[Webkit-unassigned] [Bug 193458] New: [SOUP] Unify behavior of kWKHTTPCookieAcceptPolicy with cocoa

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 15 13:03:25 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=193458

            Bug ID: 193458
           Summary: [SOUP] Unify behavior of kWKHTTPCookieAcceptPolicy
                    with cocoa
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: Basuke.Suzuki at sony.com, chris.reid at sony.com,
                    wilander at apple.com

WKCookieManager.h declares these WKHTTPCookieAcceptPolicy:

enum {
    kWKHTTPCookieAcceptPolicyAlways = 0,
    kWKHTTPCookieAcceptPolicyNever = 1,
    kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain = 2,
    kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain = 3
};

I asked Jon Wilander about the distinction between AcceptPolicyOnlyFromMainDocumentDomain and kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain. He says:

"""AcceptPolicyOnlyFromMainDocumentDomain is the default policy on Cocoa platforms and it means third-party resource loads (differing eTLD+1) cannot read or write cookies unless they have pre-existing cookies. This effectively means the eTLD+1 needs to become a top frame resource to seed its cookie jar before it can use it as third-party.

AcceptPolicyExclusivelyFromMainDocumentDomain means only first-party cookies."""

GTK and WPE expose an WebKitCookieAcceptPolicy enum with values WEBKIT_COOKIE_POLICY_ACCEPT_ALWAYS, WEBKIT_COOKIE_POLICY_ACCEPT_NEVER, and WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY. Internally, it is implemented by converting from WebKitCookieAcceptPolicy to WKHTTPCookieAcceptPolicy. The conversion for the always/never policies are obvious. WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY is converted to kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain. However, the behavior it implements actually matches kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain. So libsoup's kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain is actually equivalent to Cocoa's kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain, and libsoup ports have no equivalent to Cocoa's kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain. This sort of unexpected platform-specific differences from seemingly cross-platform code is why we wind up with strange platform-specific bugs, so we should fix it.

Now, each of our three WebKitCookieAcceptPolicys corresponds to a SoupCookieJarAcceptPolicy: SOUP_COOKIE_JAR_ACCEPT_ALWAYS, SOUP_COOKIE_JAR_ACCEPT_NEVER, and SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY. I actually wrote a libsoup patch a year ago to change the behavior of SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY to match Cocoa's kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain, but never landed it. We should resurrect that, except we should do it as a new SoupCookieJarAcceptPolicy instead of modifying the behavior of the existing policy. Then we should expose a new, corresponding WebKitCookieAcceptPolicy, and change Epiphany to use it. And lastly, we should change toWebKitCookieAcceptPolicy and toHTTPCookieAcceptPolicy in WebKit/UIProcess/API/glib/WebKitCookieManager.cpp so that WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY corresponds to HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain instead of HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain, and have the new WebKitCookieAcceptPolicy correspond to HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain.

Finally, we should consider renaming HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain or HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain if possible. These are private APIs on all ports, but Mac system applications sometimes use private APIs, so only Apple can determine if it's possible to do a rename.

CC: Basuke and Christopher, since you might want to investigate what curl ports are doing here.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190115/571b6b32/attachment.html>

More information about the webkit-unassigned mailing list