSocketTasks and DataTasks.

Covered by new Layout and API tests.

* LayoutTests/http/tests/resources/redirect.py:
(set_cookie):
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party_wsh.py: Added.
(HeaderCache):
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
* LayoutTests/platform/gtk/TestExpectations:
* LayoutTests/platform/mac-wk1/TestExpectations:
Add new tests.

* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::createWebSocketTask):
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/NetworkProcess/NetworkSocketChannel.cpp:
(WebKit::NetworkSocketChannel::create):
(WebKit::NetworkSocketChannel::NetworkSocketChannel):
(WebKit::NetworkSocketChannel::session const):
(WebKit::NetworkSocketChannel::session): Deleted.
* Source/WebKit/NetworkProcess/NetworkSocketChannel.h:
Generally, plumb some required information down in to the Network Process for making policy decisions.

* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):
(WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::task const):
(WebKit::lastRemoteIPAddress): Deleted.
(WebKit::NetworkDataTaskCocoa::statelessCookieStorage): Deleted.
(WebKit::lastCNAMEDomain): Deleted.
(WebKit::NetworkDataTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const): Deleted.
(): Deleted.
(WebKit::shouldCapCookieExpiryForThirdPartyIPAddress): Deleted.
(WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCloaking): Deleted.
(WebKit::NetworkDataTaskCocoa::blockCookies): Deleted.
(WebKit::NetworkDataTaskCocoa::unblockCookies): Deleted.
(WebKit::NetworkDataTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk const): Deleted.
(WebKit::updateTaskWithFirstPartyForSameSiteCookies): Deleted.
(WebKit::computeIsAlwaysOnLoggingAllowed): Deleted.
(WebKit::NetworkDataTaskCocoa::isAlwaysOnLoggingAllowed const): Deleted.
These deleted functions are moved into the NetworkTaskCocoa class.

* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate existingWebSocketTask:]):
(WebKit::NetworkSessionCocoa::continueDidReceiveChallenge):
(WebKit::NetworkSessionCocoa::createWebSocketTask):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h: Added.
(WebKit::NetworkTaskCocoa::shouldRelaxThirdPartyCookieBlocking const):
(WebKit::NetworkTaskCocoa::isAlwaysOnLoggingAllowed const):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm: Added.
(computeIsAlwaysOnLoggingAllowed):
(NetworkTaskCocoa::NetworkTaskCocoa):
(shouldCapCookieExpiryForThirdPartyIPAddress):
(NetworkTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const):
(NetworkTaskCocoa::statelessCookieStorage):
(NetworkTaskCocoa::lastRemoteIPAddress):
(NetworkTaskCocoa::lastCNAMEDomain):
(NetworkTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk const):
(NetworkTaskCocoa::applyCookiePolicyForThirdPartyCloaking):
(NetworkTaskCocoa::blockCookies):
(NetworkTaskCocoa::unblockCookies):
(NetworkTaskCocoa::updateTaskWithFirstPartyForSameSiteCookies):
(NetworkTaskCocoa::willPerformHTTPRedirection):
New common base class for NetworkDataTaskCocoa and WebSocketTaskCocoa.

* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h:
(WebKit::WebSocketTask::webProxyPageID const):
(WebKit::WebSocketTask::pageID const): Deleted.
* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:
(WebKit::WebSocketTask::WebSocketTask):
(WebKit::WebSocketTask::task const):
(WebKit::WebSocketTask::~WebSocketTask): Deleted.
* Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.cpp:
(WebKit::NetworkSessionCurl::createWebSocketTask):
* Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.h:
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp:
(WebKit::NetworkSessionSoup::createWebSocketTask):
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.h:
* Source/WebKit/SourcesCocoa.txt:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/Network/WebSocketChannel.cpp:
(WebKit::WebSocketChannel::connect):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm:
(TEST):

Originally-landed-as: 259548.477@safari-7615-branch (a5d38dc). rdar://106831525
Canonical link: https://commits.webkit.org/264753@main

