Bug 197108

Summary: Disable Ad Click Attribution in ephemeral sessions and make sure conversion requests use an ephemeral, stateless session
Product: WebKit Reporter: John Wilander <wilander>
Component: WebKit Misc.Assignee: John Wilander <wilander>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, cdumez, dbates, esprehn+autocc, ews-watchlist, gyuyoung.kim, japhet, ryanhaddad, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch for landing none

John Wilander
Reported 2019-04-19 10:56:45 PDT
Ad Click Attribution should be disabled in ephemeral sessions and conversion requests should use an ephemeral, stateless session.
Attachments
Patch (57.14 KB, patch)
2019-04-19 14:42 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch (57.12 KB, patch)
2019-04-19 15:55 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch (56.95 KB, patch)
2019-04-19 16:02 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch for landing (56.17 KB, patch)
2019-04-19 16:37 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
John Wilander
Comment 1 2019-04-19 10:56:59 PDT
<rdar://problem/49918702>
John Wilander
Comment 2 2019-04-19 14:42:20 PDT
Created attachment 367830 [details] Patch
Alex Christensen
Comment 3 2019-04-19 15:19:18 PDT
Comment on attachment 367830 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=367830&action=review Seems mostly conceptually good to me. > Source/WebCore/loader/ResourceLoader.cpp:721 > + if (m_options.storedCredentialsPolicy == StoredCredentialsPolicy::DoNotUse > + || m_options.storedCredentialsPolicy == StoredCredentialsPolicy::EphemeralStatelessCookieless) This could just be if it's not equal to ::Use. > Source/WebKit/NetworkProcess/AdClickAttributionManager.cpp:183 > - return completionHandler("No stored Ad Click Attribution data.\n"_s); > + return completionHandler("\nNo stored Ad Click Attribution data.\n"_s); You probably want to put the first newline where this string is used. > Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:593 > + NetworkSession* networkSession; May as well initialize this to nullptr here, even though we know it will be initialized later. Ideally we would have C++17's if-with-initializer. I sent an email to webkit-dev. > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:366 > + if (!shouldBlockCookies) This seems like a good job for the operator || > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:984 > + initializeEphemeralStatelessCookielessSession(configuration); We should probably lazily initialize this. Hopefully most users will never need to even allocate this. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:1010 > + configuration.allowsCellularAccess = YES; This needs to come from NetworkSessionCreationParameters or from the other sessions. There's an internal client that needs to disallow cellular access and it should disallow it for this, too.
John Wilander
Comment 4 2019-04-19 15:34:33 PDT
(In reply to Alex Christensen from comment #3) > Comment on attachment 367830 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=367830&action=review > > Seems mostly conceptually good to me. > > > Source/WebCore/loader/ResourceLoader.cpp:721 > > + if (m_options.storedCredentialsPolicy == StoredCredentialsPolicy::DoNotUse > > + || m_options.storedCredentialsPolicy == StoredCredentialsPolicy::EphemeralStatelessCookieless) > > This could just be if it's not equal to ::Use. True. Will fix. > > Source/WebKit/NetworkProcess/AdClickAttributionManager.cpp:183 > > - return completionHandler("No stored Ad Click Attribution data.\n"_s); > > + return completionHandler("\nNo stored Ad Click Attribution data.\n"_s); > > You probably want to put the first newline where this string is used. The reason I added this is after dumping the /cookies/resources/echo-cookies.php frame, I don't get a newline. And in the case of empty maps, I only output this line. > > Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:593 > > + NetworkSession* networkSession; > > May as well initialize this to nullptr here, even though we know it will be > initialized later. Ideally we would have C++17's if-with-initializer. I > sent an email to webkit-dev. OK, I'll initialize to nullptr. > > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:366 > > + if (!shouldBlockCookies) > > This seems like a good job for the operator || Ah, yes. Will fix. > > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:984 > > + initializeEphemeralStatelessCookielessSession(configuration); > > We should probably lazily initialize this. Hopefully most users will never > need to even allocate this. OK, I'll try to do that. But if Ad Click Attribution is adopted, this session will be used quite a lot. > > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:1010 > > + configuration.allowsCellularAccess = YES; > > This needs to come from NetworkSessionCreationParameters or from the other > sessions. There's an internal client that needs to disallow cellular access > and it should disallow it for this, too. OK. Hopefully I can pick it up when I do my lazy initialization. Thanks!
