[webkit-reviews] review denied: [Bug 175232] Resource Load Statistics: Immediately deny third-party cookie creation for prevalent resources without interaction (rather than temporarily accepting the cookie) : [Attachment 319668] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 5 10:54:41 PDT 2017
Alex Christensen <achristensen at apple.com> has denied Brent Fulgham
<bfulgham at webkit.org>'s request for review:
Bug 175232: Resource Load Statistics: Immediately deny third-party cookie
creation for prevalent resources without interaction (rather than temporarily
accepting the cookie)
https://bugs.webkit.org/show_bug.cgi?id=175232
Attachment 319668: Patch
https://bugs.webkit.org/attachment.cgi?id=319668&action=review
--- Comment #13 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 319668
--> https://bugs.webkit.org/attachment.cgi?id=319668
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=319668&action=review
> Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:248
> + if (!domainsWithInteraction.isEmpty()) {
These checks don't do anything.
> Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:250
> +
m_prevalentTopPrivatelyControlledDomainsWithoutInteraction.remove(domain);
If we clear first, there's a lot of unnecessary removing from empty sets.
> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:82
> RetainPtr<NSURLSession> m_sessionWithoutCredentialStorage;
> RetainPtr<WKNetworkSessionDelegate>
m_sessionWithoutCredentialStorageDelegate;
> + RetainPtr<NSURLSession> m_sessionWithoutCredentialOrCookieStorage;
> + RetainPtr<WKNetworkSessionDelegate>
m_sessionWithoutCredentialOrCookieStorageDelegate;
Instead of making a third session, we should probably just make the
m_sessionWithoutCredentialStorage have a nil HTTPCookieStorage. The intent of
that session is that it's stateless. Maybe that should be a separate patch
because it will affect more than just this.
More information about the webkit-reviews
mailing list