Bug 175232

Summary:

Resource Load Statistics: Immediately deny third-party cookie creation for prevalent resources without interaction (rather than temporarily accepting the cookie)

Product:

WebKit

Reporter:

tstapleton

Component:

WebCore Misc.

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED CONFIGURATION CHANGED

Severity:

Normal

CC:

achristensen, aestes, bfulgham, buildbot, cdumez, dbates, mkwst, rniwa, w0nka, webkit-bug-importer, wilander

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=177394

Bug Depends on:

176386, 177394

Bug Blocks:

Attachments:

Description	Flags
Patch	none
Patch	none
Archive of layout-test-results from ews106 for mac-elcapitan-wk2	none
Patch	none
Patch	none
Patch	none
Patch	achristensen: review+

tstapleton

Reported 2017-08-04 17:23:59 PDT

In the previous default “one-in-all-in” third party cookie blocking behavior, a website could somewhat deterministically detect if the browser was rejecting third party cookies by attempting to set a test cookie. If the test cookie was not returned on subsequent requests to the server, the website would have a signal to not attempt the setting of additional unnecessary cookies in the browser. Because the current implementation of ITP purges cookies following a 5 second delay, the test cookie will often be sent on successive requests to the server. This is taken as a signal that the browser will accept cookies resulting in the allocation of storage and processing resources toward the creation of a more substantial cookie that subsequently goes unused. The churn created by this interaction will be non-trivial in terms of both server-side processing and storage. For a domain that has no previous cookie in its jar, it seems more appropriate to apply the previous behavior of blocking the cookie from being set.

Attachments
Patch (32.80 KB, patch) 2017-08-31 13:51 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Patch (49.46 KB, patch) 2017-09-01 14:55 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews106 for mac-elcapitan-wk2 (1.72 MB, application/zip) 2017-09-01 15:52 PDT, Build Bot	no flags	Details
Patch (49.55 KB, patch) 2017-09-01 16:41 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Patch (49.58 KB, patch) 2017-09-05 11:59 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Patch (43.57 KB, patch) 2017-09-05 14:56 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Patch (42.02 KB, patch) 2017-09-06 09:09 PDT, Brent Fulgham	achristensen: review+	Details Formatted Diff Diff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.

Jack Wellborn

Comment 1 2017-08-11 15:04:03 PDT

Seconding this concern/recommendation. From the perspective of using a 3rd party cookie for cross-site analytics, the previous behavior is predictable where as ITP is not. Worse it risks of data corruption. Because ITP allows a cookie to get set by a third party on iOS/Safari 11 and because there is way of knowing whether the cookie being set will truly be persistent or partitioned/shortened via ITP, many solutions will simply treat the ITP cookie as any other 3rd party cookie and start seeing inflation of uniques, etc... This leaves the only solution to do browser check for Safari and not drop a cookie, which is no better than if Safari still just blocked the third party cookie.

Brent Fulgham

Comment 2 2017-08-18 15:14:32 PDT

<rdar://problem/33709386>

Brent Fulgham

Comment 3 2017-08-31 13:51:18 PDT

Created attachment 319517 [details] Patch

Build Bot

Comment 4 2017-08-31 13:54:22 PDT

Attachment 319517 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:133: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 3 in 14 files If any of these errors are false positives, please file a bug against check-webkit-style.

John Wilander

Comment 5 2017-08-31 13:56:53 PDT

Patch looks as if it implements what we discussed. We need a dedicated test case though. For both cases; with and without user interaction.

Brent Fulgham

Comment 6 2017-09-01 14:55:15 PDT

Created attachment 319647 [details] Patch

Build Bot

Comment 7 2017-09-01 14:56:54 PDT

Attachment 319647 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:135: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 3 in 19 files If any of these errors are false positives, please file a bug against check-webkit-style.

Build Bot

Comment 8 2017-09-01 15:52:45 PDT

Comment on attachment 319647 [details] Patch Attachment 319647 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4429066 New failing tests: http/tests/loading/resourceLoadStatistics/third-party-cookie-with-and-without-user-interaction.html

Build Bot

Comment 9 2017-09-01 15:52:47 PDT

Created attachment 319658 [details] Archive of layout-test-results from ews106 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Brent Fulgham

Comment 10 2017-09-01 16:41:17 PDT

Created attachment 319668 [details] Patch

Build Bot

Comment 11 2017-09-01 16:44:07 PDT

Attachment 319668 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:135: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 3 in 19 files If any of these errors are false positives, please file a bug against check-webkit-style.

Brent Fulgham

Comment 12 2017-09-01 16:53:26 PDT

(In reply to Build Bot from comment #11) > Attachment 319668 [details] did not pass style-queue: > > > ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra > space before ( in function call [whitespace/parens] [4] > ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:135: Extra > space before ( in function call [whitespace/parens] [4] > ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: > Extra space before ( in function call [whitespace/parens] [4] > Total errors found: 3 in 19 files > > > If any of these errors are false positives, please file a bug against > check-webkit-style. Whoops. Test isn't compatible with stuff prior to High Sierra.

