[Webkit-unassigned] [Bug 149873] [Content Extensions] Content blocking rules are not consulted for pings
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 15 14:08:01 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=149873
Alex Christensen <achristensen at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #263155|review? |review+, commit-queue-
Flags| |
--- Comment #28 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 263155
--> https://bugs.webkit.org/attachment.cgi?id=263155
Patch using Option (b)
View in context: https://bugs.webkit.org/attachment.cgi?id=263155&action=review
r=me
I don't think we should change the null checks in this patch. That's a separate bug
> Source/WebCore/loader/PingLoader.cpp:143
> - request.setAllowCookies(frame.document()->securityOrigin()->isSameSchemeHostPort(SecurityOrigin::create(reportURL).ptr()));
> + if (Document* document = frame.document()) {
> + if (SecurityOrigin* securityOrigin = document->securityOrigin()) {
> + if (!securityOrigin->isSameSchemeHostPort(SecurityOrigin::create(reportURL).ptr()))
> + request.setAllowCookies(false);
> + }
> + }
I like that this adds null checks, but not that this would fail to remove cookies if one of the null checks fails. I think if the null checks fail, then we should setAllowCookies(false) to avoid sending cookies to somewhere we're not supposed to, which could be a privacy problem.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151015/4b7cfd2a/attachment.html>
More information about the webkit-unassigned
mailing list