LayoutTests/http/tests/resources/redirect.py

@@ -14,6 +14,10 @@ def add_cache_control(allow_cache):
         sys.stdout.write('Cache-Control: no-store\r\n\r\n')
 
 
+def set_cookie(cookies):
+    for cookie in cookies:
+        sys.stdout.write('Set-Cookie: {}\r\n'.format(cookie.replace(':', '=')))
+
 query = {}
 for key_value in os.environ.get('QUERY_STRING', '').split('&'):
     arr = key_value.split('=')
@@ -30,6 +34,7 @@ def add_cache_control(allow_cache):
 code = int(query.get('code', [302])[0])
 refresh = query.get('refresh', [None])[0]
 url = query.get('url', [''])[0]
+cookies = query.get('cookie', [''])
 
 sys.stdout.write('Content-Type: text/html\r\n')
 
@@ -39,6 +44,7 @@ def add_cache_control(allow_cache):
         'Refresh: {}; url={}\r\n'.format(refresh, url)
     )
 
+    set_cookie(cookies)
     add_cache_control(allow_cache)
     sys.exit(0)
 
@@ -47,4 +53,5 @@ def add_cache_control(allow_cache):
     'Location: {}\r\n'.format(code, url)
 )
 
+set_cookie(cookies)
 add_cache_control(allow_cache)

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect-expected.txt

@@ -0,0 +1,15 @@
+Tests WebSocket cookie behavior for third-parties with existing cookies.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS  is undefined.
+PASS document.location.host is "127.0.0.1:8000"
+
+Sending third-party cookie through cross-origin WebSocket handshake is blocked.
+Created a socket to 'ws://localhost:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party'; readyState 0.
+PASS Connection was allowed (request did not contain cookies).
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html

@@ -0,0 +1,70 @@
+<!DOCTYPE HTML><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+    <script src="../../../../js-test-resources/js-test.js"></script>
+    <script src="../../../cookies/resources/cookie-utilities.js"></script>
+    <script>
+        window.jsTestIsAsync = true;
+
+        async function testGetCookie()
+        {
+            debug("<br>Opening socket to check its cookies.");
+            let ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party");
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+
+            ws.onopen = (e) => {
+                debug(`Connection opened`);
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was unexpectedly rejected. ${e}`);
+                finishJSTest();
+            };
+            ws.onmessage = (message) => {
+                debug(`Received headers: ${message.data}`);
+                finishJSTest();
+            };
+        }
+
+        async function testThirdPartyCookie()
+        {
+            shouldBeEqualToString("document.location.host", "127.0.0.1:8000");
+            debug("<br>Sending third-party cookie through cross-origin WebSocket handshake is blocked.");
+            let ws = new WebSocket("ws://localhost:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party");
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+            ws.onopen = () => {
+                ws.close();
+                testPassed("Connection was allowed (request did not contain cookies).");
+                finishJSTest();
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was rejected (request did contained cookies).`);
+                testGetCookie();
+            };
+        }
+
+        async function runTest()
+        {
+            switch (document.location.hash) {
+                case "":
+                    // Navigate to localhost to set first-party cookie 'setAsFirstParty'.
+                    document.location.href = "http://localhost:8000/resources/redirect.py?cookie=" + encodeURIComponent("setAsFirstPartyHTTP=value") + "&url=" + encodeURIComponent("http://127.0.0.1:8000/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html#didSetCookieAsFirstParty");
+                    break;
+                case "#didSetCookieAsFirstParty":
+                    shouldBeUndefined(document.cookie);
+                    await testThirdPartyCookie();
+                    break;
+            }
+        }
+    </script>
+</head>
+<body>
+<div id="output"></div>
+<script>
+    description("Tests WebSocket cookie behavior for third-parties with existing cookies.");
+    if (window.testRunner && testRunner.setStatisticsShouldBlockThirdPartyCookies)
+        testRunner.setStatisticsShouldBlockThirdPartyCookies(true, runTest);
+    else
+        runTest();
+</script>
+</body>
+</html>

