Bug 185077

Summary: Remove <meta http-equiv=set-cookie> support
Product: WebKit Reporter: Anne van Kesteren <annevk>
Component: DOMAssignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, cdumez, dbates, ddkilzer, esprehn+autocc, ews-watchlist, gyuyoung.kim, kangil.han, mkwst, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=41285
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews206 for win-future
none
To Land
none
To Land none

Description Anne van Kesteren 2018-04-27 09:51:08 PDT 
See cookies/meta-blocked.html in web-platform-tests and https://github.com/whatwg/html/pull/3649

Chrome has succeeded with this.
Comment 1 Radar WebKit Bug Importer 2018-07-03 14:12:39 PDT 
<rdar://problem/41791397>
Comment 2 Daniel Bates 2018-07-03 15:02:35 PDT 
Created attachment 344226 [details]
Patch
Comment 3 EWS Watchlist 2018-07-03 23:28:19 PDT 
Comment on attachment 344226 [details]
Patch

Attachment 344226 [details] did not pass win-ews (win):
Output: https://webkit-queues.webkit.org/results/8433122

New failing tests:
http/tests/security/canvas-remote-read-remote-video-localhost.html
Comment 4 EWS Watchlist 2018-07-03 23:28:30 PDT 
Created attachment 344265 [details]
Archive of layout-test-results from ews206 for win-future

The attached test failures were seen while running run-webkit-tests on the win-ews.
Bot: ews206  Port: win-future  Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Comment 5 Daniel Bates 2018-07-11 12:10:17 PDT 
(In reply to Build Bot from comment #3)
> Comment on attachment 344226 [details]
> Patch
> 
> Attachment 344226 [details] did not pass win-ews (win):
> Output: https://webkit-queues.webkit.org/results/8433122
> 
> New failing tests:
> http/tests/security/canvas-remote-read-remote-video-localhost.html

I am unclear how this test failures is related to the code removal in this patch. The results.html file in the attached results archive indicates that the test crashed, but no crash log is included :(
Comment 6 Brent Fulgham 2018-08-27 16:14:40 PDT 
Comment on attachment 344226 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=344226&action=review

r=me. The Windows-specific test failure is not related to this change.

> Source/WebCore/ChangeLog:10
> +        the HTML living standard was ammended to define this pragma as no-op. Chrome and Edge have also

amended

> Source/WebCore/dom/Document.cpp:-3376
> -            downcast<HTMLDocument>(*this).setCookie(content);

Do you think it would be useful to developers if we generated a console message here, rather than just ignoring it?
Comment 7 Daniel Bates 2018-12-18 09:36:09 PST 
(In reply to Brent Fulgham from comment #6)
> > Source/WebCore/ChangeLog:10
> > +        the HTML living standard was ammended to define this pragma as no-op. Chrome and Edge have also
> 
> amended
> 

Will fix before landing.

> > Source/WebCore/dom/Document.cpp:-3376
> > -            downcast<HTMLDocument>(*this).setCookie(content);
> 
> Do you think it would be useful to developers if we generated a console
> message here, rather than just ignoring it?

I will update the patch to emit the following Security error message to the console when an HTML page tries to use the Set-Cookie meta tag:

The Set-Cookie meta tag is obsolete and was ignored. Use the HTTP header Set-Cookie or document.cookie instead.
Comment 8 Daniel Bates 2018-12-18 10:03:33 PST 
Created attachment 357575 [details]
To Land
Comment 9 Daniel Bates 2018-12-18 10:04:56 PST 
Created attachment 357576 [details]
To Land
Comment 10 Daniel Bates 2018-12-18 11:17:28 PST 
Committed r239342: <https://trac.webkit.org/changeset/239342>