Bug 64997 (CVE-2011-3242)

Summary: [WebKit2] Changing the cookie accept policy in Private Browsing doesn’t work
Product: WebKit Reporter: Jessie Berlin <jberlin>
Component: WebKit2Assignee: Jessie Berlin <jberlin>
Status: RESOLVED FIXED    
Severity: Normal CC: adachan, ayao, jberlin, sam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.7   
Attachments:
Description Flags
Patch
adachan: review-, webkit.review.bot: commit-queue-
Patch (take 2)
none
Patch (take 3 - the binary edition) none

Jessie Berlin
Reported 2011-07-21 17:01:58 PDT
<rdar://problem/9809364> There is a FIXME in WebCookieManagerMac to set the cookie accept policy on the Private Browsing storage session as well. It needs to be fixed.
Attachments
Patch (1.89 KB, patch)
2011-07-21 17:24 PDT, Jessie Berlin 		adachan: review-
webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
Patch (take 2) (7.69 KB, patch)
2011-07-22 11:40 PDT, Jessie Berlin 		no flags
DetailsFormatted DiffDiff
Patch (take 3 - the binary edition) (320.45 KB, patch)
2011-07-22 13:39 PDT, Jessie Berlin 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Jessie Berlin
Comment 1 2011-07-21 17:24:19 PDT
Created attachment 101675 [details] Patch
WebKit Review Bot
Comment 2 2011-07-21 18:38:18 PDT
Comment on attachment 101675 [details] Patch Attachment 101675 [details] did not pass mac-ews (mac): Output: http://queues.webkit.org/results/9192911
Ada Chan
Comment 3 2011-07-21 21:30:12 PDT
Comment on attachment 101675 [details] Patch We have to fix the Mac build first...
Ada Chan
Comment 4 2011-07-21 21:45:40 PDT
Maybe we need a WKSetHTTPCookieAcceptPolicy in WebKitSystemInterface?
Jessie Berlin
Comment 5 2011-07-22 08:51:57 PDT
(In reply to comment #4) > Maybe we need a WKSetHTTPCookieAcceptPolicy in WebKitSystemInterface? Yep, working on it.
Jessie Berlin
Comment 6 2011-07-22 11:40:10 PDT
Created attachment 101746 [details] Patch (take 2)
Jessie Berlin
Comment 7 2011-07-22 13:36:38 PDT
Comment on attachment 101746 [details] Patch (take 2) I will re-generate the diff with the --binary flag and post it again for review so that the EWS bots can apply it.
Jessie Berlin
Comment 8 2011-07-22 13:39:13 PDT
Created attachment 101760 [details] Patch (take 3 - the binary edition)
Ada Chan
Comment 9 2011-07-22 13:55:27 PDT
Comment on attachment 101760 [details] Patch (take 3 - the binary edition) View in context: https://bugs.webkit.org/attachment.cgi?id=101760&action=review > WebKitLibraries/ChangeLog:5 > + Might be useful to mention the API you are adding here and that it's only implemented on Mac so far.
Jessie Berlin
Comment 10 2011-07-22 15:09:44 PDT
(In reply to comment #9) > (From update of attachment 101760 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=101760&action=review > > > WebKitLibraries/ChangeLog:5 > > + > > Might be useful to mention the API you are adding here and that it's only implemented on Mac so far. There is no need to implement that API on Windows - we don’t have the issue of not having the Private Headers not available on Windows. I will mention that in the ChangeLog. Thanks for the review!
Jessie Berlin
Comment 11 2011-07-22 16:23:36 PDT
Comment on attachment 101760 [details] Patch (take 3 - the binary edition) Fixed in http://trac.webkit.org/changeset/91616
Note You need to log in before you can comment on or make changes to this bug.