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect-expected.txt

@@ -0,0 +1,19 @@
+Tests WebSocket cookie behavior for third-parties with existing cookies.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.location.host is "127.0.0.1:8000"
+
+Setting first-party cookie and sending through cross-origin WebSocket handshake is blocked.
+Created a socket to 'ws://127.0.0.1:8000/resources/redirect.py?cookie=setAsFirstPartyHTTP%3Dvalue&url=ws%3A%2F%2Flocalhost%3A8880%2Fwebsocket%2Ftests%2Fhybi%2Fwebsocket-blocked-sending-cookie-as-third-party'; readyState 0.
+PASS Connection was allowed (request did not contain cookies).
+PASS document.location.host is "127.0.0.1:8000"
+
+Setting and sending third-party cookie through cross-origin WebSocket handshake is blocked.
+Created a socket to 'ws://localhost:8000/resources/redirect.py?cookie=setAsThirdPartyHTTP%3Dvalue&url=ws%3A%2F%2Flocalhost%3A8880%2Fwebsocket%2Ftests%2Fhybi%2Fwebsocket-blocked-sending-cookie-as-third-party'; readyState 0.
+PASS Connection was allowed (request did not contain cookies).
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html

@@ -0,0 +1,72 @@
+<!DOCTYPE HTML><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+    <script src="../../../../js-test-resources/js-test.js"></script>
+    <script>
+        window.jsTestIsAsync = true;
+
+        async function testGetCookie()
+        {
+            debug("<br>Opening socket to check its cookies.");
+            let ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party");
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+
+            ws.onopen = (e) => {
+                debug(`Connection opened`);
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was unexpectedly rejected. ${e}`);
+                finishJSTest();
+            };
+            ws.onmessage = (message) => {
+                debug(`Received headers: ${message.data}`);
+                finishJSTest();
+            };
+        }
+
+        async function testFirstPartyCookie()
+        {
+            shouldBeEqualToString("document.location.host", "127.0.0.1:8000");
+            debug("<br>Setting first-party cookie and sending through cross-origin WebSocket handshake is blocked.");
+            let ws = new WebSocket("ws://127.0.0.1:8000/resources/redirect.py?cookie=" + encodeURIComponent("setAsFirstPartyHTTP=value") + "&url=" + encodeURIComponent("ws://localhost:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party"));
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+            ws.onopen = () => {
+                ws.close();
+                testPassed("Connection was allowed (request did not contain cookies).");
+                testThirdPartyCookie();
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was rejected (request did contained cookies).`);
+                testGetCookie();
+            };
+        }
+
+        async function testThirdPartyCookie()
+        {
+            shouldBeEqualToString("document.location.host", "127.0.0.1:8000");
+            debug("<br>Setting and sending third-party cookie through cross-origin WebSocket handshake is blocked.");
+            let ws = new WebSocket("ws://localhost:8000/resources/redirect.py?cookie=" + encodeURIComponent("setAsThirdPartyHTTP=value") + "&url=" + encodeURIComponent("ws://localhost:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party"));
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+            ws.onopen = () => {
+                ws.close();
+                testPassed("Connection was allowed (request did not contain cookies).");
+                finishJSTest();
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was rejected (request did contained cookies).`);
+                testGetCookie();
+            };
+        }
+    </script>
+</head>
+<body>
+<div id="output"></div>
+<script>
+    description("Tests WebSocket cookie behavior for third-parties with existing cookies.");
+    if (window.testRunner && testRunner.setStatisticsShouldBlockThirdPartyCookies)
+        testRunner.setStatisticsShouldBlockThirdPartyCookies(true, testFirstPartyCookie);
+    else
+        testFirstPartyCookie();
+</script>
+</body>
+</html>

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-expected.txt

@@ -0,0 +1,15 @@
+Tests WebSocket cookie behavior for third-parties with existing cookies.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS  is undefined.
+PASS document.location.host is "127.0.0.1:8000"
+
+Sending third-party cookie through cross-origin WebSocket handshake is blocked.
+Created a socket to 'ws://localhost:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party'; readyState 0.
+PASS Connection was allowed (request did not contain cookies).
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html