John Wilander
Comment 5 2019-04-19 15:55:52 PDT
Created attachment 367848 [details] Patch
John Wilander
Comment 6 2019-04-19 16:02:20 PDT
Created attachment 367849 [details] Patch
John Wilander
Comment 7 2019-04-19 16:04:06 PDT
(In reply to John Wilander from comment #4) > (In reply to Alex Christensen from comment #3) > > Comment on attachment 367830 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=367830&action=review > > > > Seems mostly conceptually good to me. > > > > > Source/WebCore/loader/ResourceLoader.cpp:721 > > > + if (m_options.storedCredentialsPolicy == StoredCredentialsPolicy::DoNotUse > > > + || m_options.storedCredentialsPolicy == StoredCredentialsPolicy::EphemeralStatelessCookieless) > > > > This could just be if it's not equal to ::Use. > > True. Will fix. > > > > Source/WebKit/NetworkProcess/AdClickAttributionManager.cpp:183 > > > - return completionHandler("No stored Ad Click Attribution data.\n"_s); > > > + return completionHandler("\nNo stored Ad Click Attribution data.\n"_s); > > > > You probably want to put the first newline where this string is used. > > The reason I added this is after dumping the > /cookies/resources/echo-cookies.php frame, I don't get a newline. And in the > case of empty maps, I only output this line. I don't see a way to make the expect file to look nice with out this leading newline. Thoughts? > > > Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:593 > > > + NetworkSession* networkSession; > > > > May as well initialize this to nullptr here, even though we know it will be > > initialized later. Ideally we would have C++17's if-with-initializer. I > > sent an email to webkit-dev. > > OK, I'll initialize to nullptr. > > > > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:366 > > > + if (!shouldBlockCookies) > > > > This seems like a good job for the operator || > > Ah, yes. Will fix. I did it with || in both places. > > > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:984 > > > + initializeEphemeralStatelessCookielessSession(configuration); > > > > We should probably lazily initialize this. Hopefully most users will never > > need to even allocate this. > > OK, I'll try to do that. But if Ad Click Attribution is adopted, this > session will be used quite a lot. Can I really lazy initialize this since I need the configuration parameters that's sent to the constructor? > > > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:1010 > > > + configuration.allowsCellularAccess = YES; > > > > This needs to come from NetworkSessionCreationParameters or from the other > > sessions. There's an internal client that needs to disallow cellular access > > and it should disallow it for this, too. > > OK. Hopefully I can pick it up when I do my lazy initialization. I've changed to set this according to the parameters. But no last initialization yet. Please advise.
Alex Christensen
Comment 8 2019-04-19 16:10:25 PDT
Comment on attachment 367849 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=367849&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:218 > + m_task = [cocoaSession.m_ephemeralStatelessCookielessSession dataTaskWithRequest:nsRequest]; To lazily initialize m_ephemeralStatelessCookielessSession, just put the call to initializeEphemeralStatelessCookielessSession before this line. Then inside initializeEphemeralStatelessCookielessSession early return if m_ephemeralStatelessCookielessSession is non null.
John Wilander
Comment 9 2019-04-19 16:24:28 PDT
(In reply to Alex Christensen from comment #8) > Comment on attachment 367849 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=367849&action=review > > > Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:218 > > + m_task = [cocoaSession.m_ephemeralStatelessCookielessSession dataTaskWithRequest:nsRequest]; > > To lazily initialize m_ephemeralStatelessCookielessSession, just put the > call to initializeEphemeralStatelessCookielessSession before this line. > Then inside initializeEphemeralStatelessCookielessSession early return if > m_ephemeralStatelessCookielessSession is non null. But initializeEphemeralStatelessCookielessSession() takes an NSURLSessionConfiguration. Do you mean I should instead pick up the configuration from one of the other, already existing sessions?
Alex Christensen
Comment 10 2019-04-19 16:25:54 PDT
Right. From m_statelessSession
John Wilander
Comment 11 2019-04-19 16:37:22 PDT
(In reply to Alex Christensen from comment #10) > Right. From m_statelessSession Got it. Thanks!
John Wilander
Comment 12 2019-04-19 16:37:57 PDT
Created attachment 367852 [details] Patch for landing
Chris Dumez
Comment 13 2019-04-19 17:00:31 PDT
Comment on attachment 367852 [details] Patch for landing Clearing flags on attachment: 367852 Committed r244475: <https://trac.webkit.org/changeset/244475>
Chris Dumez
Comment 14 2019-04-19 17:00:33 PDT
All reviewed patches have been landed. Closing bug.
John Wilander
Comment 15 2019-04-19 17:03:48 PDT
Thanks for landing it for me, Chris! If there's any problem with the patch, send it to me, not Chris. He landed it for me because the commit queue is currently broken.
Note You need to log in before you can comment on or make changes to this bug.