[Webkit-unassigned] [Bug 193458] New: [SOUP] Unify behavior of kWKHTTPCookieAcceptPolicy with cocoa
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 15 13:03:25 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193458
Bug ID: 193458
Summary: [SOUP] Unify behavior of kWKHTTPCookieAcceptPolicy
with cocoa
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit2
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
CC: Basuke.Suzuki at sony.com, chris.reid at sony.com,
wilander at apple.com
WKCookieManager.h declares these WKHTTPCookieAcceptPolicy:
enum {
kWKHTTPCookieAcceptPolicyAlways = 0,
kWKHTTPCookieAcceptPolicyNever = 1,
kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain = 2,
kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain = 3
};
I asked Jon Wilander about the distinction between AcceptPolicyOnlyFromMainDocumentDomain and kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain. He says:
"""AcceptPolicyOnlyFromMainDocumentDomain is the default policy on Cocoa platforms and it means third-party resource loads (differing eTLD+1) cannot read or write cookies unless they have pre-existing cookies. This effectively means the eTLD+1 needs to become a top frame resource to seed its cookie jar before it can use it as third-party.
AcceptPolicyExclusivelyFromMainDocumentDomain means only first-party cookies."""
GTK and WPE expose an WebKitCookieAcceptPolicy enum with values WEBKIT_COOKIE_POLICY_ACCEPT_ALWAYS, WEBKIT_COOKIE_POLICY_ACCEPT_NEVER, and WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY. Internally, it is implemented by converting from WebKitCookieAcceptPolicy to WKHTTPCookieAcceptPolicy. The conversion for the always/never policies are obvious. WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY is converted to kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain. However, the behavior it implements actually matches kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain. So libsoup's kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain is actually equivalent to Cocoa's kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain, and libsoup ports have no equivalent to Cocoa's kWKHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain. This sort of unexpected platform-specific differences from seemingly cross-platform code is why we wind up with strange platform-specific bugs, so we should fix it.
Now, each of our three WebKitCookieAcceptPolicys corresponds to a SoupCookieJarAcceptPolicy: SOUP_COOKIE_JAR_ACCEPT_ALWAYS, SOUP_COOKIE_JAR_ACCEPT_NEVER, and SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY. I actually wrote a libsoup patch a year ago to change the behavior of SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY to match Cocoa's kWKHTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain, but never landed it. We should resurrect that, except we should do it as a new SoupCookieJarAcceptPolicy instead of modifying the behavior of the existing policy. Then we should expose a new, corresponding WebKitCookieAcceptPolicy, and change Epiphany to use it. And lastly, we should change toWebKitCookieAcceptPolicy and toHTTPCookieAcceptPolicy in WebKit/UIProcess/API/glib/WebKitCookieManager.cpp so that WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY corresponds to HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain instead of HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain, and have the new WebKitCookieAcceptPolicy correspond to HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain.
Finally, we should consider renaming HTTPCookieAcceptPolicyOnlyFromMainDocumentDomain or HTTPCookieAcceptPolicyExclusivelyFromMainDocumentDomain if possible. These are private APIs on all ports, but Mac system applications sometimes use private APIs, so only Apple can determine if it's possible to do a rename.
CC: Basuke and Christopher, since you might want to investigate what curl ports are doing here.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190115/571b6b32/attachment.html>
More information about the webkit-unassigned
mailing list