Bug 218863
| Summary: | [SOUP] ITP should cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro, pgriffis |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | PC | ||
| OS: | Linux | ||
Michael Catanzaro
ITP should protect against CNAME cloaking. This requires soup-specific code. See:
https://webkit.org/blog/11338/cname-cloaking-and-bounce-tracking-defense/
https://trac.webkit.org/changeset/265389/webkit
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
We found:
* The Apple code lives in NetworkDataTaskCocoa.mm
* GResolver doesn't actually have support for CNAME records currently, it will need to be added