[Webkit-unassigned] [Bug 182328] [SOUP] Ensure domain is valid when converting a WebCore Cookie to Soup

Wed Jan 31 23:51:11 PST 2018

https://bugs.webkit.org/show_bug.cgi?id=182328

--- Comment #3 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to Michael Catanzaro from comment #2)
> Comment on attachment 332753 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=332753&action=review
> 
> > Source/WebCore/platform/network/soup/CookieSoup.cpp:66
> > +    // soup_cookie_new() will handle the given domain as a hostname if it doesn't start with '.'.
> > +    auto cookieDomain = domain.utf8();
> > +    if (cookieDomain.length() && !g_hostname_is_ip_address(cookieDomain.data()) && cookieDomain.data()[0] != '.')
> > +        cookieDomain = makeString('.', domain).utf8();
> 
> I don't know. RFC 2965 says:
> 
>    Domain=value
>       OPTIONAL.  The value of the Domain attribute specifies the domain
>       for which the cookie is valid.  If an explicitly specified value
>       does not start with a dot, the user agent supplies a leading dot
> 
> The dot is actually significant and probably shouldn't change when
> converting from a WebCore::Cookie to SoupCookie. I'm worried that the dot
> should have already been prepended somewhere else.

The dot is indeed prepended by libsoup when parsing a cookie, that is, when a cookie is set by DOM. When we convert a WebCore Cookie to Soup is usually because it's not a cookie added by DOM but by some API (either the user API or WebDriver ins this case). What we are doing here is the same soup does when a cookie is added by DOM, prepending the dot if it's not there already.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180201/bedb012a/attachment.html>