Alex Christensen

Comment 13 2017-09-05 10:54:41 PDT

Comment on attachment 319668 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=319668&action=review > Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:248 > + if (!domainsWithInteraction.isEmpty()) { These checks don't do anything. > Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:250 > + m_prevalentTopPrivatelyControlledDomainsWithoutInteraction.remove(domain); If we clear first, there's a lot of unnecessary removing from empty sets. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:82 > RetainPtr<NSURLSession> m_sessionWithoutCredentialStorage; > RetainPtr<WKNetworkSessionDelegate> m_sessionWithoutCredentialStorageDelegate; > + RetainPtr<NSURLSession> m_sessionWithoutCredentialOrCookieStorage; > + RetainPtr<WKNetworkSessionDelegate> m_sessionWithoutCredentialOrCookieStorageDelegate; Instead of making a third session, we should probably just make the m_sessionWithoutCredentialStorage have a nil HTTPCookieStorage. The intent of that session is that it's stateless. Maybe that should be a separate patch because it will affect more than just this.

Brent Fulgham

Comment 14 2017-09-05 11:24:23 PDT

Comment on attachment 319668 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=319668&action=review Thank you for reviewing this. Updated patch coming soon. >> Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:248 >> + if (!domainsWithInteraction.isEmpty()) { > > These checks don't do anything. I'll get rid of them. >> Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp:250 >> + m_prevalentTopPrivatelyControlledDomainsWithoutInteraction.remove(domain); > > If we clear first, there's a lot of unnecessary removing from empty sets. Good point. I'll check before removing. >> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:82 >> + RetainPtr<WKNetworkSessionDelegate> m_sessionWithoutCredentialOrCookieStorageDelegate; > > Instead of making a third session, we should probably just make the m_sessionWithoutCredentialStorage have a nil HTTPCookieStorage. The intent of that session is that it's stateless. Maybe that should be a separate patch because it will affect more than just this. Ok. I filed Bug 176386 to do this in a follow-up.

Brent Fulgham

Comment 15 2017-09-05 11:59:27 PDT

Created attachment 319920 [details] Patch

Build Bot

Comment 16 2017-09-05 12:02:04 PDT

Attachment 319920 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:135: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 3 in 19 files If any of these errors are false positives, please file a bug against check-webkit-style.

Alex Christensen

Comment 17 2017-09-05 12:04:17 PDT

Comment on attachment 319920 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=319920&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:82 > + RetainPtr<NSURLSession> m_sessionWithoutCredentialOrCookieStorage; > + RetainPtr<WKNetworkSessionDelegate> m_sessionWithoutCredentialOrCookieStorageDelegate; To be more clear, I think we should not add a new NSURLSession per NetworkSession just for this. I think we should make the m_sessionWithoutCredentialStorage not store cookies either instead. I think we should do that in a separate patch, and I think this patch depends on that patch.

Brent Fulgham

Comment 18 2017-09-05 13:46:54 PDT

Rebaselining the patch to build on top of Bug 176386.

Brent Fulgham

Comment 19 2017-09-05 14:56:12 PDT

Created attachment 319939 [details] Patch

Build Bot

Comment 20 2017-09-05 14:58:56 PDT

Attachment 319939 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:135: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 3 in 18 files If any of these errors are false positives, please file a bug against check-webkit-style.

Alex Christensen

Comment 21 2017-09-05 15:49:13 PDT

This patch really blurs the concepts of blocking cookies and a stateless request with no credentials also. If we are going to block cookies, do we want to also block credentials such as basic authentication credentials?

Brent Fulgham

Comment 22 2017-09-05 16:09:33 PDT

(In reply to Alex Christensen from comment #21) > This patch really blurs the concepts of blocking cookies and a stateless > request with no credentials also. If we are going to block cookies, do we > want to also block credentials such as basic authentication credentials? I think so. We hit this case when we've decided that the request does not meet or criteria for an origin that we trust to store cookies or other data. I think local certificates fall under this category, too.

Brent Fulgham

Comment 23 2017-09-05 17:14:52 PDT

I talked to Alex in person, and he suggested we get rid of the boolean and piggy-back off of the "no credentials" storage case.

Brent Fulgham

Comment 24 2017-09-06 09:09:58 PDT

Created attachment 320027 [details] Patch

Build Bot

Comment 25 2017-09-06 09:11:49 PDT

Attachment 320027 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:63: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h:135: Extra space before ( in function call [whitespace/parens] [4] ERROR: Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp:148: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 3 in 17 files If any of these errors are false positives, please file a bug against check-webkit-style.

Alex Christensen

Comment 26 2017-09-06 10:22:50 PDT

Comment on attachment 320027 [details] Patch Much more elegant. R=me

Brent Fulgham

Comment 27 2017-09-06 10:30:52 PDT

Committed r221683: <http://trac.webkit.org/changeset/221683>

Brent Fulgham

Comment 28 2017-10-17 17:42:04 PDT

Reopening. We discovered some compatibility problems with this change, and rolled out the immediate cookie blocking here: https://trac.webkit.org/changeset/222414/webkit We need to address this in a different way to support the ability to block initially, then unblock when entering a domain that should have cookie access.

John Wilander

Comment 29 2018-02-05 09:47:15 PST

This was eventually fixed inhttps://bugs.webkit.org/show_bug.cgi?id=177394.

Chris Dumez

Comment 30 2018-08-08 13:53:50 PDT

Comment on attachment 320027 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320027&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:123 > + LOG(NetworkSession, "%llu Creating stateless NetworkDataTask with URL %s", [m_task taskIdentifier], nsRequest.URL.absoluteString.UTF8String); This logging is wrong. > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:128 > + LOG(NetworkSession, "%llu Creating NetworkDataTask with URL %s", [m_task taskIdentifier], nsRequest.URL.absoluteString.UTF8String); Seems reversed with this one.

Note You need to log in before you can comment on or make changes to this bug.