171700 2017-05-04 16:48:23 -0700 [Cocoa] Converting from WebCore::Cookie to NSHTTPCookie always marks cookies as secure 2017-05-05 12:21:43 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bburg bburg bburg beidson webkit-bug-importer oldest_to_newest 1304895 0 bburg 2017-05-04 16:48:23 -0700 Per <https://developer.apple.com/reference/foundation/nshttpcookiesecure>, Passing NSHTTPCookieSecure with any value–including @NO–to +[NSHTTPCookie cookieWithProperties:] will create a cookie with the "Secure" flag. The code currently boxes a BOOL into an NSBoolean unconditionally, causing all cookies to have the secure flag. This only seems to practically affect cookies created via WebCookieManager[Proxy]. 1304909 1 bburg 2017-05-04 17:34:00 -0700 (In reply to Brian Burg from comment #0) > > This only seems to practically affect cookies created via > WebCookieManager[Proxy]. This affects the new WKHTTPCookieStore API as well, but a bug in the API test masked the round tripping failure. I'll post a patch fixing both. 1304911 2 bburg 2017-05-04 17:34:31 -0700 <rdar://problem/29829930> 1305000 3 309143 bburg 2017-05-04 21:40:21 -0700 Created attachment 309143 Patch 1305002 4 309143 beidson 2017-05-04 22:07:53 -0700 Comment on attachment 309143 Patch Yay! Looks like you missed the 3rd round of comparisons in the cookie API test, though. R+ with fixing that. 1305013 5 ap 2017-05-04 22:37:11 -0700 Nice catch! 1305162 6 bburg 2017-05-05 10:04:28 -0700 <rdar://problem/32017975> 1305182 7 bburg 2017-05-05 10:48:10 -0700 (In reply to Brady Eidson from comment #4) > Comment on attachment 309143 [details] > Patch > > Yay! > > Looks like you missed the 3rd round of comparisons in the cookie API test, > though. > > R+ with fixing that. Will do, thanks. 1305253 8 bburg 2017-05-05 12:21:43 -0700 Committed r216258: <http://trac.webkit.org/changeset/216258> 309143 2017-05-04 21:40:21 -0700 2017-05-04 22:07:53 -0700 Patch bug-171700-20170504214021.patch text/plain 4739 bburg U3VidmVyc2lvbiBSZXZpc2lvbjogMjE2MjMyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggN2I2ZjU2Yjk5Y2Y4OTg2 NjRmMjY5YzYwN2U3N2RiYzZmMTIyOWI4Yi4uMDc2NDY0YWE1Y2QzYjlkZjA2Yzc3YzI2MTg0ODVm NzE1MTdmODAzOCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI1IEBACisyMDE3LTA1LTA0ICBCcmlh biBCdXJnICA8YmJ1cmdAYXBwbGUuY29tPgorCisgICAgICAgIFtDb2NvYV0gQ29udmVydGluZyBm cm9tIFdlYkNvcmU6OkNvb2tpZSB0byBOU0hUVFBDb29raWUgYWx3YXlzIG1hcmtzIGNvb2tpZXMg YXMgc2VjdXJlCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0xNzE3MDAKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzI5ODI5OTMwPgorCisgICAgICAgIFJl dmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSBmdW5jdGlvbiB0aGF0IHdl IHVzZSB0byBjb252ZXJ0IGZyb20gV2ViQ29yZTo6Q29va2llIHRvIE5TSFRUUENvb2tpZSB3YXMK KyAgICAgICAgbWlzdXNpbmcgdGhlIE5TSFRUUENvb2tpZVNlY3VyZSBwcm9wZXJ0eS4gSWYgYW55 