On Wed, 24 Nov 2021 23:05:05 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
> As indicated in the bug report, WebView needs to call to
> `CookieManager::getDefault` within a `doPrivileged` block so that it will
> work when a security manager is enabled. There are two calls in
> `com.sun.webkit.network.CookieJar` that are not wrapped in a `doPrivileged`.
>
> I added a manual test (since it requires loading a page over http/https which
> we can't do in our automated tests) based on the test program that was
> attached to JBS.
Test works fine. Minor comments only.
modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java line 47:
> 45: @SuppressWarnings("removal")
> 46: CookieHandler handler =
> 47:
> AccessController.doPrivileged((PrivilegedAction<CookieHandler>) () ->
> CookieHandler.getDefault());
Not sure if there is a policy for this, but you could replace the lambda with
the method reference?
modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java line 71:
> 69: @SuppressWarnings("removal")
> 70: CookieHandler handler =
> 71:
> AccessController.doPrivileged((PrivilegedAction<CookieHandler>) () ->
> CookieHandler.getDefault());
Same here
-------------
Marked as reviewed by jpereda (Committer).
PR: https://git.openjdk.java.net/jfx/pull/681
