[webkit-reviews] review granted: [Bug 215201] Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses : [Attachment 406121] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 7 10:20:01 PDT 2020
Brent Fulgham <bfulgham at webkit.org> has granted John Wilander
<wilander at apple.com>'s request for review:
Bug 215201: Experimental: Cap the expiry of persistent cookies set in 3rd-party
CNAME cloaked HTTP responses
https://bugs.webkit.org/show_bug.cgi?id=215201
Attachment 406121: Patch
https://bugs.webkit.org/attachment.cgi?id=406121&action=review
--- Comment #23 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 406121
--> https://bugs.webkit.org/attachment.cgi?id=406121
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=406121&action=review
r=me, but please look at the Mac-AS bot failure. I can't tell if that is due to
missing SPI on that bot, or a true AS-specific build bug in the code.
> Source/WebCore/PAL/ChangeLog:11
> + - _cookieTransformCallback
Nit: Extra space before _cookieTransformCallback
> Source/WebKit/ChangeLog:36
> + - _cookieTransformCallback
Ditto
> Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h:299
> +#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM)
Should this be HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)?
> Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:313
> + if (![cookie isSessionOnly] && (!cookie.expiresDate ||
cookie.expiresDate.timeIntervalSinceNow > cap.seconds())) {
Nit: This would have been easier to understand with an early return for
session-only cookies.
> Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:134
> +// FIXME: Remove these selector checks when macOS Big Sur has shipped.
Nit: Please file a Bugzilla+Radar to make sure we do this!
> Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:189
> +
Nit: Extra line
> Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:1942
> + if (cnameURL.host() != "testwebkit.org" && cnameURL.host() !=
"3rdpartytestwebkit.org") {
Nit: It would be smart to have a more central place to maintain our test server
names, possibly in a WebCoreTestSupport location or something.
More information about the webkit-reviews
mailing list