[webkit-reviews] review denied: [Bug 175232] Resource Load Statistics: Immediately deny third-party cookie creation for prevalent resources without interaction (rather than temporarily accepting the cookie) : [Attachment 319668] Patch

Tue Sep 5 10:54:41 PDT 2017

Alex Christensen <achristensen at apple.com> has denied Brent Fulgham
<bfulgham at webkit.org>'s request for review:
Bug 175232: Resource Load Statistics: Immediately deny third-party cookie
creation for prevalent resources without interaction (rather than temporarily
accepting the cookie)
https://bugs.webkit.org/show_bug.cgi?id=175232

Attachment 319668: Patch

https://bugs.webkit.org/attachment.cgi?id=319668&action=review

--- Comment #13 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 319668
  --> https://bugs.webkit.org/attachment.cgi?id=319668
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=319668&action=review

> Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:248
> +    if (!domainsWithInteraction.isEmpty()) {

These checks don't do anything.

> Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:250
> +	      
m_prevalentTopPrivatelyControlledDomainsWithoutInteraction.remove(domain);

If we clear first, there's a lot of unnecessary removing from empty sets.

> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:82
>      RetainPtr<NSURLSession> m_sessionWithoutCredentialStorage;
>      RetainPtr<WKNetworkSessionDelegate>
m_sessionWithoutCredentialStorageDelegate;
> +    RetainPtr<NSURLSession> m_sessionWithoutCredentialOrCookieStorage;
> +    RetainPtr<WKNetworkSessionDelegate>
m_sessionWithoutCredentialOrCookieStorageDelegate;

Instead of making a third session, we should probably just make the
m_sessionWithoutCredentialStorage have a nil HTTPCookieStorage.  The intent of
that session is that it's stateless.  Maybe that should be a separate patch
because it will affect more than just this.