Diff
Modified: trunk/LayoutTests/ChangeLog (277533 => 277534)
--- trunk/LayoutTests/ChangeLog 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/ChangeLog 2021-05-15 05:26:41 UTC (rev 277534)
@@ -1,3 +1,33 @@
+2021-05-14 John Wilander <[email protected]>
+
+ _javascript_ can't access a SameSite=Strict cookie after page is loaded after a redirect from a third party site
+ https://bugs.webkit.org/show_bug.cgi?id=208049
+ <rdar://problem/59701889>
+
+ Reviewed by Chris Dumez.
+
+ The HTTP WG has decided that SameSite=strict cookies should be returned in document.cookie
+ even in cases where they are not sent in the HTTP request for the page. Chromium and Gecko
+ now work according to those rules and the spec is being updated.
+
+ See:
+ - https://github.com/httpwg/http-extensions/issues/769
+ - https://github.com/httpwg/http-extensions/pull/1428/files.
+
+ Tests changed and rebased accordingly.
+
+ * http/tests/cookies/same-site/fetch-after-top-level-cross-origin-redirect-expected.txt:
+ * http/tests/cookies/same-site/fetch-after-top-level-navigation-from-cross-origin-page-expected.txt:
+ * http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page-expected.txt:
+ * http/tests/cookies/same-site/popup-cross-site-post.html:
+ * http/tests/cookies/same-site/popup-cross-site.html:
+ * http/tests/cookies/same-site/popup-same-site-via-cross-site-redirect.html:
+ * http/tests/cookies/same-site/resources/fetch-after-top-level-cross-origin-redirect.py:
+ * http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-from-cross-origin-page.py:
+ * http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.py:
+ * http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt:
+ * http/tests/cookies/same-site/user-load-cross-site-redirect.py:
+
2021-05-14 Darin Adler <[email protected]>
output element doesn't react properly to node tree mutations
Modified: trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-cross-origin-redirect-expected.txt (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-cross-origin-redirect-expected.txt 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-cross-origin-redirect-expected.txt 2021-05-15 05:26:41 UTC (rev 277534)
@@ -10,7 +10,7 @@
PASS Has cookie "lax" with value 19.
Cookies visible in DOM:
-PASS Do not have DOM cookie "strict".
+PASS Has DOM cookie "strict" with value 19.
PASS Has DOM cookie "implicit-strict" with value 19.
PASS Has DOM cookie "strict-because-invalid-SameSite-value" with value 19.
PASS Has DOM cookie "lax" with value 19.
Modified: trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-navigation-from-cross-origin-page-expected.txt (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-navigation-from-cross-origin-page-expected.txt 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-navigation-from-cross-origin-page-expected.txt 2021-05-15 05:26:41 UTC (rev 277534)
@@ -10,7 +10,7 @@
PASS Has cookie "lax" with value 5.
Cookies visible in DOM:
-PASS Do not have DOM cookie "strict".
+PASS Has DOM cookie "strict" with value 5.
PASS Has DOM cookie "implicit-strict" with value 5.
PASS Has DOM cookie "strict-because-invalid-SameSite-value" with value 5.
PASS Has DOM cookie "lax" with value 5.
Modified: trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page-expected.txt (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page-expected.txt 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page-expected.txt 2021-05-15 05:26:41 UTC (rev 277534)
@@ -10,7 +10,7 @@
PASS Has cookie "lax" with value 4.
Cookies visible in DOM:
-PASS Do not have DOM cookie "strict".
+PASS Has DOM cookie "strict" with value 4.
PASS Has DOM cookie "implicit-strict" with value 4.
PASS Has DOM cookie "strict-because-invalid-SameSite-value" with value 4.
PASS Has DOM cookie "lax" with value 4.
