[webkit-changes] [WebKit/WebKit] cb29a8: Arbitrary cookie access via NetworkConnectionToWeb...
Charlie Wolfe
noreply at github.com
Fri Jul 14 15:58:53 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cb29a8742b53ee93d18b8fd8fcb177ce66ada9cb
https://github.com/WebKit/WebKit/commit/cb29a8742b53ee93d18b8fd8fcb177ce66ada9cb
Author: Charlie Wolfe <charliew at apple.com>
Date: 2023-07-14 (Fri, 14 Jul 2023)
Changed paths:
M Source/WebCore/loader/PingLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.h
M Source/WebKit/Shared/AuxiliaryProcess.cpp
M Source/WebKit/Shared/AuxiliaryProcess.h
M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
M Source/WebKit/WebProcess/Plugins/PluginView.cpp
M Source/WebKit/WebProcess/WebProcess.cpp
Log Message:
-----------
Arbitrary cookie access via NetworkConnectionToWebProcess::cookiesForDOM
https://bugs.webkit.org/show_bug.cgi?id=259040
rdar://107270673
Reviewed by Alex Christensen.
Currently, our `allowsFirstPartyForCookies` message checks will always pass if the given
URL can’t be parsed into a RegistrableDomain. This patch removes each of the FIXMEs in the
`allowsFirstPartyForCookies` functions which allow this.
260966 at main previously removed most of these FIXMEs, but was reverted due to cached resources
causing the web process to crash when loaded. This is fixed by setting the first party for
cookies to the request in `CachedResourceLoader::requestResource`.
* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::sendViolationReport):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
(WebKit::NetworkConnectionToWebProcess::getRawCookies):
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/Shared/AuxiliaryProcess.cpp:
(WebKit::AuxiliaryProcess::allowsFirstPartyForCookies):
* Source/WebKit/Shared/AuxiliaryProcess.h:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::getResourceBytesAtPosition):
* Source/WebKit/WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::Stream::start):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::allowsFirstPartyForCookies):
Canonical link: https://commits.webkit.org/266074@main
More information about the webkit-changes
mailing list