[Webkit-unassigned] [Bug 34289] WebSocket ignores HttpOnly cookies, but should use in Handshake.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 12 14:19:28 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34289
Darin Fisher (:fishd, Google) <fishd at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fishd at chromium.org
--- Comment #9 from Darin Fisher (:fishd, Google) <fishd at chromium.org> 2010-02-12 14:19:26 PST ---
We're going to have a problem supporting cookieRequestHeaderFieldValue in
Chromium. We intentionally deny the WebKit process access to HTTP-only cookies
because we can add them in within the browser process later on.
Ukai, maybe we can preserve that isolation by writing a special token into the
stream that the WebSocketStreamHandle can replace w/ the real cookie stream?
Also using getRawCookies to implement cookieRequestHeaderFieldValue is not
necessarily correct. getRawCookies fails to mark the cookies as visited, which
does not bump their priority in the cookie "cache replacement policy"
algorithm. getRawCookies was only designed to be used by devtools to support
its UI.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list