@@ -0,0 +1,85 @@
+<!DOCTYPE HTML><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+    <script src="../../../../js-test-resources/js-test.js"></script>
+    <script src="../../../cookies/resources/cookie-utilities.js"></script>
+    <script>
+        window.jsTestIsAsync = true;
+
+        async function testGetCookie()
+        {
+            debug("<br>Opening socket to check its cookies.");
+            let ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party");
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+
+            ws.onopen = (e) => {
+                debug(`Connection opened`);
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was unexpectedly rejected. ${e}`);
+                finishJSTest();
+            };
+            ws.onmessage = (message) => {
+                debug(`Received headers: ${message.data}`);
+                finishJSTest();
+            };
+        }
+
+        async function testThirdPartyCookie()
+        {
+            shouldBeEqualToString("document.location.host", "127.0.0.1:8000");
+            debug("<br>Sending third-party cookie through cross-origin WebSocket handshake is blocked.");
+            let ws = new WebSocket("ws://localhost:8880/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party");
+            debug("Created a socket to '" + ws.url + "'; readyState " + ws.readyState + ".");
+            ws.onopen = () => {
+                ws.close();
+                testPassed("Connection was allowed (request did not contain cookies).");
+                finishJSTest();
+            };
+            ws.onerror = (e) => {
+                testFailed(`Connection was rejected (request contained cookies).`);
+                testGetCookie();
+            };
+        }
+
+        async function runTest()
+        {
+            switch (document.location.hash) {
+                case "":
+                    // Navigate to localhost to set first-party cookie 'setAsFirstParty'.
+                    await setCookie("setAsFirstPartyHTTPLoopback", "value");
+                    document.location.href = "http://localhost:8000/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html#setCookieAsFirstParty";
+                    break;
+                case "#setCookieAsFirstParty":
+                    await setCookie("setAsFirstPartyHTTP", "value");
+                    await setCookie("setAsFirstPartyHTTPHTTPOnly", "value", "HTTPOnly");
+                    await setCookie("setAsFirstPartyHTTPSameSiteNone", "value", {"SameSite": "None"});
+                    await setCookie("setAsFirstPartyHTTPSameSiteLax", "value", {"SameSite": "Lax" });
+                    await setCookie("setAsFirstPartyHTTPSameSiteStrict", "value", {"SameSite": "Strict" });
+                    document.cookie = "setAsFirstPartyJS=value";
+                    document.cookie = "setAsFirstPartyJSHTTPOnly=value;HTTPOnly";
+                    document.cookie = "setAsFirstPartyJSSameSiteNone=value;SameSite=None";
+                    document.cookie = "setAsFirstPartyJSSameSiteLax=value;SameSite=Lax";
+                    document.cookie = "setAsFirstPartyJSSameSiteStrict=value;SameSite=Strict";
+
+                    document.location.href = "http://127.0.0.1:8000/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html#didSetCookieAsFirstParty";
+                    break;
+                case "#didSetCookieAsFirstParty":
+                    shouldBeUndefined(document.cookie);
+                    await testThirdPartyCookie();
+                    break;
+            }
+        }
+    </script>
+</head>
+<body>
+<div id="output"></div>
+<script>
+    description("Tests WebSocket cookie behavior for third-parties with existing cookies.");
+    if (window.testRunner && testRunner.setStatisticsShouldBlockThirdPartyCookies)
+        testRunner.setStatisticsShouldBlockThirdPartyCookies(true, runTest);
+    else
+        runTest();
+</script>
+</body>
+</html>

LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party_wsh.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+from mod_pywebsocket import handshake
+from mod_pywebsocket.handshake.hybi import compute_accept_from_unicode
+
+
+class HeaderCache:
+    previousHeaders = ""
+
+
+def web_socket_do_extra_handshake(request):
+    message = b''
+
+    if request.headers_in['Cookie']:
+        HeaderCache.previousHeaders = request.headers_in['Cookie']
+        message += b'HTTP/1.1 403\r\n\r\n'
+        request.connection.write(message)
+        raise handshake.AbortedByUserException('Abort the connection')  # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+    request.ws_stream.send_message('Cookies are: {}\r\n'.format(HeaderCache.previousHeaders), binary=False)

