[webkit-changes] [230301] branches/safari-605-branch

Thu, 05 Apr 2018 10:05:34 -0700

Title: [230301] branches/safari-605-branch

Diff

Modified: branches/safari-605-branch/LayoutTests/ChangeLog (230300 => 230301)


--- branches/safari-605-branch/LayoutTests/ChangeLog	2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/LayoutTests/ChangeLog	2018-04-05 17:05:08 UTC (rev 230301)
@@ -1,3 +1,19 @@
+2018-04-05  Jason Marcell  <jmarc...@apple.com>
+
+        Apply patch. rdar://problem/39191858
+
+    fix-httponly-cookie
+
+    2018-04-04  Youenn Fablet  <you...@apple.com>
+
+            iOS 11.4 Beta WKWebView does not send cookies with HttpOnly flag set, for cache manifest request and its resources
+            <rdar://problem/39144159>
+
+            Reviewed by Brady Eidson.
+
+            * http/tests/appcache/document-cookie-http-only-expected.txt: Added.
+            * http/tests/appcache/document-cookie-http-only.php: Added.
+
 2018-04-03  Jason Marcell  <jmarc...@apple.com>
 
         Cherry-pick r230172. rdar://problem/39155049

Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only-expected.txt (0 => 230301)


--- branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only-expected.txt	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only-expected.txt	2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1: ApplicationCache is deprecated. Please use ServiceWorkers instead.
+This tests that HttpOnly cookies set on the main document are used when accessing resources in the manifest.
+This also tests that cookies used by appcache resource loading are scoped properly.
+PASSED: Cookie should not be visible from _javascript_.
+PASSED: Script Cookie is set to 'script'

Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only.php (0 => 230301)


--- branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only.php	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only.php	2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,34 @@
+<?php
+setcookie("scope", "manifest", 0, "/appcache/resources/scope1", null, null, true);
+setcookie("scope", "script", 0, "/appcache/resources/scope2", null, null, true);
+?>
+<html manifest="resources/scope1/cookie-protected-manifest.php">
+
+<div>This tests that HttpOnly cookies set on the main document are used when accessing resources in the manifest.</div>
+<div>This also tests that cookies used by appcache resource loading are scoped properly.</div>
+<div id="log">Not checked cookie yet</div>
+<div id="result">Not run yet</div>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText()
+    testRunner.waitUntilDone();
+}
+
+var cookieTest = document.cookie === "" ? "PASSED" : "FAILED";
+log.innerHTML = cookieTest + ": Cookie should not be visible from _javascript_.";
+
+function dynamicScriptLoad() {
+    var script = document.createElement("script");
+    script.type = "text/_javascript_";
+    script.src = ""
+    document.getElementsByTagName("head")[0].appendChild(script);
+}
+
+function cached()
+{
+    setTimeout("dynamicScriptLoad();", 0);
+}
+
+applicationCache.addEventListener('cached', cached, false);
+</script>
+</html>

Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/manifest-protected-script.php (0 => 230301)


--- branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/manifest-protected-script.php	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/manifest-protected-script.php	2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,12 @@
+<?php
+
+if (isset($_COOKIE['foo']) and $_COOKIE['foo'] == 'manifest') {
+    header('Content-Type: text/html; ' . $_COOKIE['foo']);
+    print("CACHE MANIFEST\n");
+    print("simple.txt\n");
+    return;
+}
+header('HTTP/1.0 404 Not Found');
+header('Content-Type: text/html; ' . count($_COOKIE));
+
+?>

Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope1/cookie-protected-manifest.php (0 => 230301)


--- branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope1/cookie-protected-manifest.php	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope1/cookie-protected-manifest.php	2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,13 @@
+<?php
+
+if (isset($_COOKIE['scope']) and $_COOKIE['scope'] == 'manifest') {
+    header('Content-Type: text/html; ' . $_COOKIE['scope']);
+    print("CACHE MANIFEST\n");
+    print("/appcache/resources/simple.txt\n");
+    print("/appcache/resources/scope2/cookie-protected-script.php\n");
+    return;
+}
+header('HTTP/1.0 404 Not Found');
+header('Content-Type: text/html; ' . count($_COOKIE));
+
+?>

Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope2/cookie-protected-script.php (0 => 230301)


--- branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope2/cookie-protected-script.php	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope2/cookie-protected-script.php	2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,18 @@
+<?php
+header("Content-type:application/_javascript_");
+
+if (isset($_COOKIE["scope"])) {
+    echo "var cookieVal = '" . $_COOKIE["scope"] . "';";
+} else {
+    echo "var cookieVal = '<null>';";
+}
+
+?>
+
+if (cookieVal === "script")
+    document.getElementById("result").innerHTML = "PASSED: Script Cookie is set to 'script'";
+else
+    document.getElementById("result").innerHTML = "FAILED: Script Cookie should be 'script', is set to '" + cookieVal + "'";
+
+if (window.testRunner)
+    testRunner.notifyDone();

Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (230300 => 230301)


--- branches/safari-605-branch/Source/WebCore/ChangeLog	2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog	2018-04-05 17:05:08 UTC (rev 230301)
@@ -1,3 +1,27 @@
+2018-04-05  Jason Marcell  <jmarc...@apple.com>
+
+        Apply patch. rdar://problem/39191858
+
+    fix-httponly-cookie
+
+    2018-04-04  Youenn Fablet  <you...@apple.com>
+
+            iOS 11.4 Beta WKWebView does not send cookies with HttpOnly flag set, for cache manifest request and its resources
+            <rdar://problem/39144159>
+
+            Reviewed by Brady Eidson.
+
+            Test: http/tests/appcache/document-cookie-http-only.php
+            Before that patch, we were using cookie as visible by the DOM document for loading manifest and other cached resources.
+            We now are back to the exact same behavior as preElk/Emet by fully respecting cookies for appcache:
+            - HttpOnly headers are used for appcache loading
+            - Cookie is retrieved for each appcache loading so that cookie scopes are respected.
+
+            * loader/appcache/ApplicationCacheGroup.cpp:
+            (WebCore::ApplicationCacheGroup::update):
+            (WebCore::ApplicationCacheGroup::createResourceHandle):
+            * loader/appcache/ApplicationCacheGroup.h:
+
 2018-04-04  Ryan Haddad  <ryanhad...@apple.com>
 
         Cherry-pick r230016. rdar://problem/38154623

Modified: branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp (230300 => 230301)


--- branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp	2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp	2018-04-05 17:05:08 UTC (rev 230301)
@@ -32,6 +32,7 @@
 #include "ApplicationCacheStorage.h"
 #include "Chrome.h"
 #include "ChromeClient.h"
+#include "CookieJar.h"
 #include "DOMApplicationCache.h"
 #include "DocumentLoader.h"
 #include "EventNames.h"
@@ -442,12 +443,6 @@
     ASSERT(!m_currentResource);
     ASSERT(m_completionType == None);
 
-    if (auto* document = m_frame->document()) {
-        auto documentCookie = document->cookie();
-         if (!documentCookie.hasException())
-             m_cookieStringFromDocument = documentCookie.releaseReturnValue();
-    }
-
     // FIXME: Handle defer loading
     m_manifestHandle = createResourceHandle(m_manifestURL, m_newestCache ? m_newestCache->manifestResource() : 0);
 }
@@ -471,8 +466,11 @@
     m_frame->loader().applyUserAgentIfNeeded(request);
     request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
 
-    if (!m_cookieStringFromDocument.isEmpty())
-        request.setHTTPHeaderField(HTTPHeaderName::Cookie, m_cookieStringFromDocument);
+    if (auto* document = m_frame->document()) {
+        auto cookie = cookieRequestHeaderFieldValue(*document, url);
+        if (!cookie.isEmpty())
+            request.setHTTPHeaderField(HTTPHeaderName::Cookie, cookie);
+    }
 
     if (newestCachedResource) {
         const String& lastModified = newestCachedResource->response().httpHeaderField(HTTPHeaderName::LastModified);

Modified: branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.h (230300 => 230301)


--- branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.h	2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.h	2018-04-05 17:05:08 UTC (rev 230301)
@@ -201,7 +201,6 @@
     bool m_originQuotaExceededPreviously { false };
 
     friend class ChromeClientCallbackTimer;
-    String m_cookieStringFromDocument;
 };
 
 } // namespace WebCore

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to