Bug 202435

Summary: Storage Access API: document.hasStorageAccess() should return true when the cookie policy allows access
Product: WebKit Reporter: John Wilander <wilander>
Component: WebKit Misc.Assignee: John Wilander <wilander>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, berto, bfulgham, cgarcia, commit-queue, ews-watchlist, galpeter, gustavo
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch for landing none

John Wilander
Reported 2019-10-01 15:23:58 PDT
WebKit's Storage Access API implementation has so far only looked at whether ITP is blocking cookie access or not. However, the default cookie policy is still in effect underneath ITP. document.hasStorageAccess() should return true if the third-party a) is not classified by ITP and b) has cookies which implies it can use cookies as third-party according to the default cookie policy.
Attachments
Patch (30.99 KB, patch)
2019-10-01 15:37 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch (31.18 KB, patch)
2019-10-01 15:55 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch for landing (31.14 KB, patch)
2019-10-01 17:35 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
John Wilander
Comment 1 2019-10-01 15:24:19 PDT
<rdar://problem/55718526>
John Wilander
Comment 2 2019-10-01 15:37:33 PDT
Created attachment 379955 [details] Patch
John Wilander
Comment 3 2019-10-01 15:55:09 PDT
Created attachment 379962 [details] Patch
Brent Fulgham
Comment 4 2019-10-01 16:09:37 PDT
Comment on attachment 379962 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379962&action=review Looks reasonable. I think you left some partially-written code in one section. If r=me (ews) > Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:448 > + } This little section seems unneeded.
John Wilander
Comment 5 2019-10-01 16:11:58 PDT
(In reply to Brent Fulgham from comment #4) > Comment on attachment 379962 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=379962&action=review > > Looks reasonable. I think you left some partially-written code in one > section. If r=me (ews) > > > Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:448 > > + } > > This little section seems unneeded. Oops. Good catch. Ugly. Thanks! Will wait for EWS.
John Wilander
Comment 6 2019-10-01 17:35:05 PDT
Created attachment 379974 [details] Patch for landing
WebKit Commit Bot
Comment 7 2019-10-01 18:18:55 PDT
Comment on attachment 379974 [details] Patch for landing Clearing flags on attachment: 379974 Committed r250589: <https://trac.webkit.org/changeset/250589>
WebKit Commit Bot
Comment 8 2019-10-01 18:18:57 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.