Bug 246477
| Summary: | Cap cookie lifetimes to 7 days for responses from third party IP addresses | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Wenson Hsieh <wenson_hsieh> |
| Component: | Platform | Assignee: | Wenson Hsieh <wenson_hsieh> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | blare-seabeds-0x, dmdabbs, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Wenson Hsieh
rdar://100831206
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Wenson Hsieh
Pull request: https://github.com/WebKit/WebKit/pull/5347
EWS
Committed 255849@main (b0305b173106): <https://commits.webkit.org/255849@main>
Reviewed commits have been landed. Closing PR #5347 and removing active labels.
blare-seabeds-0x
Hi Wenson Hsieh,
I am trying to understand more about this fix. I tried this on preview and it looks quite a huge change with a lot of side effects for valid use cases.
If I am not mistaken this use cases will be now broken:
1) I have services that are running in multiple infrastructures. Like site is cached on some CDN, where my auth server is running on Heroku, where processing is done on AWS (one main domain and two subdomains with different IP's). Because of that my own services are limited now. Using multiple infrastructures in completely first party mode (I own everything) is legit use case.
2) I have headless shop on Shopify. This means that my html/css/js is hosted on some CDN let's say Vercel, but I am using Shopify API's to run the store. This now means that user will be limited to 7 days for everything related to Shopify.
Would love to hear more about this change.
Thank you