[webkit-changes] [WebKit/WebKit] f9cc03: [Cookie Store API] Throw error on attempt to set c...
Rupin Mittal
noreply at github.com
Thu Jan 23 09:35:13 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f9cc03148c7fce295e58191df2725cbc8062733d
https://github.com/WebKit/WebKit/commit/f9cc03148c7fce295e58191df2725cbc8062733d
Author: Rupin Mittal <rupin at apple.com>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M Source/WebCore/Modules/cookie-store/CookieStore.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/CookieStoreAPI.mm
Log Message:
-----------
[Cookie Store API] Throw error on attempt to set cookies for a public suffix domain
https://bugs.webkit.org/show_bug.cgi?id=286382
rdar://143095098
Reviewed by Chris Dumez.
If there is an attempt to set a cookie with a public-suffix domain (like "com"), and
the current host is "*.com", then "com" passes the domain rules in the Cookie Store spec.
But CFNetwork does not set the cookie--and since the CFNetwork API for setting the cookie
does not return an error, CookieStore::set() returns a success even though the
cookie wasn't set.
The spec does not say anything about checking for public-suffix domains, but Chrome
does return an error for this. To match Chrome, we alter CookieStore::set() to return
an error if the domain is a public-suffix.
This is tested by a new API test in CookieStoreAPI.mm.
* Source/WebCore/Modules/cookie-store/CookieStore.cpp:
(WebCore::CookieStore::set):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/CookieStoreAPI.mm:
(TestWebKitAPI::TEST(WebKit, CookieStoreSetCookieForPublicSuffixDomain)):
Canonical link: https://commits.webkit.org/289296@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list