Bug 196927

Summary:

Web Inspector: SameSite parsing should be stricter

Product:

WebKit

Reporter:

Joseph Pecoraro <joepeck>

Component:

Web Inspector

Assignee:

Joseph Pecoraro <joepeck>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ews-watchlist, hi, inspector-bugzilla-changes, joepeck, rniwa, sroberts, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

All

OS:

All

Attachments:

Description	Flags
[PATCH] Proposed Fix	hi: review+, hi: commit-queue-
[PATCH] For Landing	none
[PATCH] For Landing	none
Archive of layout-test-results from ews101 for mac-highsierra	none
Archive of layout-test-results from ews116 for mac-highsierra	none

Description Joseph Pecoraro 2019-04-15 13:00:36 PDT

SameSite parsing should be stricter:
https://httpwg.org/http-extensions/rfc6265bis.html#the-samesite-attribute-1

    SameSite=lax     => Lax
    SameSite=strict  => Strict

    SameSite         => Ignore
    SameSite=unknown => Ignore

Comment 1 Joseph Pecoraro 2019-04-15 13:02:43 PDT

<rdar://problem/42291601>

Comment 2 Joseph Pecoraro 2019-04-15 13:10:42 PDT

Created attachment 367445 [details]
[PATCH] Proposed Fix

Comment 3 Devin Rousso 2019-04-15 13:23:01 PDT

Comment on attachment 367445 [details]
[PATCH] Proposed Fix

r=me, please update the expected result for `inspector/unit-tests/cookie.html` :)

Comment 4 Joseph Pecoraro 2019-04-15 13:26:27 PDT

Created attachment 367449 [details]
[PATCH] For Landing

Comment 5 Joseph Pecoraro 2019-04-15 13:34:23 PDT

Created attachment 367452 [details]
[PATCH] For Landing

Comment 6 EWS Watchlist 2019-04-15 13:52:37 PDT Comment hidden (obsolete)

Comment on attachment 367445 [details]
[PATCH] Proposed Fix

Attachment 367445 [details] did not pass mac-ews (mac):
Output: https://webkit-queues.webkit.org/results/11874748

New failing tests:
inspector/unit-tests/cookie.html

Comment 7 EWS Watchlist 2019-04-15 13:52:39 PDT Comment hidden (obsolete)

Created attachment 367454 [details]
Archive of layout-test-results from ews101 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101  Port: mac-highsierra  Platform: Mac OS X 10.13.6

Comment 8 EWS Watchlist 2019-04-15 14:49:54 PDT

Comment on attachment 367445 [details]
[PATCH] Proposed Fix

Attachment 367445 [details] did not pass mac-debug-ews (mac):
Output: https://webkit-queues.webkit.org/results/11875103

New failing tests:
inspector/unit-tests/cookie.html

Comment 9 EWS Watchlist 2019-04-15 14:49:55 PDT

Created attachment 367463 [details]
Archive of layout-test-results from ews116 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews116  Port: mac-highsierra  Platform: Mac OS X 10.13.6

Comment 10 WebKit Commit Bot 2019-04-15 14:53:53 PDT

Comment on attachment 367452 [details]
[PATCH] For Landing

Clearing flags on attachment: 367452

Committed r244294: <https://trac.webkit.org/changeset/244294>

Comment 11 Shawn Roberts 2019-04-16 10:53:25 PDT

After changes in https://trac.webkit.org/changeset/244294 

http/tests/inspector/network/har/har-page.html is failing on WK2 Release and Debug builds.

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Finspector%2Fnetwork%2Fhar%2Fhar-page.html

Was a flaky timeout/failure in previous revisions. 

Diff:

--- /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/tests/inspector/network/har/har-page-expected.txt
+++ /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/tests/inspector/network/har/har-page-actual.txt
@@ -588,8 +588,7 @@
               "path": "/",
               "expires": "",
               "httpOnly": false,
-              "secure": false,
-              "sameSite": "Strict"
+              "secure": false
             }
           ],
           "headers": "<filtered>",
@@ -661,8 +660,7 @@
               "path": "/",
               "expires": "",
               "httpOnly": false,
-              "secure": false,
-              "sameSite": "Strict"
+              "secure": false
             }
           ],
           "headers": "<filtered>",

Comment 12 Joseph Pecoraro 2019-04-16 11:09:59 PDT

(In reply to Shawn Roberts from comment #11)
> After changes in https://trac.webkit.org/changeset/244294 
> 
> http/tests/inspector/network/har/har-page.html is failing on WK2 Release and
> Debug builds.
> 
> https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.
> html#showAllRuns=true&tests=http%2Ftests%2Finspector%2Fnetwork%2Fhar%2Fhar-
> page.html
> 
> Was a flaky timeout/failure in previous revisions. 
> 
> Diff:
> 
> ---
> /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/
> tests/inspector/network/har/har-page-expected.txt
> +++
> /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/
> tests/inspector/network/har/har-page-actual.txt
> @@ -588,8 +588,7 @@
>                "path": "/",
>                "expires": "",
>                "httpOnly": false,
> -              "secure": false,
> -              "sameSite": "Strict"
> +              "secure": false
>              }
>            ],
>            "headers": "<filtered>",
> @@ -661,8 +660,7 @@
>                "path": "/",
>                "expires": "",
>                "httpOnly": false,
> -              "secure": false,
> -              "sameSite": "Strict"
> +              "secure": false
>              }
>            ],
>            "headers": "<filtered>",

Oops, yes updating now.

Comment 13 Joseph Pecoraro 2019-04-16 11:20:02 PDT

> Oops, yes updating now.

Test + Expectations updated in:
https://trac.webkit.org/r244345