Title: [127470] trunk/Source/WebCore
- Revision
- 127470
- Author
- [email protected]
- Date
- 2012-09-04 08:47:25 -0700 (Tue, 04 Sep 2012)
Log Message
[BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection
https://bugs.webkit.org/show_bug.cgi?id=95747
PR199729
Patch by Otto Derek Cheung <[email protected]> on 2012-09-04
Reviewed by Rob Buis.
Internally Reviewed by Joe Mason.
If the browser has never saved a secure protocol cookie in its mapping before,
and it tries to set and retreive a secure cookie over a non-secure
protocol, it will not show up because the link between the secure and
non-secure mapping isn't created until a cookie (sent through secure) is set.
The fix is to also check for the linkage in getRawCookies. Note that we cannot
map the secure CookieMap to the non-secure one because getRawCookies is a const
function.
Manually tested using our Browser Test suite.
* platform/blackberry/CookieManager.cpp:
(WebCore::CookieManager::getRawCookies):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (127469 => 127470)
--- trunk/Source/WebCore/ChangeLog 2012-09-04 15:45:38 UTC (rev 127469)
+++ trunk/Source/WebCore/ChangeLog 2012-09-04 15:47:25 UTC (rev 127470)
@@ -1,3 +1,27 @@
+2012-09-04 Otto Derek Cheung <[email protected]>
+
+ [BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection
+ https://bugs.webkit.org/show_bug.cgi?id=95747
+
+ PR199729
+
+ Reviewed by Rob Buis.
+ Internally Reviewed by Joe Mason.
+
+ If the browser has never saved a secure protocol cookie in its mapping before,
+ and it tries to set and retreive a secure cookie over a non-secure
+ protocol, it will not show up because the link between the secure and
+ non-secure mapping isn't created until a cookie (sent through secure) is set.
+
+ The fix is to also check for the linkage in getRawCookies. Note that we cannot
+ map the secure CookieMap to the non-secure one because getRawCookies is a const
+ function.
+
+ Manually tested using our Browser Test suite.
+
+ * platform/blackberry/CookieManager.cpp:
+ (WebCore::CookieManager::getRawCookies):
+
2012-09-04 Philippe Normand <[email protected]>
[GStreamer] 0.11 build breaks due to rename of gst_message_new_duration
Modified: trunk/Source/WebCore/platform/blackberry/CookieManager.cpp (127469 => 127470)
--- trunk/Source/WebCore/platform/blackberry/CookieManager.cpp 2012-09-04 15:45:38 UTC (rev 127469)
+++ trunk/Source/WebCore/platform/blackberry/CookieManager.cpp 2012-09-04 15:47:25 UTC (rev 127470)
@@ -207,10 +207,22 @@
Vector<ParsedCookie*> cookieCandidates;
Vector<CookieMap*> protocolsToSearch;
+ // Special Case: If a server sets a "secure" cookie over a non-secure channel and tries to access the cookie
+ // over a secure channel, it will not succeed because the secure protocol isn't mapped to the insecure protocol yet.
+ // Set the map to the non-secure version, so it'll search the mapping for a secure cookie.
+ CookieMap* targetMap = m_managerMap.get(requestURL.protocol());
+ if (!targetMap && isConnectionSecure) {
+ CookieLog("CookieManager - special case: secure protocol are not linked yet.");
+ if (requestURL.protocolIs("https"))
+ targetMap = m_managerMap.get("http");
+ else if (requestURL.protocolIs("wss"))
+ targetMap = m_managerMap.get("ws");
+ }
+
if (specialCaseForLocal)
copyValuesToVector(m_managerMap, protocolsToSearch);
else {
- protocolsToSearch.append(m_managerMap.get(requestURL.protocol()));
+ protocolsToSearch.append(targetMap);
// FIXME: this is a hack for webworks apps; RFC 6265 says "Cookies do not provide isolation by scheme"
// so we should not be checking protocols at all. See PR 135595
if (m_shouldDumpAllCookies) {
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
