Bug 185077 - Remove <meta http-equiv=set-cookie> support
Summary: Remove <meta http-equiv=set-cookie> support
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-04-27 09:51 PDT by Anne van Kesteren
Modified: 2018-12-18 11:17 PST (History)
11 users (show)

See Also:

Attachments
Patch (4.38 KB, patch)
2018-07-03 15:02 PDT, Daniel Bates 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews206 for win-future (12.92 MB, application/zip)
2018-07-03 23:28 PDT, EWS Watchlist 		no flags Details
To Land (4.79 KB, patch)
2018-12-18 10:03 PST, Daniel Bates 		no flags Details | Formatted Diff | Diff
To Land (4.79 KB, patch)
2018-12-18 10:04 PST, Daniel Bates 		no flags Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anne van Kesteren 2018-04-27 09:51:08 PDT 
See cookies/meta-blocked.html in web-platform-tests and https://github.com/whatwg/html/pull/3649

Chrome has succeeded with this.
Comment 1 Radar WebKit Bug Importer 2018-07-03 14:12:39 PDT 
<rdar://problem/41791397>
Comment 2 Daniel Bates 2018-07-03 15:02:35 PDT 
Created attachment 344226 [details]
Patch
Comment 3 EWS Watchlist 2018-07-03 23:28:19 PDT 
Comment on attachment 344226 [details]
Patch

Attachment 344226 [details] did not pass win-ews (win):
Output: https://webkit-queues.webkit.org/results/8433122

New failing tests:
http/tests/security/canvas-remote-read-remote-video-localhost.html
Comment 4 EWS Watchlist 2018-07-03 23:28:30 PDT 
Created attachment 344265 [details]
Archive of layout-test-results from ews206 for win-future

The attached test failures were seen while running run-webkit-tests on the win-ews.
Bot: ews206  Port: win-future  Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Comment 5 Daniel Bates 2018-07-11 12:10:17 PDT 
(In reply to Build Bot from comment #3)
> Comment on attachment 344226 [details]
> Patch
> 
> Attachment 344226 [details] did not pass win-ews (win):
> Output: https://webkit-queues.webkit.org/results/8433122
> 
> New failing tests:
> http/tests/security/canvas-remote-read-remote-video-localhost.html

I am unclear how this test failures is related to the code removal in this patch. The results.html file in the attached results archive indicates that the test crashed, but no crash log is included :(
Comment 6 Brent Fulgham 2018-08-27 16:14:40 PDT 
Comment on attachment 344226 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=344226&action=review

r=me. The Windows-specific test failure is not related to this change.

> Source/WebCore/ChangeLog:10
> +        the HTML living standard was ammended to define this pragma as no-op. Chrome and Edge have also

amended

> Source/WebCore/dom/Document.cpp:-3376
> -            downcast<HTMLDocument>(*this).setCookie(content);

Do you think it would be useful to developers if we generated a console message here, rather than just ignoring it?
Comment 7 Daniel Bates 2018-12-18 09:36:09 PST 
(In reply to Brent Fulgham from comment #6)
> > Source/WebCore/ChangeLog:10
> > +        the HTML living standard was ammended to define this pragma as no-op. Chrome and Edge have also
> 
> amended
> 

Will fix before landing.

> > Source/WebCore/dom/Document.cpp:-3376
> > -            downcast<HTMLDocument>(*this).setCookie(content);
> 
> Do you think it would be useful to developers if we generated a console
> message here, rather than just ignoring it?

I will update the patch to emit the following Security error message to the console when an HTML page tries to use the Set-Cookie meta tag:

The Set-Cookie meta tag is obsolete and was ignored. Use the HTTP header Set-Cookie or document.cookie instead.
Comment 8 Daniel Bates 2018-12-18 10:03:33 PST 
Created attachment 357575 [details]
To Land
Comment 9 Daniel Bates 2018-12-18 10:04:56 PST 
Created attachment 357576 [details]
To Land
Comment 10 Daniel Bates 2018-12-18 11:17:28 PST 
Committed r239342: <https://trac.webkit.org/changeset/239342>