[webkit-changes] [WebKit/WebKit] 4d2a1a: Tracking domains can set partitioned cookies

Commit Queue noreply at github.com
Tue Feb 4 20:47:00 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4d2a1aa31e5701437cdcb6c9023b17d57c608972
      https://github.com/WebKit/WebKit/commit/4d2a1aa31e5701437cdcb6c9023b17d57c608972
  Author: Matthew Finkel <m_finkel at apple.com>
  Date:   2025-02-04 (Tue, 04 Feb 2025)

  Changed paths:
    M Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm
    M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h
    M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  Tracking domains can set partitioned cookies
https://bugs.webkit.org/show_bug.cgi?id=286778
rdar://144184516

Reviewed by Wenson Hsieh.

The vast majority of the partitioned cookies we currently see are being set by
tracking domains. This doesn't benefit users and only causes more memory usage.
This patch blocks third-party cookies if the request is for a tracking domain.

Tested manually, and adding a few API tests, but these tests don't cover
blocking cookies for a domain on the block list. That will require a more
invasive change, so I'll do that in a follow up.

* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm:
(WebKit::NetworkTaskCocoa::requestThirdPartyCookieBlockingDecision const):
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm:
(WebKit::isKnownTrackerAddressOrDomain):
* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::setUpWebViewForTestingTrackerDomainBlocking):
(TestWebKitAPI::TEST(AdvancedPrivacyProtections, DoNotBlockFirstPartyPartitionedCookiesFromTrackerDomain)):
(TestWebKitAPI::TEST(AdvancedPrivacyProtections, DoNotBlockThirdPartyPartitionedCookiesFromSameSiteDomain)):
(TestWebKitAPI::TEST(AdvancedPrivacyProtections, DoNotBlockThirdPartyPartitionedCookies)):

Canonical link: https://commits.webkit.org/289849@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list