Bug 175850

Summary: [SOUP] Update cookie jar implementation to filter out secure cookies
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: PlatformAssignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: berto, bfulgham, bugs-noreply, buildbot, cgarcia, danw, gustavo, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: PC   
OS: Linux   
Bug Depends on: 175846    
Bug Blocks: 175932    
Attachments:
Description Flags
Patch bfulgham: review+

Description Michael Catanzaro 2017-08-22 13:48:58 PDT
Filter secure cookies in cookiesForDOM in CookieJarSoup.cpp. See bug #157053 and bug #175846.
Comment 1 Michael Catanzaro 2017-08-25 20:22:42 PDT
Created attachment 319130 [details]
Patch
Comment 2 Michael Catanzaro 2017-08-25 20:51:40 PDT
Comment on attachment 319130 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=319130&action=review

> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92
> +    while (item) {

I guess I should probably only enter this loop if url.protocolIs("https"), since it doesn't do anything otherwise. (libsoup should not return secure cookies except in that case.)
Comment 3 Brent Fulgham 2017-08-26 09:29:23 PDT
Comment on attachment 319130 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=319130&action=review

>> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92
>> +    while (item) {
> 
> I guess I should probably only enter this loop if url.protocolIs("https"), since it doesn't do anything otherwise. (libsoup should not return secure cookies except in that case.)

Makes sense.

> LayoutTests/platform/gtk/TestExpectations:-3375
> -

Yay!
Comment 4 Michael Catanzaro 2017-08-26 09:50:03 PDT
Committed r221226: <http://trac.webkit.org/changeset/221226>
Comment 5 Radar WebKit Bug Importer 2017-08-26 09:50:34 PDT
<rdar://problem/34097762>