Modified: trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html 2021-05-15 05:26:41 UTC (rev 277534)
@@ -20,7 +20,7 @@
assert_equals(e.data.http[STRICT_BECAUSE_INVALID_SAMESITE_VALUE], "1", "strict-because-invalid-SameSite-value");
assert_equals(e.data.http[LAX_DOM], undefined, "lax");
assert_equals(e.data.http[NORMAL_DOM], "1", "normal");
- assert_equals(normalizeCookie(e.data.document), normalizeCookie(IMPLICIT_STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1; " + STRICT_BECAUSE_INVALID_SAMESITE_VALUE + "=1"));
+ assert_equals(normalizeCookie(e.data.document), normalizeCookie(IMPLICIT_STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1; " + STRICT_BECAUSE_INVALID_SAMESITE_VALUE + "=1; " + STRICT_DOM + "=1"));
e.source.close();
}));
Modified: trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site.html (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site.html 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site.html 2021-05-15 05:26:41 UTC (rev 277534)
@@ -19,7 +19,7 @@
assert_equals(e.data.http[STRICT_BECAUSE_INVALID_SAMESITE_VALUE], "1", "strict-because-invalid-SameSite-value");
assert_equals(e.data.http[LAX_DOM], "1", "lax");
assert_equals(e.data.http[NORMAL_DOM], "1", "normal");
- assert_equals(normalizeCookie(e.data.document), normalizeCookie(IMPLICIT_STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1; " + STRICT_BECAUSE_INVALID_SAMESITE_VALUE + "=1"));
+ assert_equals(normalizeCookie(e.data.document), normalizeCookie(IMPLICIT_STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1; " + STRICT_BECAUSE_INVALID_SAMESITE_VALUE + "=1; " + STRICT_DOM + "=1"));
}));
}, "'127.0.0.1' is not same-site with 'localhost', so strict samesite cookies are not sent.");
}
Modified: trunk/LayoutTests/http/tests/cookies/same-site/popup-same-site-via-cross-site-redirect.html (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/popup-same-site-via-cross-site-redirect.html 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/popup-same-site-via-cross-site-redirect.html 2021-05-15 05:26:41 UTC (rev 277534)
@@ -17,7 +17,7 @@
assert_equals(e.data.http[STRICT_BECAUSE_INVALID_SAMESITE_VALUE], "1", "strict-because-invalid-SameSite-value");
assert_equals(e.data.http[LAX_DOM], "1", "lax");
assert_equals(e.data.http[NORMAL_DOM], "1", "normal");
- assert_equals(normalizeCookie(e.data.document), normalizeCookie(IMPLICIT_STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1; " + STRICT_BECAUSE_INVALID_SAMESITE_VALUE + "=1"));
+ assert_equals(normalizeCookie(e.data.document), normalizeCookie(IMPLICIT_STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1; " + STRICT_BECAUSE_INVALID_SAMESITE_VALUE + "=1; " + STRICT_DOM + "=1"));
}));
var i = window.open("http://localhost:8000/resources/redirect.py?url=""
Modified: trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-cross-origin-redirect.py (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-cross-origin-redirect.py 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-cross-origin-redirect.py 2021-05-15 05:26:41 UTC (rev 277534)
@@ -36,7 +36,7 @@
await shouldHaveCookieWithValue("lax", "19");
debug("<br>Cookies visible in DOM:");
- shouldNotHaveDOMCookie("strict");
+ shouldHaveDOMCookieWithValue("strict", "19");
shouldHaveDOMCookieWithValue("implicit-strict", "19");
shouldHaveDOMCookieWithValue("strict-because-invalid-SameSite-value", "19");
shouldHaveDOMCookieWithValue("lax", "19");
Modified: trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-from-cross-origin-page.py (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-from-cross-origin-page.py 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-from-cross-origin-page.py 2021-05-15 05:26:41 UTC (rev 277534)
@@ -36,7 +36,7 @@
await shouldHaveCookieWithValue("lax", "5");
debug("<br>Cookies visible in DOM:");
- shouldNotHaveDOMCookie("strict");
+ shouldHaveDOMCookieWithValue("strict", "5");
shouldHaveDOMCookieWithValue("implicit-strict", "5");
shouldHaveDOMCookieWithValue("strict-because-invalid-SameSite-value", "5");
shouldHaveDOMCookieWithValue("lax", "5");
Modified: trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.py (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.py 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/resources/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.py 2021-05-15 05:26:41 UTC (rev 277534)
@@ -36,7 +36,7 @@
await shouldHaveCookieWithValue("lax", "4");
debug("<br>Cookies visible in DOM:");
- shouldNotHaveDOMCookie("strict");
+ shouldHaveDOMCookieWithValue("strict", "4");
shouldHaveDOMCookieWithValue("implicit-strict", "4");
shouldHaveDOMCookieWithValue("strict-because-invalid-SameSite-value", "4");
shouldHaveDOMCookieWithValue("lax", "4");
Modified: trunk/LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt 2021-05-15 05:26:41 UTC (rev 277534)
@@ -8,7 +8,7 @@
PASS Has cookie "normal" with value 27.
