175850 2017-08-22 13:48:58 -0700 [SOUP] Update cookie jar implementation to filter out secure cookies 2017-08-26 09:50:34 -0700 1 1 1 Unclassified WebKit Platform Other PC Linux RESOLVED FIXED InRadar P2 Normal --- 175846 175932 1 mcatanzaro mcatanzaro berto bfulgham bugs-noreply buildbot cgarcia danw gustavo mcatanzaro webkit-bug-importer oldest_to_newest 1341234 0 mcatanzaro 2017-08-22 13:48:58 -0700 Filter secure cookies in cookiesForDOM in CookieJarSoup.cpp. See bug #157053 and bug #175846. 1342619 1 319130 mcatanzaro 2017-08-25 20:22:42 -0700 Created attachment 319130 Patch 1342625 2 319130 mcatanzaro 2017-08-25 20:51:40 -0700 Comment on attachment 319130 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=319130&action=review > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92 > + while (item) { I guess I should probably only enter this loop if url.protocolIs("https"), since it doesn't do anything otherwise. (libsoup should not return secure cookies except in that case.) 1342654 3 319130 bfulgham 2017-08-26 09:29:23 -0700 Comment on attachment 319130 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=319130&action=review >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92 >> + while (item) { > > I guess I should probably only enter this loop if url.protocolIs("https"), since it doesn't do anything otherwise. (libsoup should not return secure cookies except in that case.) Makes sense. > LayoutTests/platform/gtk/TestExpectations:-3375 > - Yay! 1342655 4 mcatanzaro 2017-08-26 09:50:03 -0700 Committed r221226: <http://trac.webkit.org/changeset/221226> 1342656 5 webkit-bug-importer 2017-08-26 09:50:34 -0700 <rdar://problem/34097762> 319130 2017-08-25 20:22:42 -0700 2017-08-26 09:29:23 -0700 Patch bug-175850-20170825222241.patch text/plain 5630 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMjIxMjAzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggODdhNzdiZjA2ZmU2MGZj MWRmMDI0ZDE1NzFjNmFiZDIxMDk0NjA0OS4uZThkNzU3ZTA3NWNjOWM0ZjQ4NWQxYWNiNTFjZGYx MTNiNTQ1MzkxNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE3LTA4LTI1ICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KKworICAgICAgICBbU09VUF0g VXBkYXRlIGNvb2tpZSBqYXIgaW1wbGVtZW50YXRpb24gdG8gZmlsdGVyIG91dCBzZWN1cmUgY29v a2llcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTc1 ODUwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgRmls dGVyIG91dCBzZWN1cmUgY29va2llcyB3aGVuIGluZGljYXRlZC4KKworICAgICAgICAqIHBsYXRm b3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3VwLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OmNv b2tpZXNGb3JTZXNzaW9uKToKKyAgICAgICAgKFdlYkNvcmU6OmNvb2tpZXNGb3JET00pOgorICAg ICAgICAoV2ViQ29yZTo6Y29va2llUmVxdWVzdEhlYWRlckZpZWxkVmFsdWUpOgorICAgICAgICAo V2ViQ29yZTo6Z2V0UmF3Q29va2llcyk6CisKIDIwMTctMDgtMjUgIEJyZW50IEZ1bGdoYW0gIDxi ZnVsZ2hhbUBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lPTihyMjIxMDE3KTogUXVpcCBz dHVjayBpbiBhIHBlcnBldHVhbCBsb2FkaW5nIGxvb3AKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3VwLmNwcCBiL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3VwLmNwcAppbmRleCBiMWE0ZDI5 MTFkODM2OWE5ZWZlZDQ0MGEzOTk0MThmMzk4NTEwMzkwLi40NGNiMWIzODI1ZGMyOWEwZGQzZjA1 MGE0YzZmMTUyYjNmODE4ODZmIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9u ZXR3b3JrL3NvdXAvQ29va2llSmFyU291cC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vbmV0d29yay9zb3VwL0Nvb2tpZUphclNvdXAuY3BwCkBAIC0yMyw2ICsyMyw3IEBACiAjaWYg VVNFKFNPVVApCiAKICNpbmNsdWRlICJDb29raWUuaCIKKyNpbmNsdWRlICJDb29raWVzU3RyYXRl Z3kuaCIKICNpbmNsdWRlICJHVW5pcXVlUHRyU291cC5oIgogI2luY2x1ZGUgIk5ldHdvcmtTdG9y YWdlU2Vzc2lvbi5oIgogI2luY2x1ZGUgIk5ldHdvcmtpbmdDb250ZXh0LmgiCkBAIC04MSwyMiAr ODIsNDQgQEAgdm9pZCBzZXRDb29raWVzRnJvbURPTShjb25zdCBOZXR3b3JrU3RvcmFnZVNlc3Np b24mIHNlc3Npb24sIGNvbnN0IFVSTCYgZmlyc3RQYXIKICAgICBzb3VwX2Nvb2tpZXNfZnJlZShl eGlzdGluZ0Nvb2tpZXMpOwogfQogCi1zdGF0aWMgU3RyaW5nIGNvb2tpZXNGb3JTZXNzaW9uKGNv bnN0IE5ldHdvcmtTdG9yYWdlU2Vzc2lvbiYgc2Vzc2lvbiwgY29uc3QgVVJMJiB1cmwsIGJvb2wg Zm9ySFRUUEhlYWRlcikKK3N0YXRpYyBzdGQ6OnBhaXI8U3RyaW5nLCBib29sPiBjb29raWVzRm9y U2Vzc2lvbihjb25zdCBOZXR3b3JrU3RvcmFnZVNlc3Npb24mIHNlc3Npb24sIGNvbnN0IFVSTCYg dXJsLCBib29sIGZvckhUVFBIZWFkZXIsIEluY2x1ZGVTZWN1cmVDb29raWVzIGluY2x1ZGVTZWN1 cmVDb29raWVzKQogewogICAgIEdVbmlxdWVQdHI8U291cFVSST4gdXJpID0gdXJsLmNyZWF0ZVNv dXBVUkkoKTsKLSAgICBHVW5pcXVlUHRyPGNoYXI+IGNvb2tpZXMoc291cF9jb29raWVfamFyX2dl dF9jb29raWVzKHNlc3Npb24uY29va2llU3RvcmFnZSgpLCB1cmkuZ2V0KCksIGZvckhUVFBIZWFk ZXIpKTsKLSAgICByZXR1cm4gU3RyaW5nOjpmcm9tVVRGOChjb29raWVzLmdldCgpKTsKKyAgICBH U0xpc3QqIGNvb2tpZXMgPSBzb3VwX2Nvb2tpZV9qYXJfZ2V0X2Nvb2tpZV9saXN0KHNlc3Npb24u Y29va2llU3RvcmFnZSgpLCB1cmkuZ2V0KCksIGZvckhUVFBIZWFkZXIpOworICAgIEdTTGlzdCog