IHZhbHVlIGlzIHByb3ZpZGVkIGZvciB0aGlzIGtleSwKKyAgICAgICAgZXZlbiBATk8sIENGTmV0 d29yayBpbnRlcnByZXRzIHRoYXQgdG8gbWVhbiB0aGF0IHRoZSBjb29raWUgaGFzIHRoZSAic2Vj dXJlIiBmbGFnLgorICAgICAgICBUaHVzLCBpbiBzb21lIGNhc2VzIHdlIHdvdWxkIHN0b3JlIGFu ICJpbnNlY3VyZSIgY29va2llIG9uIGEgc2l0ZSB0aGF0IHVzZXMgdGhlCisgICAgICAgIGh0dHA6 Ly8gcHJvdG9jb2wsIGFuZCBiZSB1bmFibGUgdG8gbGF0ZXIgcmV0cmlldmUgdGhlIGNvb2tpZS4g VGhpcyBpcyBrbm93biB0bworICAgICAgICBhZmZlY3QgY29va2llcyBzZXQgdmlhIFdlYkNvb2tp ZU1hbmFnZXIsIFdLSFRUUENvb2tpZVN0b3JlLCBhbmQgV2ViQXV0b21hdGlvblNlc3Npb24uCisK KyAgICAgICAgVGhpcyBpcyBjb3ZlcmVkIGJ5IGV4aXN0aW5nIHRlc3QgV2ViS2l0Mi5XS0hUVFBD b29raWVTdG9yZS4KKyAgICAgICAgVGhlIHRlc3QgaGFkIGEgYnVnIHRoYXQgbWFza2VkIHRoaXMg cHJvYmxlbS4KKworICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvY29jb2EvQ29va2llQ29jb2Eu bW06CisgICAgICAgIChXZWJDb3JlOjpDb29raWU6Om9wZXJhdG9yIE5TSFRUUENvb2tpZSAqKToK KyAgICAgICAgRG9uJ3QgaW5jbHVkZSB0aGUgcHJvcGVydHkgaWYgdGhlIGNvb2tpZSBpcyBub3Qg c2VjdXJlLgorCiAyMDE3LTA1LTA0ICBEYW5pZWwgQmF0ZXMgIDxkYWJhdGVzQGFwcGxlLmNvbT4K IAogICAgICAgICBGaXggbWlzc3BlbGxlZCB3b3JkICJpbnRlcnJ1cHQiIGFzIHBvaW50ZWQgb3V0 IGJ5IERhcmluIEFkbGVyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3 b3JrL2NvY29hL0Nvb2tpZUNvY29hLm1tIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29y ay9jb2NvYS9Db29raWVDb2NvYS5tbQppbmRleCA5YmEwNjA4MDE0MGYwZTBjM2EzNDNkOTY0N2U5 OTM2NjM2Nzc2NDBkLi44NDgwZGE0ZjE0MTM5OTA0ZTFlMzYwYWY5M2U4Yzk5ODAzZmM4NjhmIDEw MDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL2NvY29hL0Nvb2tpZUNv Y29hLm1tCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvY29jb2EvQ29va2ll Q29jb2EubW0KQEAgLTk1LDcgKzk1LDkgQEAgQ29va2llOjpvcGVyYXRvciBOU0hUVFBDb29raWUg KigpIGNvbnN0CiAgICAgaWYgKHBvcnRTdHJpbmcpCiAgICAgICAgIFtwcm9wZXJ0aWVzIHNldE9i amVjdDpwb3J0U3RyaW5nIGZvcktleTpOU0hUVFBDb29raWVQb3J0XTsKIAotICAgIFtwcm9wZXJ0 aWVzIHNldE9iamVjdDpAKHNlY3VyZSkgZm9yS2V5Ok5TSFRUUENvb2tpZVNlY3VyZV07CisgICAg aWYgKHNlY3VyZSkKKyAgICAgICAgW3Byb3BlcnRpZXMgc2V0T2JqZWN0OkBZRVMgZm9yS2V5Ok5T SFRUUENvb2tpZVNlY3VyZV07CisKICAgICBbcHJvcGVydGllcyBzZXRPYmplY3Q6KHNlc3Npb24g PyBAIlRSVUUiIDogQCJGQUxTRSIpIGZvcktleTpOU0hUVFBDb29raWVEaXNjYXJkXTsKICAgICBb cHJvcGVydGllcyBzZXRPYmplY3Q6QCIxIiBmb3JLZXk6TlNIVFRQQ29va2llVmVyc2lvbl07CiAK ZGlmZiAtLWdpdCBhL1Rvb2xzL0NoYW5nZUxvZyBiL1Rvb2xzL0NoYW5nZUxvZwppbmRleCBkZTAy ZTdlZGEwM2U1MGVmOTAwNDVlYmQyYTk0YzZjYWU1MzczMjM5Li40N2Y4MWEyMWRlNmVkYWM0MzZi MTNlYWE3Y2M4ZDExYzA0OGY1MDU1IDEwMDY0NAotLS0gYS9Ub29scy9DaGFuZ2VMb2cKKysrIGIv VG9vbHMvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMjEgQEAKIDIwMTctMDUtMDQgIEJyaWFuIEJ1cmcg IDxiYnVyZ0BhcHBsZS5jb20+CiAKKyAgICAgICAgW0NvY29hXSBDb252ZXJ0aW5nIGZyb20gV2Vi Q29yZTo6Q29va2llIHRvIE5TSFRUUENvb2tpZSBhbHdheXMgbWFya3MgY29va2llcyBhcyBzZWN1 cmUKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE3MTcw