LayoutTests/platform/gtk/TestExpectations

@@ -188,6 +188,9 @@ webkit.org/b/254733 inspector/canvas/recording-offscreen-canvas-2d-frameCount.ht
 webkit.org/b/254733 inspector/canvas/recording-offscreen-canvas-2d-full.html [ Failure ]
 webkit.org/b/254733 inspector/canvas/recording-offscreen-canvas-2d-memoryLimit.html [ Failure ]
 
+# Websocket.
+webkit.org/b/254220 http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html [ Skip ]
+
 # WebXR is not yet supported in GTK
 webkit.org/b/208988 http/wpt/webxr [ Skip ]
 webkit.org/b/208988 imported/w3c/web-platform-tests/webxr [ Skip ]

LayoutTests/platform/mac-wk1/TestExpectations

@@ -839,6 +839,11 @@ imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/b
 imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/015.html [ Pass Failure ]
 imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/readyState/006.html [ Pass Failure ]
 
+# Tests are only relevant in WK2
+http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html [ Skip ]
+http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html [ Skip ]
+http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html [ Skip ]
+
 # ShouldOpenExternalURLs not yet supported in WK1
 loader/navigation-policy [ Skip ]
 

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

@@ -482,10 +482,10 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I
     m_networkProcess->parentProcessConnection()->send(Messages::NetworkProcessProxy::TerminateWebProcess(m_webProcessIdentifier), 0);
 }
 
-void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier,  WebPageProxyIdentifier webPageProxyID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<NetworkConnectionIntegrity> networkConnectionIntegrityPolicy)
+void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<NetworkConnectionIntegrity> networkConnectionIntegrityPolicy, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
 {
     ASSERT(!m_networkSocketChannels.contains(identifier));
-    if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, networkConnectionIntegrityPolicy))
+    if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, networkConnectionIntegrityPolicy, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy))
         m_networkSocketChannels.add(identifier, WTFMove(channel));
 }
 

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h

@@ -262,7 +262,7 @@ class NetworkConnectionToWebProcess
 
     void setCaptureExtraNetworkLoadMetricsEnabled(bool);
 
-    void createSocketChannel(const WebCore::ResourceRequest&, const String& protocol, WebCore::WebSocketIdentifier, WebPageProxyIdentifier, const WebCore::ClientOrigin&, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<WebCore::NetworkConnectionIntegrity> networkConnectionIntegrityPolicy);
+    void createSocketChannel(const WebCore::ResourceRequest&, const String& protocol, WebCore::WebSocketIdentifier, WebPageProxyIdentifier, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, const WebCore::ClientOrigin&, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<WebCore::NetworkConnectionIntegrity> networkConnectionIntegrityPolicy, WebCore::ShouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy);
     void updateQuotaBasedOnSpaceUsageForTesting(WebCore::ClientOrigin&&);
 
     void establishSharedWorkerServerConnection();

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in

@@ -61,7 +61,7 @@ messages -> NetworkConnectionToWebProcess LegacyReceiver {
 
     SetCaptureExtraNetworkLoadMetricsEnabled(bool enabled)
 
-    CreateSocketChannel(WebCore::ResourceRequest request, String protocol, WebCore::WebSocketIdentifier identifier, WebKit::WebPageProxyIdentifier webPageProxyID, struct WebCore::ClientOrigin clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<WebCore::NetworkConnectionIntegrity> networkConnectionIntegrityPolicy)
+    CreateSocketChannel(WebCore::ResourceRequest request, String protocol, WebCore::WebSocketIdentifier identifier, WebKit::WebPageProxyIdentifier webPageProxyID, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, struct WebCore::ClientOrigin clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<WebCore::NetworkConnectionIntegrity> networkConnectionIntegrityPolicy, enum:bool WebCore::ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, enum:uint8_t WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
 
     ClearPageSpecificData(WebCore::PageIdentifier pageID);