Cookies visible in DOM:
-PASS Do not have DOM cookie "strict".
+PASS Has DOM cookie "strict" with value 27.
PASS Has DOM cookie "lax" with value 27.
PASS Has DOM cookie "normal" with value 27.
PASS successfullyParsed is true
Modified: trunk/LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect.py (277533 => 277534)
--- trunk/LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect.py 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect.py 2021-05-15 05:26:41 UTC (rev 277534)
@@ -51,7 +51,7 @@
await shouldHaveCookieWithValue("normal", "27");
debug("<br>Cookies visible in DOM:");
- shouldNotHaveDOMCookie("strict");
+ shouldHaveDOMCookieWithValue("strict", "27");
shouldHaveDOMCookieWithValue("lax", "27");
shouldHaveDOMCookieWithValue("normal", "27");
Modified: trunk/Source/WebCore/ChangeLog (277533 => 277534)
--- trunk/Source/WebCore/ChangeLog 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebCore/ChangeLog 2021-05-15 05:26:41 UTC (rev 277534)
@@ -1,3 +1,45 @@
+2021-05-14 John Wilander <[email protected]>
+
+ _javascript_ can't access a SameSite=Strict cookie after page is loaded after a redirect from a third party site
+ https://bugs.webkit.org/show_bug.cgi?id=208049
+ <rdar://problem/59701889>
+
+ Reviewed by Chris Dumez.
+
+ The HTTP WG has decided that SameSite=strict cookies should be returned in document.cookie
+ even in cases where they are not sent in the HTTP request for the page. Chromium and Gecko
+ now work according to those rules and the spec is being updated.
+
+ See:
+ - https://github.com/httpwg/http-extensions/issues/769
+ - https://github.com/httpwg/http-extensions/pull/1428/files.
+
+ Here's an excerpt from the spec change:
+ 'If a user agent does return cookies for a given call to a "non-HTTP" API with
+ an associated Document, then the user agent MUST compute the cookie-string
+ following the algorithm defined in {{retrieval-algorithm}}, indicating that the
+ retrieval is from a "non-HTTP" API. The retrieval-uri is the associated
+ Document's cookie URL {{COOKIE-URL}}, and the retrieval is same-site if the
+ Document's "site for cookies" is same-site with the top-level origin as defined
+ in {{document-requests}}.'
+
+ Existing layout tests changed and rebased.
+
+ * loader/CookieJar.cpp:
+ (WebCore::CookieJar::sameSiteInfo):
+ Now takes a IsCookieAccessForDOM parameter and forwards it to SameSiteInfo::create().
+ (WebCore::CookieJar::cookies const):
+ Now sends IsCookieAccessForDOM::Yes to CookieJar::sameSiteInfo().
+ (WebCore::CookieJar::setCookies):
+ Now sends IsCookieAccessForDOM::Yes to CookieJar::sameSiteInfo().
+ * loader/CookieJar.h:
+ * platform/network/SameSiteInfo.cpp:
+ (WebCore::SameSiteInfo::create):
+ Now takes a IsForDOMCookieAccess parameter and if it's IsForDOMCookieAccess::Yes and
+ the site is top site, sets isSameSite.
+ * platform/network/SameSiteInfo.h:
+ Now has an enum IsForDOMCookieAccess.
+
2021-05-14 Rob Buis <[email protected]>
Provide custom SetInlineFillGradient copy ctor
Modified: trunk/Source/WebCore/loader/CookieJar.cpp (277533 => 277534)
--- trunk/Source/WebCore/loader/CookieJar.cpp 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebCore/loader/CookieJar.cpp 2021-05-15 05:26:41 UTC (rev 277534)
@@ -36,7 +36,6 @@
#include "NetworkingContext.h"
#include "Page.h"
#include "PlatformStrategies.h"
-#include "SameSiteInfo.h"
#include "StorageSessionProvider.h"
#include <wtf/SystemTracing.h>
@@ -59,10 +58,10 @@
return (url.protocolIs("https") && !document.foundMixedContent().contains(SecurityContext::MixedContentType::Active)) ? IncludeSecureCookies::Yes : IncludeSecureCookies::No;
}
-SameSiteInfo CookieJar::sameSiteInfo(const Document& document)
+SameSiteInfo CookieJar::sameSiteInfo(const Document& document, IsForDOMCookieAccess isAccessForDOM)
{
if (auto* loader = document.loader())
- return SameSiteInfo::create(loader->request());
+ return SameSiteInfo::create(loader->request(), isAccessForDOM);
return { };
}
@@ -88,7 +87,7 @@
std::pair<String, bool> result;
if (auto* session = m_storageSessionProvider->storageSession())
- result = session->cookiesForDOM(document.firstPartyForCookies(), sameSiteInfo(document), url, frameID, pageID, includeSecureCookies, ShouldAskITP::Yes, shouldRelaxThirdPartyCookieBlocking(document));
+ result = session->cookiesForDOM(document.firstPartyForCookies(), sameSiteInfo(document, IsForDOMCookieAccess::Yes), url, frameID, pageID, includeSecureCookies, ShouldAskITP::Yes, shouldRelaxThirdPartyCookieBlocking(document));
else
ASSERT_NOT_REACHED();
@@ -122,7 +121,7 @@
}
if (auto* session = m_storageSessionProvider->storageSession())
- session->setCookiesFromDOM(document.firstPartyForCookies(), sameSiteInfo(document), url, frameID, pageID, ShouldAskITP::Yes, cookieString, shouldRelaxThirdPartyCookieBlocking(document));
+ session->setCookiesFromDOM(document.firstPartyForCookies(), sameSiteInfo(document, IsForDOMCookieAccess::Yes), url, frameID, pageID, ShouldAskITP::Yes, cookieString, shouldRelaxThirdPartyCookieBlocking(document));
else
ASSERT_NOT_REACHED();
}
Modified: trunk/Source/WebCore/loader/CookieJar.h (277533 => 277534)
--- trunk/Source/WebCore/loader/CookieJar.h 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebCore/loader/CookieJar.h 2021-05-15 05:26:41 UTC (rev 277534)
@@ -27,6 +27,7 @@
#include "FrameIdentifier.h"
#include "PageIdentifier.h"
+#include "SameSiteInfo.h"
#include <wtf/Forward.h>
#include <wtf/text/WTFString.h>
@@ -67,7 +68,7 @@
virtual ~CookieJar();
protected:
- static SameSiteInfo sameSiteInfo(const Document&);
+ static SameSiteInfo sameSiteInfo(const Document&, IsForDOMCookieAccess = IsForDOMCookieAccess::No);
static IncludeSecureCookies shouldIncludeSecureCookies(const Document&, const URL&);
CookieJar(Ref<StorageSessionProvider>&&);
Modified: trunk/Source/WebCore/platform/network/SameSiteInfo.cpp (277533 => 277534)
--- trunk/Source/WebCore/platform/network/SameSiteInfo.cpp 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebCore/platform/network/SameSiteInfo.cpp 2021-05-15 05:26:41 UTC (rev 277534)
@@ -31,9 +31,13 @@
namespace WebCore {
-SameSiteInfo SameSiteInfo::create(const ResourceRequest& request)
+SameSiteInfo SameSiteInfo::create(const ResourceRequest& request, IsForDOMCookieAccess isForDOMAccess)
{
- return { request.isSameSite(), request.isTopSite(), isSafeMethod(request.httpMethod()) };
+ // SameSite=strict cookies should be returned in document.cookie.