MAorICAgICAgICA8cmRhcjovL3Byb2JsZW0vMjk4Mjk5MzA+CisKKyAgICAgICAgUmV2aWV3ZWQg YnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgRml4IGEgbWlzdGFrZSBpbiB0aGUgdGVzdCB0 aGF0IHNob3VsZCBoYXZlIGNhdWdodCB0aGlzIGJ1Zy4KKworICAgICAgICAqIFRlc3RXZWJLaXRB UEkvVGVzdHMvV2ViS2l0MkNvY29hL1dLSFRUUENvb2tpZVN0b3JlLm1tOgorICAgICAgICAoVEVT VCk6CisgICAgICAgIFRoZSBhc3NlcnRpb25zIHRoYXQgd2VyZSBtZWFudCB0byBjaGVjayByb3Vu ZC10cmlwcGluZyB3ZXJlIGFjdHVhbGx5IGNoZWNraW5nCisgICAgICAgIHRoZSBwcm9wZXJ0aWVz IG9mIHRoZSBvcmlnaW5hbCBjb29raWUgb2JqZWN0cywgbm90IHRoZSByb3VuZC10cmlwcGVkIG9u ZXMuCisgICAgICAgIFRoaXMgdGVzdCBub3cgZmFpbHMgd2l0aG91dCB0aGUgYnVnZml4IGFuZCBw YXNzZXMgd2hlbiBpdCBpcyBhcHBsaWVkLgorCisyMDE3LTA1LTA0ICBCcmlhbiBCdXJnICA8YmJ1 cmdAYXBwbGUuY29tPgorCiAgICAgICAgIGxsZGJfd2Via2l0LnB5IHNob3VsZCBwcm92aWRlIGEg dHlwZSBzdW1tYXJ5IGZvciBXZWJDb3JlOjpVUkwKICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTE3MTY3MAogCmRpZmYgLS1naXQgYS9Ub29scy9UZXN0V2Vi S2l0QVBJL1Rlc3RzL1dlYktpdDJDb2NvYS9XS0hUVFBDb29raWVTdG9yZS5tbSBiL1Rvb2xzL1Rl c3RXZWJLaXRBUEkvVGVzdHMvV2ViS2l0MkNvY29hL1dLSFRUUENvb2tpZVN0b3JlLm1tCmluZGV4 IGRkNTBlZTA2NzA4ZDQ5YzkyMTIwODNlNTgxYTY0ZWMzNWJiYjhlMTkuLjhkM2JhODM5ZWIwYTc1 ZGExZWM0ZjJiNDFiMWMxOTRiMTllNTE3YmEgMTAwNjQ0Ci0tLSBhL1Rvb2xzL1Rlc3RXZWJLaXRB UEkvVGVzdHMvV2ViS2l0MkNvY29hL1dLSFRUUENvb2tpZVN0b3JlLm1tCisrKyBiL1Rvb2xzL1Rl c3RXZWJLaXRBUEkvVGVzdHMvV2ViS2l0MkNvY29hL1dLSFRUUENvb2tpZVN0b3JlLm1tCkBAIC0x MjMsMTUgKzEyMywxNSBAQCBURVNUKFdlYktpdDIsIFdLSFRUUENvb2tpZVN0b3JlKQogICAgICAg ICAgICAgQVNTRVJUX1RSVUUoW2Nvb2tpZTEuZ2V0KCkucGF0aCBpc0VxdWFsVG9TdHJpbmc6Y29v a2llLnBhdGhdKTsKICAgICAgICAgICAgIEFTU0VSVF9UUlVFKFtjb29raWUxLmdldCgpLnZhbHVl IGlzRXF1YWxUb1N0cmluZzpjb29raWUudmFsdWVdKTsKICAgICAgICAgICAgIEFTU0VSVF9UUlVF KFtjb29raWUxLmdldCgpLmRvbWFpbiBpc0VxdWFsVG9TdHJpbmc6Y29va2llLmRvbWFpbl0pOwot ICAgICAgICAgICAgQVNTRVJUX1RSVUUoY29va2llMS5nZXQoKS5zZWN1cmUpOwotICAgICAgICAg ICAgQVNTRVJUX1RSVUUoY29va2llMS5nZXQoKS5zZXNzaW9uT25seSk7CisgICAgICAgICAgICBB U1NFUlRfVFJVRShjb29raWUuc2VjdXJlKTsKKyAgICAgICAgICAgIEFTU0VSVF9UUlVFKGNvb2tp ZS5zZXNzaW9uT25seSk7CiAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICBBU1NFUlRfVFJV RShbY29va2llMi5nZXQoKS5wYXRoIGlzRXF1YWxUb1N0cmluZzpjb29raWUucGF0aF0pOwogICAg ICAgICAgICAgQVNTRVJUX1RSVUUoW2Nvb2tpZTIuZ2V0KCkudmFsdWUgaXNFcXVhbFRvU3RyaW5n OmNvb2tpZS52YWx1ZV0pOwogICAgICAgICAgICAgQVNTRVJUX1RSVUUoW2Nvb2tpZTIuZ2V0KCku bmFtZSBpc0VxdWFsVG9TdHJpbmc6Y29va2llLm5hbWVdKTsKICAgICAgICAgICAgIEFTU0VSVF9U UlVFKFtjb29raWUyLmdldCgpLmRvbWFpbiBpc0VxdWFsVG9TdHJpbmc6Y29va2llLmRvbWFpbl0p OwotICAgICAgICAgICAgQVNTRVJUX0ZBTFNFKGNvb2tpZTIuZ2V0KCkuc2VjdXJlKTsKLSAgICAg ICAgICAgIEFTU0VSVF9GQUxTRShjb29raWUyLmdldCgpLnNlc3Npb25Pbmx5KTsKKyAgICAgICAg ICAgIEFTU0VSVF9GQUxTRShjb29raWUuc2VjdXJlKTsKKyAgICAgICAgICAgIEFTU0VSVF9GQUxT RShjb29raWUuc2Vzc2lvbk9ubHkpOwogICAgICAgICB9CiAgICAgfQogICAgIFtjb29raWVzIHJl bGVhc2VdOwo=