[webkit-changes] [WebKit/WebKit] cb29a8: Arbitrary cookie access via NetworkConnectionToWeb...

Charlie Wolfe noreply at github.com
Fri Jul 14 15:58:53 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cb29a8742b53ee93d18b8fd8fcb177ce66ada9cb
      https://github.com/WebKit/WebKit/commit/cb29a8742b53ee93d18b8fd8fcb177ce66ada9cb
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2023-07-14 (Fri, 14 Jul 2023)

  Changed paths:
    M Source/WebCore/loader/PingLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/Shared/AuxiliaryProcess.cpp
    M Source/WebKit/Shared/AuxiliaryProcess.h
    M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
    M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
    M Source/WebKit/WebProcess/Plugins/PluginView.cpp
    M Source/WebKit/WebProcess/WebProcess.cpp

  Log Message:
  -----------
  Arbitrary cookie access via NetworkConnectionToWebProcess::cookiesForDOM
https://bugs.webkit.org/show_bug.cgi?id=259040
rdar://107270673

Reviewed by Alex Christensen.

Currently, our `allowsFirstPartyForCookies` message checks will always pass if the given
URL can’t be parsed into a RegistrableDomain. This patch removes each of the FIXMEs in the
`allowsFirstPartyForCookies` functions which allow this.

260966 at main previously removed most of these FIXMEs, but was reverted due to cached resources
causing the web process to crash when loaded. This is fixed by setting the first party for
cookies to the request in `CachedResourceLoader::requestResource`.

* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::sendViolationReport):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
(WebKit::NetworkConnectionToWebProcess::getRawCookies):
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/Shared/AuxiliaryProcess.cpp:
(WebKit::AuxiliaryProcess::allowsFirstPartyForCookies):
* Source/WebKit/Shared/AuxiliaryProcess.h:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::getResourceBytesAtPosition):
* Source/WebKit/WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::Stream::start):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::allowsFirstPartyForCookies):

Canonical link: https://commits.webkit.org/266074@main




More information about the webkit-changes mailing list