Bug 310830
| Summary: | cURL backend should support Secure cookies for HTTP loopback URLs | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Xyan <x_bhatnagar> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | webkit-bug-importer, x_bhatnagar |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=281149 | ||
Xyan
This involves making the following changes to the cURL backend for WebKit:
* For `NetworkStorageSessionCurl::getRawCookies`, instead of always including `Secure` cookies, only include `Secure` cookies if the URL scheme is HTTPS or the hostname is a loopback address (localhost, 127.0.0.0/8, ::1)
* For `NetworkDataTaskCurl` and `WebSocketTaskCurl` add the loopback address condition for including `Secure` cookies.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/173958900>