Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 29ed7a84dc8525afe42f8a94ebde345c565d067e
https://github.com/WebKit/WebKit/commit/29ed7a84dc8525afe42f8a94ebde345c565d067e
Author: Rupin Mittal <[email protected]>
Date: 2026-05-02 (Sat, 02 May 2026)
Changed paths:
M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h
M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.mm
M Source/WebKit/UIProcess/API/Cocoa/WKHTTPCookieStore.mm
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WKHTTPCookieStore.mm
Log Message:
-----------
Cannot delete partitioned cookies with WKHTTPCookieStore::deleteCookie
https://bugs.webkit.org/show_bug.cgi?id=313708
rdar://174557252
Reviewed by Matthew Finkel and Chris Dumez.
The test app in the radar loads a URL into a webview, uses
WKHTTPCookieStore::getAllCookies to retrieve the cookie that was set, and
then uses WKHTTPCookieStore::deleteCookie to delete the retrieved cookie.
This deletion fails.
This cookie is set via the Set-Cookie HTTP header (so it is set directly via
CFNetwork and not through a WebKit code path). It is a partitioned cookie.
When WKHTTPCookieStore::getAllCookies returns the cookies, it strips the
partition attribute by calling clearCookiePartitionPropertyIfNeeded(). Then,
when WKHTTPCookieStore::deleteCookie is called, CFNetwork finds that the stored
cookie doesn't match the passed in the cookie because the stored cookie has a
partition attribute. Since the two cookies don't match, CFNetwork does not
delete
the stored one.
The behavior of stripping the partition attribute when returning the cookie
was added in https://commits.webkit.org/300838@main. Before that patch, the
partition attribute was exposed. We found that this broke the Tableau app that
was retrieving these cookies from a webview, storing them, and then later using
them in an fetch requests via URLSession outside of this webview. These cookies
were being ignored (rightfully) by the networking layer since they had a
partitioned attribute that didn't line up with the requests. Since this was
a regression caused by adding support for partitioned cookies, that patch fixed
this by not exposing the partition attribute via the WKHTTPCookieStore API.
Unfortunately, it is the reason why deleting partitioned cookies fails today.
To fix this, we amend the API to once again expose the partition attribute.
To prevent this from breaking the Tableau app as it once did, we won't expose
the attribute for it until it links against future SDKs. In the future, it must
filter out these partitioned cookies should it wish to use them outside the
webview from which it got them.
This is covered by a new test:
Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WKHTTPCookieStore.mm
We also modify the existing test: PartitionedCookieShouldHavePartitionProperty.
It was passing faultily since partitioned cookies aren't used unless ITP is on
(See WebsiteDataStore::propagateSettingUpdates()). So we turn it on.
* Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h:
* Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.mm:
(WTF::IOSApplication::isTableau):
* Source/WebKit/UIProcess/API/Cocoa/WKHTTPCookieStore.mm:
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WKHTTPCookieStore.mm:
(TEST(WKHTTPCookieStore, PartitionedCookieShouldHavePartitionProperty)):
(TEST(WKHTTPCookieStore, DeletePartitionedCookie)):
(TEST(WKHTTPCookieStore, PartitionedCookieShouldNotHavePartitionProperty)):
Deleted.
Canonical link: https://commits.webkit.org/312478@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
