Title: [216258] trunk
- Revision
- 216258
- Author
- [email protected]
- Date
- 2017-05-05 12:21:37 -0700 (Fri, 05 May 2017)
Log Message
[Cocoa] Converting from WebCore::Cookie to NSHTTPCookie always marks cookies as secure
https://bugs.webkit.org/show_bug.cgi?id=171700
<rdar://problem/32017975>
Reviewed by Brady Eidson.
Source/WebCore:
The function that we use to convert from WebCore::Cookie to NSHTTPCookie was
misusing the NSHTTPCookieSecure property. If any value is provided for this key,
even @NO, CFNetwork interprets that to mean that the cookie has the "secure" flag.
Thus, in some cases we would store an "insecure" cookie on a site that uses the
http:// protocol, and be unable to later retrieve the cookie. This is known to
affect cookies set via WebCookieManager, WKHTTPCookieStore, and WebAutomationSession.
This is covered by existing test WebKit2.WKHTTPCookieStore.
The test had a bug that masked this problem.
* platform/network/cocoa/CookieCocoa.mm:
(WebCore::Cookie::operator NSHTTPCookie *):
Don't include the property if the cookie is not secure.
Tools:
Fix a mistake in the test that should have caught this bug.
* TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:
(TEST):
The assertions that were meant to check round-tripping were actually checking
the properties of the original cookie objects, not the round-tripped ones.
This test now fails without the bugfix and passes when it is applied.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (216257 => 216258)
--- trunk/Source/WebCore/ChangeLog 2017-05-05 19:20:32 UTC (rev 216257)
+++ trunk/Source/WebCore/ChangeLog 2017-05-05 19:21:37 UTC (rev 216258)
@@ -1,3 +1,25 @@
+2017-05-05 Brian Burg <[email protected]>
+
+ [Cocoa] Converting from WebCore::Cookie to NSHTTPCookie always marks cookies as secure
+ https://bugs.webkit.org/show_bug.cgi?id=171700
+ <rdar://problem/32017975>
+
+ Reviewed by Brady Eidson.
+
+ The function that we use to convert from WebCore::Cookie to NSHTTPCookie was
+ misusing the NSHTTPCookieSecure property. If any value is provided for this key,
+ even @NO, CFNetwork interprets that to mean that the cookie has the "secure" flag.
+ Thus, in some cases we would store an "insecure" cookie on a site that uses the
+ http:// protocol, and be unable to later retrieve the cookie. This is known to
+ affect cookies set via WebCookieManager, WKHTTPCookieStore, and WebAutomationSession.
+
+ This is covered by existing test WebKit2.WKHTTPCookieStore.
+ The test had a bug that masked this problem.
+
+ * platform/network/cocoa/CookieCocoa.mm:
+ (WebCore::Cookie::operator NSHTTPCookie *):
+ Don't include the property if the cookie is not secure.
+
2017-05-05 Wenson Hsieh <[email protected]>
Add SPI to WebItemProviderPasteboard to synchronously load data with a given timeout
Modified: trunk/Source/WebCore/platform/network/cocoa/CookieCocoa.mm (216257 => 216258)
--- trunk/Source/WebCore/platform/network/cocoa/CookieCocoa.mm 2017-05-05 19:20:32 UTC (rev 216257)
+++ trunk/Source/WebCore/platform/network/cocoa/CookieCocoa.mm 2017-05-05 19:21:37 UTC (rev 216258)
@@ -95,7 +95,9 @@
if (portString)
[properties setObject:portString forKey:NSHTTPCookiePort];
- [properties setObject:@(secure) forKey:NSHTTPCookieSecure];
+ if (secure)
+ [properties setObject:@YES forKey:NSHTTPCookieSecure];
+
[properties setObject:(session ? @"TRUE" : @"FALSE") forKey:NSHTTPCookieDiscard];
[properties setObject:@"1" forKey:NSHTTPCookieVersion];
Modified: trunk/Tools/ChangeLog (216257 => 216258)
--- trunk/Tools/ChangeLog 2017-05-05 19:20:32 UTC (rev 216257)
+++ trunk/Tools/ChangeLog 2017-05-05 19:21:37 UTC (rev 216258)
@@ -1,3 +1,19 @@
+2017-05-05 Brian Burg <[email protected]>
+
+ [Cocoa] Converting from WebCore::Cookie to NSHTTPCookie always marks cookies as secure
+ https://bugs.webkit.org/show_bug.cgi?id=171700
+ <rdar://problem/32017975>
+
+ Reviewed by Brady Eidson.
+
+ Fix a mistake in the test that should have caught this bug.
+
+ * TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:
+ (TEST):
+ The assertions that were meant to check round-tripping were actually checking
+ the properties of the original cookie objects, not the round-tripped ones.
+ This test now fails without the bugfix and passes when it is applied.
+
2017-05-05 Daniel Bates <[email protected]>
Use EXPECT_EQ() when comparing strings in TestWebKitAPI tests
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm (216257 => 216258)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm 2017-05-05 19:20:32 UTC (rev 216257)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm 2017-05-05 19:21:37 UTC (rev 216258)
@@ -123,15 +123,15 @@
ASSERT_TRUE([cookie1.get().path isEqualToString:cookie.path]);
ASSERT_TRUE([cookie1.get().value isEqualToString:cookie.value]);
ASSERT_TRUE([cookie1.get().domain isEqualToString:cookie.domain]);
- ASSERT_TRUE(cookie1.get().secure);
- ASSERT_TRUE(cookie1.get().sessionOnly);
+ ASSERT_TRUE(cookie.secure);
+ ASSERT_TRUE(cookie.sessionOnly);
} else {
ASSERT_TRUE([cookie2.get().path isEqualToString:cookie.path]);
ASSERT_TRUE([cookie2.get().value isEqualToString:cookie.value]);
ASSERT_TRUE([cookie2.get().name isEqualToString:cookie.name]);
ASSERT_TRUE([cookie2.get().domain isEqualToString:cookie.domain]);
- ASSERT_FALSE(cookie2.get().secure);
- ASSERT_FALSE(cookie2.get().sessionOnly);
+ ASSERT_FALSE(cookie.secure);
+ ASSERT_FALSE(cookie.sessionOnly);
}
}
[cookies release];
@@ -158,8 +158,8 @@
ASSERT_TRUE([cookie1.get().path isEqualToString:cookie.path]);
ASSERT_TRUE([cookie1.get().value isEqualToString:cookie.value]);
ASSERT_TRUE([cookie1.get().domain isEqualToString:cookie.domain]);
- ASSERT_TRUE(cookie1.get().secure);
- ASSERT_TRUE(cookie1.get().sessionOnly);
+ ASSERT_TRUE(cookie.secure);
+ ASSERT_TRUE(cookie.sessionOnly);
}
[cookies release];
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