+ // See https://github.com/httpwg/http-extensions/issues/769
+ // and https://github.com/httpwg/http-extensions/pull/1428/files.
+ auto isSameSite = request.isSameSite() || (isForDOMAccess == IsForDOMCookieAccess::Yes && request.isTopSite());
+ return { isSameSite, request.isTopSite(), isSafeMethod(request.httpMethod()) };
}
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/network/SameSiteInfo.h (277533 => 277534)
--- trunk/Source/WebCore/platform/network/SameSiteInfo.h 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebCore/platform/network/SameSiteInfo.h 2021-05-15 05:26:41 UTC (rev 277534)
@@ -29,8 +29,10 @@
class ResourceRequest;
+enum class IsForDOMCookieAccess : bool { No, Yes };
+
struct SameSiteInfo {
- WEBCORE_EXPORT static SameSiteInfo create(const ResourceRequest&);
+ WEBCORE_EXPORT static SameSiteInfo create(const ResourceRequest&, IsForDOMCookieAccess = IsForDOMCookieAccess::No);
bool isSameSite { false };
bool isTopSite { false };
Modified: trunk/Source/WebKit/ChangeLog (277533 => 277534)
--- trunk/Source/WebKit/ChangeLog 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebKit/ChangeLog 2021-05-15 05:26:41 UTC (rev 277534)
@@ -1,3 +1,36 @@
+2021-05-14 John Wilander <[email protected]>
+
+ _javascript_ can't access a SameSite=Strict cookie after page is loaded after a redirect from a third party site
+ https://bugs.webkit.org/show_bug.cgi?id=208049
+ <rdar://problem/59701889>
+
+ Reviewed by Chris Dumez.
+
+ The HTTP WG has decided that SameSite=strict cookies should be returned in document.cookie
+ even in cases where they are not sent in the HTTP request for the page. Chromium and Gecko
+ now work according to those rules and the spec is being updated.
+
+ See:
+ - https://github.com/httpwg/http-extensions/issues/769
+ - https://github.com/httpwg/http-extensions/pull/1428/files.
+
+ Here's an excerpt from the spec change:
+ 'If a user agent does return cookies for a given call to a "non-HTTP" API with
+ an associated Document, then the user agent MUST compute the cookie-string
+ following the algorithm defined in {{retrieval-algorithm}}, indicating that the
+ retrieval is from a "non-HTTP" API. The retrieval-uri is the associated
+ Document's cookie URL {{COOKIE-URL}}, and the retrieval is same-site if the
+ Document's "site for cookies" is same-site with the top-level origin as defined
+ in {{document-requests}}.'
+
+ Existing layout tests changed and rebased.
+
+ * WebProcess/WebPage/WebCookieJar.cpp:
+ (WebKit::WebCookieJar::cookies const):
+ Now sends WebCore::IsCookieAccessForDOM::Yes to WebCore::CookieJar::sameSiteInfo().
+ (WebKit::WebCookieJar::setCookies):
+ Now sends WebCore::IsCookieAccessForDOM::Yes to WebCore::CookieJar::sameSiteInfo().
+
2021-05-14 Tim Horton <[email protected]>
REGRESSION (r269824): Random tile corruption when scrolling/zooming in macCatalyst
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp (277533 => 277534)
--- trunk/Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp 2021-05-15 05:02:06 UTC (rev 277533)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp 2021-05-15 05:26:41 UTC (rev 277534)
@@ -135,7 +135,7 @@
return { };
#endif
- auto sameSiteInfo = CookieJar::sameSiteInfo(document);
+ auto sameSiteInfo = CookieJar::sameSiteInfo(document, IsForDOMCookieAccess::Yes);
auto includeSecureCookies = CookieJar::shouldIncludeSecureCookies(document, url);
auto frameID = webFrame->frameID();
auto pageID = webFrame->page()->identifier();
@@ -163,7 +163,7 @@
return;
#endif
- auto sameSiteInfo = CookieJar::sameSiteInfo(document);
+ auto sameSiteInfo = CookieJar::sameSiteInfo(document, IsForDOMCookieAccess::Yes);
auto frameID = webFrame->frameID();
auto pageID = webFrame->page()->identifier();
