[webkit-changes] [WebKit/WebKit] 4973ae: Use a non-empty, non-'about:' cookie url when gett...
Rupin Mittal
noreply at github.com
Fri Sep 13 08:31:42 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4973ae3a5e854e1e056dedcbced9c1db450bc6f0
https://github.com/WebKit/WebKit/commit/4973ae3a5e854e1e056dedcbced9c1db450bc6f0
Author: Rupin Mittal <rupin at apple.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_get_set_across_frames.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_opaque_origin.https-expected.txt
M Source/WebCore/Modules/cookie-store/CookieStore.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/dom/EmptyScriptExecutionContext.h
M Source/WebCore/dom/ScriptExecutionContext.h
M Source/WebCore/workers/WorkerGlobalScope.h
M Source/WebCore/worklets/WorkletGlobalScope.h
Log Message:
-----------
Use a non-empty, non-'about:' cookie url when getting/setting cookies in CookieStore
https://bugs.webkit.org/show_bug.cgi?id=279578
rdar://135853069
Reviewed by Chris Dumez and Sihui Liu.
As per the CookieStore API spec, the CookieStore uses the ScriptExecutionContext's
creation URL when getting/setting cookies. Two of the layout tests attempt to get/set
cookies from iFrames. The creation URL's for these iFrames are 'about:blank' and
'about:srcdoc'. These url's don't have hosts and so the get/set requests fail.
We fix this by using Document::cookieURL() in the Document case. The document's cookie
URL is set when the Document is created and never changed after that (so it matches the
creation URL). This works in the iFrame case because Document::initSecurityContext()
sets the cookieURL to the parent document's cookies URL for a Document if it
shouldInheritSecurityOriginFromOwner (which is true for iFrames).
We added ScriptExecutionContext::creationURL() in 283530 at main specifically for getting/
setting cookies. Since Document had a creationURL() function, we wanted one in
ServiceWorkerGlobalScope so that the usage in CookieStore was consistent. Since we are
now using cookieURL() in Document instead of creationURL(), we want to do the same in
ServiceWorkerGlobalScope. So we rename ScriptExecutionContext::creationURL() to
ScriptExecutionContext::cookieURL(). So now, we use cookieURL() in both the Document
and Service Worker case. This works in all cases, not just for iFrames.
* LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_get_set_across_frames.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_opaque_origin.https-expected.txt:
* Source/WebCore/Modules/cookie-store/CookieStore.cpp:
(WebCore::CookieStore::get):
(WebCore::CookieStore::getAll):
(WebCore::CookieStore::set):
* Source/WebCore/dom/Document.h:
(WebCore::Document::creationURL const):
(WebCore::Document::cookieURL const): Deleted.
* Source/WebCore/dom/EmptyScriptExecutionContext.h:
* Source/WebCore/dom/ScriptExecutionContext.h:
* Source/WebCore/workers/WorkerGlobalScope.h:
* Source/WebCore/worklets/WorkletGlobalScope.h:
Canonical link: https://commits.webkit.org/283622@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list