[Webkit-unassigned] [Bug 211092] New: shouldBlockCookies() in WebCookieJar.cpp allows third-party cookie access

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 27 14:41:19 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=211092

            Bug ID: 211092
           Summary: shouldBlockCookies() in WebCookieJar.cpp allows
                    third-party cookie access
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: drousso at apple.com

The early return if the given `WebFrame` is the main frame means that if a third-party resource is loaded into the main frame, and cookies are queried for that third-party's resource in the main frame, we will allow cookie access even though it's a third-party resource simply because it was loaded into the main frame.  This is incorrect, as we should always verify that the domain of the url being used to query for cookies matches the first-party domain before granting access.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200427/4aecc576/attachment.htm>

More information about the webkit-unassigned mailing list