RESOLVED FIXED 185077
Remove <meta http-equiv=set-cookie> support 
https://bugs.webkit.org/show_bug.cgi?id=185077
Summary Remove <meta http-equiv=set-cookie> support
Anne van Kesteren
Reported 2018-04-27 09:51:08 PDT
See cookies/meta-blocked.html in web-platform-tests and https://github.com/whatwg/html/pull/3649 Chrome has succeeded with this.
Attachments
Patch (4.38 KB, patch)
2018-07-03 15:02 PDT, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews206 for win-future (12.92 MB, application/zip)
2018-07-03 23:28 PDT, EWS Watchlist 		no flags
Details
To Land (4.79 KB, patch)
2018-12-18 10:03 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
To Land (4.79 KB, patch)
2018-12-18 10:04 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-07-03 14:12:39 PDT
<rdar://problem/41791397>
Daniel Bates
Comment 2 2018-07-03 15:02:35 PDT
Created attachment 344226 [details] Patch
EWS Watchlist
Comment 3 2018-07-03 23:28:19 PDT
Comment on attachment 344226 [details] Patch Attachment 344226 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/8433122 New failing tests: http/tests/security/canvas-remote-read-remote-video-localhost.html
EWS Watchlist
Comment 4 2018-07-03 23:28:30 PDT
Created attachment 344265 [details] Archive of layout-test-results from ews206 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews206 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Daniel Bates
Comment 5 2018-07-11 12:10:17 PDT
(In reply to Build Bot from comment #3) > Comment on attachment 344226 [details] > Patch > > Attachment 344226 [details] did not pass win-ews (win): > Output: https://webkit-queues.webkit.org/results/8433122 > > New failing tests: > http/tests/security/canvas-remote-read-remote-video-localhost.html I am unclear how this test failures is related to the code removal in this patch. The results.html file in the attached results archive indicates that the test crashed, but no crash log is included :(
Brent Fulgham
Comment 6 2018-08-27 16:14:40 PDT
Comment on attachment 344226 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=344226&action=review r=me. The Windows-specific test failure is not related to this change. > Source/WebCore/ChangeLog:10 > + the HTML living standard was ammended to define this pragma as no-op. Chrome and Edge have also amended > Source/WebCore/dom/Document.cpp:-3376 > - downcast<HTMLDocument>(*this).setCookie(content); Do you think it would be useful to developers if we generated a console message here, rather than just ignoring it?
Daniel Bates
Comment 7 2018-12-18 09:36:09 PST
(In reply to Brent Fulgham from comment #6) > > Source/WebCore/ChangeLog:10 > > + the HTML living standard was ammended to define this pragma as no-op. Chrome and Edge have also > > amended > Will fix before landing. > > Source/WebCore/dom/Document.cpp:-3376 > > - downcast<HTMLDocument>(*this).setCookie(content); > > Do you think it would be useful to developers if we generated a console > message here, rather than just ignoring it? I will update the patch to emit the following Security error message to the console when an HTML page tries to use the Set-Cookie meta tag: The Set-Cookie meta tag is obsolete and was ignored. Use the HTTP header Set-Cookie or document.cookie instead.
Daniel Bates
Comment 8 2018-12-18 10:03:33 PST
Created attachment 357575 [details] To Land
Daniel Bates
Comment 9 2018-12-18 10:04:56 PST
Created attachment 357576 [details] To Land
Daniel Bates
Comment 10 2018-12-18 11:17:28 PST
Committed r239342: <https://trac.webkit.org/changeset/239342>
Note You need to log in before you can comment on or make changes to this bug.