-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Arbitrary cookie access via NetworkConnectionToWebProcess::cookiesForDOM
https://bugs.webkit.org/show_bug.cgi?id=259040 rdar://107270673 Reviewed by Alex Christensen. Currently, our `allowsFirstPartyForCookies` message checks will always pass if the given URL can’t be parsed into a RegistrableDomain. This patch removes each of the FIXMEs in the `allowsFirstPartyForCookies` functions which allow this. 260966@main previously removed most of these FIXMEs, but was reverted due to cached resources causing the web process to crash when loaded. This is fixed by setting the first party for cookies to the request in `CachedResourceLoader::requestResource`. * Source/WebCore/loader/PingLoader.cpp: (WebCore::PingLoader::sendViolationReport): * Source/WebCore/loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::createSocketChannel): (WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad): (WebKit::NetworkConnectionToWebProcess::cookiesForDOM): (WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync): (WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM): (WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue): (WebKit::NetworkConnectionToWebProcess::getRawCookies): (WebKit::NetworkConnectionToWebProcess::domCookiesForHost): * Source/WebKit/NetworkProcess/NetworkProcess.cpp: * Source/WebKit/NetworkProcess/NetworkProcess.h: * Source/WebKit/Shared/AuxiliaryProcess.cpp: (WebKit::AuxiliaryProcess::allowsFirstPartyForCookies): * Source/WebKit/Shared/AuxiliaryProcess.h: * Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp: (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess): * Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm: (WebKit::PDFPlugin::getResourceBytesAtPosition): * Source/WebKit/WebProcess/Plugins/PluginView.cpp: (WebKit::PluginView::Stream::start): * Source/WebKit/WebProcess/WebProcess.cpp: (WebKit::WebProcess::allowsFirstPartyForCookies): Canonical link: https://commits.webkit.org/266074@main
- Loading branch information
1 parent
861b908
commit cb29a87
Showing
11 changed files
with
29 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters