[webkit-changes] [WebKit/WebKit] 0df5a7: Ensure third party frames do not have cookie acces...

Rupin Mittal noreply at github.com
Fri Dec 6 15:44:52 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0df5a7c46418c0afa242a7c4d07761a813251e23
      https://github.com/WebKit/WebKit/commit/0df5a7c46418c0afa242a7c4d07761a813251e23
  Author: Rupin Mittal <rupin at apple.com>
  Date:   2024-12-06 (Fri, 06 Dec 2024)

  Changed paths:
    A LayoutTests/http/wpt/cookie-store/cookieStore_third_party_iframe_change_listener-expected.txt
    A LayoutTests/http/wpt/cookie-store/cookieStore_third_party_iframe_change_listener.html
    A LayoutTests/http/wpt/cookie-store/resources/third_party_iframe_change_listener.html
    A LayoutTests/http/wpt/cookie-store/resources/third_party_iframe_change_listener_helper.html
    M Source/WebCore/Modules/cookie-store/CookieStore.cpp
    M Source/WebCore/loader/CookieJar.cpp
    M Source/WebCore/loader/CookieJar.h
    M Source/WebCore/platform/network/NetworkStorageSession.h
    M Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
    M Source/WebKit/WebProcess/WebPage/WebCookieCache.cpp
    M Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp
    M Source/WebKit/WebProcess/WebPage/WebCookieJar.h

  Log Message:
  -----------
  Ensure third party frames do not have cookie access from Cookie Store API change listener
https://bugs.webkit.org/show_bug.cgi?id=283985
rdar://140446608

Reviewed by Sihui Liu.

Previously, a third party iframe could register a cookie-change event listener.
Then, if another page set a cookie, the iframe would get a notification about
the cookie change. But third party iframes should not have this cookie access.

The fix: when the iframe tries to register a change listener, a listener won't
be registered if the iframe's cookie access should be blocked.

Furthermore, we add allowsFirstPartyForCookies() and shouldBlockCookies() checks
in the Network Process because the Web Process may not have all the information
to know if it should block cookie access. Since it's possible that the checks
in the Web Process pass and those in the Network Process fail, we refactor the
code so that the Network Process returns a boolean indicating if the checks passed.
So the Web Process will only add the listener to it's local map of listeners if
the checks in the Network Process pass and the listener is indeed registered.

Since WebCookieCache's call to add a cookie change listener happens only if it
passes the Web Process' shouldBlockCookies check in WebCookieJar, we don't need
to do the Web Process check again for it. So we add a new addChangeListenerWithAccess
function that doesn't do the Web Process check but does still do the Network
Process checks.

* LayoutTests/http/wpt/cookie-store/cookieStore_third_party_iframe_change_listener-expected.txt: Added.
* LayoutTests/http/wpt/cookie-store/cookieStore_third_party_iframe_change_listener.html: Added.
* LayoutTests/http/wpt/cookie-store/resources/third_party_iframe_change_listener.html: Added.
* LayoutTests/http/wpt/cookie-store/resources/third_party_iframe_change_listener_helper.html: Added.
* Source/WebCore/Modules/cookie-store/CookieStore.cpp:
(WebCore::CookieStore::eventListenersDidChange):
* Source/WebCore/loader/CookieJar.cpp:
(WebCore::CookieJar::addChangeListener):
* Source/WebCore/loader/CookieJar.h:
* Source/WebCore/platform/network/NetworkStorageSession.h:
* Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:
(WebCore::NetworkStorageSession::startListeningForCookieChangeNotifications):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::subscribeToCookieChangeNotifications):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/WebProcess/WebPage/WebCookieCache.cpp:
(WebKit::WebCookieCache::cookiesForDOM):
* Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp:
(WebKit::WebCookieJar::addChangeListenerWithAccess):
(WebKit::WebCookieJar::addChangeListener):
* Source/WebKit/WebProcess/WebPage/WebCookieJar.h:

Canonical link: https://commits.webkit.org/287462@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list