aXRlbSA9IGNvb2tpZXM7CisgICAgYm9vbCBkaWRBY2Nlc3NTZWN1cmVDb29raWVzID0gZmFsc2U7 CisKKyAgICB3aGlsZSAoaXRlbSkgeworICAgICAgICBhdXRvIGNvb2tpZSA9IHN0YXRpY19jYXN0 PFNvdXBDb29raWUqPihpdGVtLT5kYXRhKTsKKyAgICAgICAgaWYgKHNvdXBfY29va2llX2dldF9z ZWN1cmUoY29va2llKSkgeworICAgICAgICAgICAgLy8gbGlic291cCBzaG91bGQgb21pdCBzZWN1 cmUgY29va2llcyBpZiB0aGUgcHJvdG9jb2wgaXMgbm90IGh0dHBzLgorICAgICAgICAgICAgQVNT RVJUKHVybC5wcm90b2NvbElzKCJodHRwcyIpKTsKKyAgICAgICAgICAgIGRpZEFjY2Vzc1NlY3Vy ZUNvb2tpZXMgPSB0cnVlOworICAgICAgICAgICAgaWYgKGluY2x1ZGVTZWN1cmVDb29raWVzID09 IEluY2x1ZGVTZWN1cmVDb29raWVzOjpObykgeworICAgICAgICAgICAgICAgIEdTTGlzdCogbmV4 dCA9IGl0ZW0tPm5leHQ7CisgICAgICAgICAgICAgICAgc291cF9jb29raWVfZnJlZShzdGF0aWNf Y2FzdDxTb3VwQ29va2llKj4oaXRlbS0+ZGF0YSkpOworICAgICAgICAgICAgICAgIGNvb2tpZXMg PSBnX3NsaXN0X3JlbW92ZV9saW5rKGNvb2tpZXMsIGl0ZW0pOworICAgICAgICAgICAgICAgIGl0 ZW0gPSBuZXh0OworICAgICAgICAgICAgICAgIGNvbnRpbnVlOworICAgICAgICAgICAgfQorICAg ICAgICB9CisgICAgICAgIGl0ZW0gPSBpdGVtLT5uZXh0OworICAgIH0KKworICAgIEdVbmlxdWVQ dHI8Y2hhcj4gY29va2llSGVhZGVyKHNvdXBfY29va2llc190b19jb29raWVfaGVhZGVyKGNvb2tp ZXMpKTsKKyAgICBzb3VwX2Nvb2tpZXNfZnJlZShjb29raWVzKTsKKworICAgIHJldHVybiB7IFN0 cmluZzo6ZnJvbVVURjgoY29va2llSGVhZGVyLmdldCgpKSwgZGlkQWNjZXNzU2VjdXJlQ29va2ll cyB9OwogfQogCi1zdGQ6OnBhaXI8U3RyaW5nLCBib29sPiBjb29raWVzRm9yRE9NKGNvbnN0IE5l dHdvcmtTdG9yYWdlU2Vzc2lvbiYgc2Vzc2lvbiwgY29uc3QgVVJMJiwgY29uc3QgVVJMJiB1cmws IEluY2x1ZGVTZWN1cmVDb29raWVzKQorc3RkOjpwYWlyPFN0cmluZywgYm9vbD4gY29va2llc0Zv ckRPTShjb25zdCBOZXR3b3JrU3RvcmFnZVNlc3Npb24mIHNlc3Npb24sIGNvbnN0IFVSTCYsIGNv bnN0IFVSTCYgdXJsLCBJbmNsdWRlU2VjdXJlQ29va2llcyBpbmNsdWRlU2VjdXJlQ29va2llcykK IHsKLSAgICAvLyBGSVhNRSgxNzU4NTApOiBTT1VQIGNvbmNlcHQgb2Ygc2VjdXJlIGNvb2tpZXMg c2hvdWxkIGJlIGZpbHRlcmVkIGhlcmUuCi0gICAgcmV0dXJuIHsgY29va2llc0ZvclNlc3Npb24o c2Vzc2lvbiwgdXJsLCBmYWxzZSksIGZhbHNlIH07CisgICAgcmV0dXJuIGNvb2tpZXNGb3JTZXNz aW9uKHNlc3Npb24sIHVybCwgZmFsc2UsIGluY2x1ZGVTZWN1cmVDb29raWVzKTsKIH0KIAogU3Ry aW5nIGNvb2tpZVJlcXVlc3RIZWFkZXJGaWVsZFZhbHVlKGNvbnN0IE5ldHdvcmtTdG9yYWdlU2Vz c2lvbiYgc2Vzc2lvbiwgY29uc3QgVVJMJiAvKmZpcnN0UGFydHkqLywgY29uc3QgVVJMJiB1cmwp CiB7Ci0gICAgcmV0dXJuIGNvb2tpZXNGb3JTZXNzaW9uKHNlc3Npb24sIHVybCwgdHJ1ZSk7Cisg ICAgcmV0dXJuIGNvb2tpZXNGb3JTZXNzaW9uKHNlc3Npb24sIHVybCwgdHJ1ZSwgSW5jbHVkZVNl Y3VyZUNvb2tpZXM6OlllcykuZmlyc3Q7CiB9CiAKIGJvb2wgY29va2llc0VuYWJsZWQoY29uc3Qg