Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6aa96bce5d11350a8e088781eede139a860d8bb6
      
https://github.com/WebKit/WebKit/commit/6aa96bce5d11350a8e088781eede139a860d8bb6
  Author: Rupin Mittal <[email protected]>
  Date:   2026-06-30 (Tue, 30 Jun 2026)

  Changed paths:
    M LayoutTests/ipc/coreipc.js
    A LayoutTests/ipc/loadping-firstpartyforcookies-message-check-expected.txt
    A LayoutTests/ipc/loadping-firstpartyforcookies-message-check.html
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

  Log Message:
  -----------
  Missing allowsFirstPartyForCookies check in loadPing() IPC may lead to 
cross-origin cookie access
https://bugs.webkit.org/show_bug.cgi?id=313496
rdar://174708224

Reviewed by Charlie Wolfe and Sihui Liu.

A web process could send an IPC message containing a cross-site origin and
loadPing() would then send the request to the cross-site origin which would
respond with its cookies.

To prevent this, add a MESSAGE_CHECK in loadPing() which will check if the
web process has first party cookie access to the origin in the request and
terminate the web process if not.

New layout test confirms that we hit the message check:
loadping-firstpartyforcookies-message-check.html

* LayoutTests/ipc/coreipc.js:
(export.ArgumentSerializer):
* LayoutTests/ipc/loadping-firstpartyforcookies-message-check-expected.txt: 
Added.
* LayoutTests/ipc/loadping-firstpartyforcookies-message-check.html: Added.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::loadPing):

Originally-landed-as: 305413.799@safari-7624-branch (fd5906672902). 
rdar://180435156
Canonical link: https://commits.webkit.org/316167@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to