<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:achristensen@apple.com" title="Alex Christensen <achristensen@apple.com>"> <span class="fn">Alex Christensen</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - [Content Extensions] Content blocking rules are not consulted for pings"
href="https://bugs.webkit.org/show_bug.cgi?id=149873">bug 149873</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Attachment #263155 Flags</td>
<td>review?
</td>
<td>review+, commit-queue-
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [Content Extensions] Content blocking rules are not consulted for pings"
href="https://bugs.webkit.org/show_bug.cgi?id=149873#c28">Comment # 28</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [Content Extensions] Content blocking rules are not consulted for pings"
href="https://bugs.webkit.org/show_bug.cgi?id=149873">bug 149873</a>
from <span class="vcard"><a class="email" href="mailto:achristensen@apple.com" title="Alex Christensen <achristensen@apple.com>"> <span class="fn">Alex Christensen</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=263155&action=diff" name="attach_263155" title="Patch using Option (b)">attachment 263155</a> <a href="attachment.cgi?id=263155&action=edit" title="Patch using Option (b)">[details]</a></span>
Patch using Option (b)
View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=263155&action=review">https://bugs.webkit.org/attachment.cgi?id=263155&action=review</a>
r=me
I don't think we should change the null checks in this patch. That's a separate bug
<span class="quote">> Source/WebCore/loader/PingLoader.cpp:143
> - request.setAllowCookies(frame.document()->securityOrigin()->isSameSchemeHostPort(SecurityOrigin::create(reportURL).ptr()));
> + if (Document* document = frame.document()) {
> + if (SecurityOrigin* securityOrigin = document->securityOrigin()) {
> + if (!securityOrigin->isSameSchemeHostPort(SecurityOrigin::create(reportURL).ptr()))
> + request.setAllowCookies(false);
> + }
> + }</span >
I like that this adds null checks, but not that this would fail to remove cookies if one of the null checks fails. I think if the null checks fail, then we should setAllowCookies(false) to avoid sending cookies to somewhere we're not supposed to, which could be a privacy problem.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>