Bug 57139

Summary: Websocket cookies should be locked in when creating websocket
Product: WebKit Reporter: Joe Mason <joenotcharles>
Component: WebCore JavaScriptAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: abarth, ap, eric, ukai
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch none

Joe Mason
Reported 2011-03-25 21:34:39 PDT
Conceptually a websocket is opened when the WebSocket object is created in Javascript. However, behind the scenes the handshake data is not actually sent until the socket has been set up, asynchronously. So if a document creates a websocket and then immediately updates the cookie, the cookie that is sent is the one that is current at the point the handshake is sent. This is a race condition. The cookie should be saved when the WebSocket constructor is executed, and the saved cookie sent with the handshake. (I noticed this when running the cookie-001 test from the Opera test suite: http://testsuites.opera.com/websockets/)
Attachments
patch (7.12 KB, patch)
2011-03-25 21:56 PDT, Joe Mason 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joe Mason
Comment 1 2011-03-25 21:56:40 PDT
Created attachment 87008 [details] patch
Alexey Proskuryakov
Comment 2 2011-03-25 23:05:29 PDT
Note that the cookie storage can be changed by other applications concurrently, so a race condition in JS code that relies on cookies being immutable is pretty much unavoidable.
Joe Mason
Comment 3 2011-03-26 13:23:26 PDT
This patch cuts down on it a lot, though.
Antonio Gomes
Comment 4 2011-04-26 16:52:23 PDT
Comment on attachment 87008 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=87008&action=review > Source/WebCore/websockets/WebSocketHandshake.cpp:177 > + // read the document cookie at creation, in case it is updated before the handshake is sent Capital letter in the beginning and period in the end, please.
Alexey Proskuryakov
Comment 5 2011-04-26 16:58:50 PDT
I still think that this is WONTFIX, but I could be convinced by specific examples of how the current code causes practical trouble.
Eric Seidel (no email)
Comment 6 2012-01-30 15:03:46 PST
Closing per ap's comment.
Note You need to log in before you can comment on or make changes to this bug.