[Webkit-unassigned] [Bug 210184] [GTK][WPE] Enable resource load statistics
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 15 09:37:01 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210184
--- Comment #12 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Carlos Garcia Campos from comment #11)
> But when is an isolated session used? why is there a limit? I need to
> understand the expected behavior to see how to implement it in libsoup. For
> example, in libsoup we can ensure a new connection is always used for a
> particular request without having to use a different session, the same way
> we can disable cookies or other features.
GLib doesn't have any way to prevent session resumption, so it would be impossible to do in libsoup alone without changes in GLib. I could add GLib API for you if desired. Would be easy to do, and would allow removing a hack we use to disable session resumption when running tests. (Currently calling g_test_init() will disable session resumption, because there's no API tests can use to do that, so this behavior has to be tested manually.)
> How does itp afect the cookies acept policy? is it just ignored? what policy
> should we use in libsoup when itp is enabled?
John can correct me if I get something wrong, but ITP's behavior changes over time and will likely change again in the future. Currently, ITP blocks all third-party cookies for all domains, unless websites use the storage access API. So it overrides WEBKIT_COOKIE_POLICY_ACCEPT_ALWAYS. And it sort of overrides WEBKIT_COOKIE_POLICY_ACCEPT_NO_THIRD_PARTY, in that websites can use the storage access API to request to store third-party cookies. libsoup must not break the storage access API by blocking third-party cookies at the libsoup level, so I think WebKit should always use SOUP_COOKIE_JAR_ACCEPT_ALWAYS, and manually reject third-party cookies at the WebKit level, except when permitted by storage access API. I guess if the application selects WEBKIT_COOKIE_POLICY_ACCEPT_NEVER, then that can take precedence and we can use SOUP_COOKIE_JAR_ACCEPT_NEVER, but otherwise ITP policy should be used.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200415/9291f760/attachment.htm>
More information about the webkit-unassigned
mailing list