Modified: trunk/LayoutTests/ChangeLog (221225 => 221226)
--- trunk/LayoutTests/ChangeLog 2017-08-26 08:40:49 UTC (rev 221225)
+++ trunk/LayoutTests/ChangeLog 2017-08-26 16:49:59 UTC (rev 221226)
@@ -1,3 +1,14 @@
+2017-08-26 Michael Catanzaro <[email protected]>
+
+ [SOUP] Update cookie jar implementation to filter out secure cookies
+ https://bugs.webkit.org/show_bug.cgi?id=175850
+
+ Reviewed by Brent Fulgham.
+
+ Unskip newly-passing tests.
+
+ * platform/gtk/TestExpectations:
+
2017-08-25 Chris Dumez <[email protected]>
Land stubs for File and Directory Entries API interfaces
Modified: trunk/LayoutTests/platform/gtk/TestExpectations (221225 => 221226)
--- trunk/LayoutTests/platform/gtk/TestExpectations 2017-08-26 08:40:49 UTC (rev 221225)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2017-08-26 16:49:59 UTC (rev 221226)
@@ -3369,10 +3369,6 @@
webkit.org/b/175931 fast/canvas/webgl/no-info-log-for-simple-shaders.html [ Failure ]
-webkit.org/b/175932 http/tests/media/hls/video-cookie.html [ Failure ]
-webkit.org/b/175932 http/tests/security/mixedContent/insecure-image-with-securecookie-block.html [ Failure ]
-webkit.org/b/175932 http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html [ Failure ]
-
#////////////////////////////////////////////////////////////////////////////////////////
# End of non-crashing, non-flaky tests failing
#////////////////////////////////////////////////////////////////////////////////////////
Modified: trunk/Source/WebCore/ChangeLog (221225 => 221226)
--- trunk/Source/WebCore/ChangeLog 2017-08-26 08:40:49 UTC (rev 221225)
+++ trunk/Source/WebCore/ChangeLog 2017-08-26 16:49:59 UTC (rev 221226)
@@ -1,3 +1,18 @@
+2017-08-26 Michael Catanzaro <[email protected]>
+
+ [SOUP] Update cookie jar implementation to filter out secure cookies
+ https://bugs.webkit.org/show_bug.cgi?id=175850
+
+ Reviewed by Brent Fulgham.
+
+ Filter out secure cookies when indicated.
+
+ * platform/network/soup/CookieJarSoup.cpp:
+ (WebCore::cookiesForSession):
+ (WebCore::cookiesForDOM):
+ (WebCore::cookieRequestHeaderFieldValue):
+ (WebCore::getRawCookies):
+
2017-08-26 Xabier Rodriguez Calvar <[email protected]>
[EME][GStreamer] Connect CDM to GStreamer
Modified: trunk/Source/WebCore/platform/network/soup/CookieJarSoup.cpp (221225 => 221226)
--- trunk/Source/WebCore/platform/network/soup/CookieJarSoup.cpp 2017-08-26 08:40:49 UTC (rev 221225)
+++ trunk/Source/WebCore/platform/network/soup/CookieJarSoup.cpp 2017-08-26 16:49:59 UTC (rev 221226)
@@ -23,6 +23,7 @@
#if USE(SOUP)
#include "Cookie.h"
+#include "CookiesStrategy.h"
#include "GUniquePtrSoup.h"
#include "NetworkStorageSession.h"
#include "NetworkingContext.h"
@@ -81,22 +82,46 @@
soup_cookies_free(existingCookies);
}
-static String cookiesForSession(const NetworkStorageSession& session, const URL& url, bool forHTTPHeader)
+static std::pair<String, bool> cookiesForSession(const NetworkStorageSession& session, const URL& url, bool forHTTPHeader, IncludeSecureCookies includeSecureCookies)
{
GUniquePtr<SoupURI> uri = url.createSoupURI();
- GUniquePtr<char> cookies(soup_cookie_jar_get_cookies(session.cookieStorage(), uri.get(), forHTTPHeader));
- return String::fromUTF8(cookies.get());
+ GSList* cookies = soup_cookie_jar_get_cookie_list(session.cookieStorage(), uri.get(), forHTTPHeader);
+ GSList* item = cookies;
+ bool didAccessSecureCookies = false;
+
+ // libsoup should omit secure cookies itself if the protocol is not https.
+ if (url.protocolIs("https")) {
+ while (item) {
+ auto cookie = static_cast<SoupCookie*>(item->data);
+ if (soup_cookie_get_secure(cookie)) {
+ didAccessSecureCookies = true;
+ if (includeSecureCookies == IncludeSecureCookies::No) {
+ GSList* next = item->next;
+ soup_cookie_free(static_cast<SoupCookie*>(item->data));
+ cookies = g_slist_remove_link(cookies, item);
+ item = next;
+ continue;
+ }
+ }
+ item = item->next;
+ }
+ }
+
+ GUniquePtr<char> cookieHeader(soup_cookies_to_cookie_header(cookies));
+ soup_cookies_free(cookies);
+
+ return { String::fromUTF8(cookieHeader.get()), didAccessSecureCookies };
}
-std::pair<String, bool> cookiesForDOM(const NetworkStorageSession& session, const URL&, const URL& url, IncludeSecureCookies)
+std::pair<String, bool> cookiesForDOM(const NetworkStorageSession& session, const URL&, const URL& url, IncludeSecureCookies includeSecureCookies)
{
- // FIXME(175850): SOUP concept of secure cookies should be filtered here.
- return { cookiesForSession(session, url, false), false };
+ return cookiesForSession(session, url, false, includeSecureCookies);
}
String cookieRequestHeaderFieldValue(const NetworkStorageSession& session, const URL& /*firstParty*/, const URL& url)
{
- return cookiesForSession(session, url, true);
+ // Secure cookies will still only be included if url's protocol is https.
+ return cookiesForSession(session, url, true, IncludeSecureCookies::Yes).first;
}
bool cookiesEnabled(const NetworkStorageSession& session, const URL& /*firstParty*/, const URL& /*url*/)
