During my refactoring of the ResourceLoadStatistics code, I introduced two bugs: (1) I neglected to be consistent in my use of 'primaryDomain', causing some Storage Access API code paths to store approves under one domain (e.g., 'www.example.com'), while checking status under the eTLD+1 (e.g., 'example.com'). The exact string matching requirement caused these to get missed. (2) I used a move operator before a final set of copies of domain names, leading to some empty strings being passed to Storage Access API calls. Both issues are corrected in this patch.
This is another example of why I really should introduce a registrableDomain class so we can get type safety to save us. We’re using it in so many places now – ITP, SameSite cookies, partitioning, Ad Click Attribution, and PSON (afaik). I might do this next week.
<rdar://problem/48084628>
Created attachment 362051 [details] Patch
Comment on attachment 362051 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=362051&action=review > Source/WebKit/ChangeLog:17 > + Both issues are corrected in this patch. Are there any tests to make sure we don't do this again?
(In reply to Alex Christensen from comment #4) > Comment on attachment 362051 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=362051&action=review > > > Source/WebKit/ChangeLog:17 > > + Both issues are corrected in this patch. > > Are there any tests to make sure we don't do this again? The problem is that our layout tests don’t support subdomains. That’s why we missed this once earlier. Type safety should fix it.
Comment on attachment 362051 [details] Patch Clearing flags on attachment: 362051 Committed r241574: <https://trac.webkit.org/changeset/241574>
All reviewed patches have been landed. Closing bug.