[webkit-changes] [WebKit/WebKit] 48ce9a: Tracking domains can set partitioned cookies

Commit Queue noreply at github.com
Fri Jan 31 16:31:19 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 48ce9a3d8430abcb9bfc8712cbe5cdb48c0d5578
      https://github.com/WebKit/WebKit/commit/48ce9a3d8430abcb9bfc8712cbe5cdb48c0d5578
  Author: Matthew Finkel <m_finkel at apple.com>
  Date:   2025-01-31 (Fri, 31 Jan 2025)

  Changed paths:
    M Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm
    M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h
    M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  Tracking domains can set partitioned cookies
https://bugs.webkit.org/show_bug.cgi?id=286778
rdar://143914901

Reviewed by Wenson Hsieh.

The vast majority of the partitioned cookies we currently see are being set by
tracking domains. This doesn't benefit users and only causes more memory usage.
This patch blocks third-party cookies if the request is for a tracking domain.

Tested manually, and adding a few API tests, but these tests don't cover
blocking cookies for a domain on the block list. That will require a more
invasive change, so I'll do that in a follow up.

* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm:
(WebKit::NetworkTaskCocoa::requestThirdPartyCookieBlockingDecision const):
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm:
(WebKit::isKnownTrackerAddressOrDomain):
* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::setUpWebViewForTestingTrackerDomainBlocking):
(TestWebKitAPI::TEST(AdvancedPrivacyProtections, DoNotBlockFirstPartyPartitionedCookiesFromTrackerDomain)):
(TestWebKitAPI::TEST(AdvancedPrivacyProtections, DoNotBlockThirdPartyPartitionedCookiesFromSameSiteDomain)):
(TestWebKitAPI::TEST(AdvancedPrivacyProtections, DoNotBlockThirdPartyPartitionedCookies)):

Canonical link: https://commits.webkit.org/289641@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list