[webkit-changes] [WebKit/WebKit] 3aca45: [Cookie Store API] [ITP] Cap expiry of script-writ...
Wenson Hsieh
noreply at github.com
Mon Feb 17 23:52:50 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3aca45066b63246da4995f601a2a008a0fa28bdf
https://github.com/WebKit/WebKit/commit/3aca45066b63246da4995f601a2a008a0fa28bdf
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2025-02-17 (Mon, 17 Feb 2025)
Changed paths:
A LayoutTests/http/tests/resourceLoadStatistics/capped-lifetime-for-cookie-set-with-link-query-using-cookiestore-api.https-expected.txt
A LayoutTests/http/tests/resourceLoadStatistics/capped-lifetime-for-cookie-set-with-link-query-using-cookiestore-api.https.html
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/mac-wk2/TestExpectations
M LayoutTests/platform/wk2/TestExpectations
M LayoutTests/resources/ui-helper.js
M Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm
M Tools/TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl
M Tools/TestRunnerShared/UIScriptContext/UIScriptController.h
M Tools/WebKitTestRunner/cocoa/UIScriptControllerCocoa.h
M Tools/WebKitTestRunner/cocoa/UIScriptControllerCocoa.mm
Log Message:
-----------
[Cookie Store API] [ITP] Cap expiry of script-written cookies to 24h after cross-site navigation with link decorations
https://bugs.webkit.org/show_bug.cgi?id=287782
rdar://145016528
Reviewed by Charlie Wolfe.
Apply the "24h script-written cookie expiry cap after cross-site navigation with link decorations"
rule to cookies set using the new CookieStore API, for consistency with using `document.cookie`. See
below for more details.
* LayoutTests/http/tests/resourceLoadStatistics/capped-lifetime-for-cookie-set-with-link-query-using-cookiestore-api.https-expected.txt: Added.
* LayoutTests/http/tests/resourceLoadStatistics/capped-lifetime-for-cookie-set-with-link-query-using-cookiestore-api.https.html: Added.
Add a new test to exercise this change:
- Navigate from `127.0.0.1` to `localhost`, marking `127.0.0.1` as a prevalent resource domain and
updating ITP cookie blocking data in the process.
- Set cookies on `localhost` using the CookieStore API, with expiries of both under and over 24h.
- Read back the stored cookies, and verify that expiry is capped to 24h.
* LayoutTests/platform/ios/TestExpectations:
* LayoutTests/platform/mac-wk2/TestExpectations:
* LayoutTests/platform/wk2/TestExpectations:
Enable the new test on WK2 Cocoa ports only, where the `ENABLE(JS_COOKIE_CHECKING)` feature is
enabled and expiry capping after cross-site navigation is enabled.
* LayoutTests/resources/ui-helper.js:
(window.UIHelper.async cookiesForDomain):
Add a new helper method to read properties of cookies matching the given domain, by going through
`WKHTTPCookieStore`.
* Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:
(WebCore::adjustScriptWrittenCookie):
(WebCore::parseDOMCookie):
Implement the main fix here: split `parseDOMCookie` out into two parts: (1) the first part that
actually parses the cookie from the raw string, and (2) `adjustScriptWrittenCookie`, which adjusts
the resulting `NSHTTPCookie` by applying the `SetInJavaScript` flag and capping expiry if needed.
(WebCore::NetworkStorageSession::setCookieFromDOM const):
Use `adjustScriptWrittenCookie` on the incoming `NSHTTPCookie` to apply cookie expiry mitigations.
* Tools/TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
* Tools/TestRunnerShared/UIScriptContext/UIScriptController.h:
(WTR::UIScriptController::cookiesForDomain):
* Tools/WebKitTestRunner/cocoa/UIScriptControllerCocoa.h:
* Tools/WebKitTestRunner/cocoa/UIScriptControllerCocoa.mm:
(WTR::propertyDictionaryForJS):
(WTR::UIScriptControllerCocoa::cookiesForDomain):
Canonical link: https://commits.webkit.org/290527@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list