TmV0d29ya1N0b3JhZ2VTZXNzaW9uJiBzZXNzaW9uLCBjb25zdCBVUkwmIC8qZmlyc3RQYXJ0eSov LCBjb25zdCBVUkwmIC8qdXJsKi8pCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cg Yi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggOGQ5ZDQ4MjQxMDcxNDQwZjJjMWI4MTFjNmUz NmQzNDkxYzAyOGU3MC4uODc1NDY5YWQ1NGRmOThmOWNhNGE2MDM1ZWJhZTQ0MmRiMGZjNTEzNiAx MDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3RzL0NoYW5n ZUxvZwpAQCAtMSwzICsxLDE0IEBACisyMDE3LTA4LTI1ICBNaWNoYWVsIENhdGFuemFybyAgPG1j YXRhbnphcm9AaWdhbGlhLmNvbT4KKworICAgICAgICBbU09VUF0gVXBkYXRlIGNvb2tpZSBqYXIg aW1wbGVtZW50YXRpb24gdG8gZmlsdGVyIG91dCBzZWN1cmUgY29va2llcworICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTc1ODUwCisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVW5za2lwIG5ld2x5LXBhc3Npbmcg dGVzdHMuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ndGsvVGVzdEV4cGVjdGF0aW9uczoKKwogMjAx Ny0wOC0yNSAgWW91ZW5uIEZhYmxldCAgPHlvdWVubkBhcHBsZS5jb20+CiAKICAgICAgICAgQWRk IHN1cHBvcnQgZm9yIFJlYWRhYmxlU3RyZWFtIHN0b3JhZ2UgaW4gRmV0Y2hCb2R5CmRpZmYgLS1n aXQgYS9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9ndGsvVGVzdEV4cGVjdGF0aW9ucyBiL0xheW91dFRl c3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRpb25zCmluZGV4IGJjMzU5OWU3MDkwMzkxOWRl MDcyZjFkZTZmOGEyMWU5NDAwNDE1OGUuLmI4ZGY1OTRkYTI4ZTRjZTA0OGUyNjBjY2Q4MWZlNGJl YTM3NzRhMDMgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0 YXRpb25zCisrKyBiL0xheW91dFRlc3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRpb25zCkBA IC0zMzY5LDEwICszMzY5LDYgQEAgd2Via2l0Lm9yZy9iLzE3NTU4NiBpbXBvcnRlZC93M2Mvd2Vi LXBsYXRmb3JtLXRlc3RzL1hNTEh0dHBSZXF1ZXN0L3NlbmQtbmV0d29yay0KIAogd2Via2l0Lm9y Zy9iLzE3NTkzMSBmYXN0L2NhbnZhcy93ZWJnbC9uby1pbmZvLWxvZy1mb3Itc2ltcGxlLXNoYWRl cnMuaHRtbCBbIEZhaWx1cmUgXQogCi13ZWJraXQub3JnL2IvMTc1OTMyIGh0dHAvdGVzdHMvbWVk aWEvaGxzL3ZpZGVvLWNvb2tpZS5odG1sIFsgRmFpbHVyZSBdCi13ZWJraXQub3JnL2IvMTc1OTMy IGh0dHAvdGVzdHMvc2VjdXJpdHkvbWl4ZWRDb250ZW50L2luc2VjdXJlLWltYWdlLXdpdGgtc2Vj dXJlY29va2llLWJsb2NrLmh0bWwgWyBGYWlsdXJlIF0KLXdlYmtpdC5vcmcvYi8xNzU5MzIgaHR0 cC90ZXN0cy9zZWN1cml0eS9taXhlZENvbnRlbnQvcmVkaXJlY3QtaHR0cHMtdG8taHR0cC1pbWFn ZS1zZWN1cmUtY29va2llcy1ibG9jay5odG1sIFsgRmFpbHVyZSBdCi0KICMvLy8vLy8vLy8vLy8v Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v Ly8vLy8vLy8vLy8vLy8vLy8vCiAjIEVuZCBvZiBub24tY3Jhc2hpbmcsIG5vbi1mbGFreSB0ZXN0 cyBmYWlsaW5nCiAjLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwo=