Bug 217010

Summary: [SOUP] Do not set site for cookies twice in case of redirection
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: berto, bugs-noreply, ews-watchlist, gustavo, mcatanzaro, pgriffis
Priority: P2 Keywords: Gtk
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mcatanzaro: review+

Carlos Garcia Campos
Reported 2020-09-26 00:59:58 PDT
ResourceRequest::updateSoupMessage() already fills the same site information, but we are duplicating the code in NetworkDataTaskSoup::continueHTTPRedirection()
Attachments
Patch (3.96 KB, patch)
2020-09-26 01:03 PDT, Carlos Garcia Campos 		mcatanzaro: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2020-09-26 01:03:02 PDT
Created attachment 409771 [details] Patch
Michael Catanzaro
Comment 2 2020-09-26 04:47:18 PDT
Comment on attachment 409771 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409771&action=review > Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp:115 > + if (!isSameSiteUnspecified()) { Is it OK for SameSite to ever be unspecified when we send a message? Maybe we should have an assert to ensure that doesn't happen?
Carlos Garcia Campos
Comment 3 2020-09-26 06:49:53 PDT
(In reply to Michael Catanzaro from comment #2) > Comment on attachment 409771 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=409771&action=review > > > Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp:115 > > + if (!isSameSiteUnspecified()) { > > Is it OK for SameSite to ever be unspecified when we send a message? Maybe > we should have an assert to ensure that doesn't happen? I don't know.
Carlos Garcia Campos
Comment 4 2020-09-26 06:52:42 PDT
Committed r267621: <https://trac.webkit.org/changeset/267621>
Michael Catanzaro
Comment 5 2020-09-26 09:00:00 PDT
(In reply to Michael Catanzaro from comment #2) > Is it OK for SameSite to ever be unspecified when we send a message? Maybe > we should have an assert to ensure that doesn't happen? Hm, I was thinking: "can we assert that same site data has been provided when needed?" But I think this actually is just used to indicate SameSite is not specified, rather than being set with SameSite=Lax, SameSite=Strict, or SameSite=None.
Note You need to log in before you can comment on or make changes to this bug.