- Revision
- 225383
- Author
- [email protected]
- Date
- 2017-11-30 21:32:11 -0800 (Thu, 30 Nov 2017)
Log Message
REGRESSION (r224791): cookies are shared between ephemeral sessions in the same process pool
https://bugs.webkit.org/show_bug.cgi?id=180235
Reviewed by Joseph Pecoraro.
Source/WebKit:
In r224791 I assumed that uiProcessCookieStorageIdentifier would be empty in the ephemeral session initialization message.
This is not the case. We did not catch this because almost all of our ephemeral session testing uses the legacyPrivateSessionID.
I add checks for if the SessionID is ephemeral like we already have in WebFrameNetworkingContext::ensureWebsiteDataStoreSession.
I also add an API test that makes sure cookies are not shared between ephemeral sessions the way they are made through the API.
* NetworkProcess/mac/RemoteNetworkingContext.mm:
(WebKit::RemoteNetworkingContext::ensureWebsiteDataStoreSession):
Tools:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm: Added.
(-[CookiePrivateBrowsingDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
(TEST):
Modified Paths
Added Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (225382 => 225383)
--- trunk/Source/WebKit/ChangeLog 2017-12-01 05:30:14 UTC (rev 225382)
+++ trunk/Source/WebKit/ChangeLog 2017-12-01 05:32:11 UTC (rev 225383)
@@ -1,3 +1,18 @@
+2017-11-30 Alex Christensen <[email protected]>
+
+ REGRESSION (r224791): cookies are shared between ephemeral sessions in the same process pool
+ https://bugs.webkit.org/show_bug.cgi?id=180235
+
+ Reviewed by Joseph Pecoraro.
+
+ In r224791 I assumed that uiProcessCookieStorageIdentifier would be empty in the ephemeral session initialization message.
+ This is not the case. We did not catch this because almost all of our ephemeral session testing uses the legacyPrivateSessionID.
+ I add checks for if the SessionID is ephemeral like we already have in WebFrameNetworkingContext::ensureWebsiteDataStoreSession.
+ I also add an API test that makes sure cookies are not shared between ephemeral sessions the way they are made through the API.
+
+ * NetworkProcess/mac/RemoteNetworkingContext.mm:
+ (WebKit::RemoteNetworkingContext::ensureWebsiteDataStoreSession):
+
2017-11-30 Stephan Szabo <[email protected]>
Make LegacyCustomProtocolManager optional for network process
Modified: trunk/Source/WebKit/NetworkProcess/mac/RemoteNetworkingContext.mm (225382 => 225383)
--- trunk/Source/WebKit/NetworkProcess/mac/RemoteNetworkingContext.mm 2017-12-01 05:30:14 UTC (rev 225382)
+++ trunk/Source/WebKit/NetworkProcess/mac/RemoteNetworkingContext.mm 2017-12-01 05:32:11 UTC (rev 225383)
@@ -97,7 +97,7 @@
SandboxExtension::consumePermanently(parameters.cookieStoragePathExtensionHandle);
RetainPtr<CFHTTPCookieStorageRef> uiProcessCookieStorage;
- if (!parameters.uiProcessCookieStorageIdentifier.isEmpty())
+ if (!sessionID.isEphemeral() && !parameters.uiProcessCookieStorageIdentifier.isEmpty())
uiProcessCookieStorage = cookieStorageFromIdentifyingData(parameters.uiProcessCookieStorageIdentifier);
NetworkStorageSession::ensureSession(sessionID, base + '.' + String::number(sessionID.sessionID()), WTFMove(uiProcessCookieStorage));
@@ -106,7 +106,7 @@
for (const auto& cookie : parameters.pendingCookies)
session->setCookie(cookie);
- if (!parameters.cacheStorageDirectory.isNull()) {
+ if (!sessionID.isEphemeral() && !parameters.cacheStorageDirectory.isNull()) {
SandboxExtension::consumePermanently(parameters.cacheStorageDirectoryExtensionHandle);
session->setCacheStorageDirectory(WTFMove(parameters.cacheStorageDirectory));
session->setCacheStoragePerOriginQuota(parameters.cacheStoragePerOriginQuota);
Modified: trunk/Tools/ChangeLog (225382 => 225383)
--- trunk/Tools/ChangeLog 2017-12-01 05:30:14 UTC (rev 225382)
+++ trunk/Tools/ChangeLog 2017-12-01 05:32:11 UTC (rev 225383)
@@ -1,3 +1,15 @@
+2017-11-30 Alex Christensen <[email protected]>
+
+ REGRESSION (r224791): cookies are shared between ephemeral sessions in the same process pool
+ https://bugs.webkit.org/show_bug.cgi?id=180235
+
+ Reviewed by Joseph Pecoraro.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm: Added.
+ (-[CookiePrivateBrowsingDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
+ (TEST):
+
2017-11-30 Stephan Szabo <[email protected]>
Make LegacyCustomProtocolManager optional for network process
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (225382 => 225383)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-12-01 05:30:14 UTC (rev 225382)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-12-01 05:32:11 UTC (rev 225383)
@@ -230,6 +230,7 @@
5C0BF8931DD599BD00B00328 /* IsNavigationActionTrusted.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */; };
5C0BF8941DD599C900B00328 /* MenuTypesForMouseEvents.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A99D9931AD4A29D00373141 /* MenuTypesForMouseEvents.mm */; };
5C0BF8951DD599CD00B00328 /* NavigatorLanguage.mm in Sources */ = {isa = PBXBuildFile; fileRef = E19DB9781B32137C00DB38D4 /* NavigatorLanguage.mm */; };
+ 5C19A5241FD0F60100EEA323 /* CookiePrivateBrowsing.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C19A5231FD0F32600EEA323 /* CookiePrivateBrowsing.mm */; };
5C2936931D5BF70D00DEAB1E /* CookieAcceptPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */; };
5C2936961D5C00ED00DEAB1E /* CookieMessage.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5C2936941D5BFD1900DEAB1E /* CookieMessage.html */; };
5C4A84951F7EEFFC00ACFC54 /* Configuration.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C4A84941F7EEFD400ACFC54 /* Configuration.mm */; };
@@ -1367,6 +1368,7 @@
57F56A5B1C7F8A4000F31D7E /* IsNavigationActionTrusted.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = IsNavigationActionTrusted.html; sourceTree = "<group>"; };
5C0BF88C1DD5957400B00328 /* MemoryPressureHandler.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryPressureHandler.mm; sourceTree = "<group>"; };
5C0BF88F1DD5999B00B00328 /* WebViewCanPasteZeroPng.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewCanPasteZeroPng.mm; sourceTree = "<group>"; };
+ 5C19A5231FD0F32600EEA323 /* CookiePrivateBrowsing.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CookiePrivateBrowsing.mm; sourceTree = "<group>"; };
5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CookieAcceptPolicy.mm; sourceTree = "<group>"; };
5C2936941D5BFD1900DEAB1E /* CookieMessage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = CookieMessage.html; sourceTree = "<group>"; };
5C4A84941F7EEFD400ACFC54 /* Configuration.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Configuration.mm; sourceTree = "<group>"; };
@@ -2014,6 +2016,7 @@
A14FC5891B89927100D107EB /* ContentFilteringPlugIn.mm */,
5CA1DED81F74A87100E71BD3 /* ContentRuleListNotification.mm */,
5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */,
+ 5C19A5231FD0F32600EEA323 /* CookiePrivateBrowsing.mm */,
9B1056411F9045C700D5583F /* CopyHTML.mm */,
9999108A1F393C8B008AD455 /* Copying.mm */,
9B7A37C21F8AEBA5004AA228 /* CopyURL.mm */,
@@ -3269,6 +3272,7 @@
CD0BD0A61F79924D001AB2CF /* ContextMenuImgWithVideo.mm in Sources */,
5C2936931D5BF70D00DEAB1E /* CookieAcceptPolicy.mm in Sources */,
51D1249B1E785425002B2820 /* CookieManager.cpp in Sources */,
+ 5C19A5241FD0F60100EEA323 /* CookiePrivateBrowsing.mm in Sources */,
9B1F6F781F90558400B55744 /* CopyHTML.mm in Sources */,
9999108B1F393C96008AD455 /* Copying.mm in Sources */,
9B7A37C41F8AEBA5004AA228 /* CopyURL.mm in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm (0 => 225383)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm 2017-12-01 05:32:11 UTC (rev 225383)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#import "PlatformUtilities.h"
+#import <WebKit/WKProcessPool.h>
+#import <WebKit/WKProcessPoolPrivate.h>
+#import <WebKit/WKWebView.h>
+#import <WebKit/WKWebViewConfiguration.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+static bool receivedAlert;
+
+@interface CookiePrivateBrowsingDelegate : NSObject <WKUIDelegate>
+@end
+
+@implementation CookiePrivateBrowsingDelegate
+
+- (void)webView:(WKWebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(void))completionHandler
+{
+ EXPECT_STREQ(message.UTF8String, "old cookie: <>");
+ receivedAlert = true;
+ completionHandler();
+}
+
+@end
+
+TEST(WebKit, CookiePrivateBrowsing)
+{
+ auto delegate = adoptNS([[CookiePrivateBrowsingDelegate alloc] init]);
+
+ auto configuration1 = adoptNS([[WKWebViewConfiguration alloc] init]);
+ auto configuration2 = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [configuration2 setProcessPool:[configuration1 processPool]];
+ [configuration1 setWebsiteDataStore:[WKWebsiteDataStore nonPersistentDataStore]];
+ [configuration2 setWebsiteDataStore:[WKWebsiteDataStore nonPersistentDataStore]];
+ auto view1 = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration1.get()]);
+ auto view2 = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration2.get()]);
+ [view1 setUIDelegate:delegate.get()];
+ [view2 setUIDelegate:delegate.get()];
+ NSString *alertOldCookie = @"<script>var oldCookie = document.cookie; document.cookie = 'key=value'; alert('old cookie: <' + oldCookie + '>');</script>";
+ [view1 loadHTMLString:alertOldCookie baseURL:[NSURL URLWithString:@"http://example.com/"]];
+ TestWebKitAPI::Util::run(&receivedAlert);
+ receivedAlert = false;
+ [view2 loadHTMLString:alertOldCookie baseURL:[NSURL URLWithString:@"http://example.com/"]];
+ TestWebKitAPI::Util::run(&receivedAlert);
+}
+
+#endif
