[Webkit-unassigned] [Bug 149551] [SOUP] Slack.com is not working, new messages do not load due to WebSocket authentication failure issue
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 25 08:50:28 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=149551
--- Comment #29 from Michael Catanzaro <mcatanzaro at gnome.org> ---
I suspect cookie_is_valid_for_same_site_policy() in soup-cookie-jar.c, it does this:
return soup_host_matches_host (soup_uri_get_host (cookie_uri ? cookie_uri : top_level), soup_uri_get_host (uri));
with no calls to soup_tld_get_base_domain(). That looks wrong. In contrast, incoming_cookie_is_third_party() uses soup_tld_get_base_domain() before comparing domains.
That could return too many cookies, but the purpose of that function is only to check Same-Site policy, and there is other logic in get_cookies() to ensure Domain matches, so I think it should be safe to change.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200925/7495fd1a/attachment.htm>
More information about the webkit-unassigned
mailing list