Bug 196927 - Web Inspector: SameSite parsing should be stricter
Summary: Web Inspector: SameSite parsing should be stricter
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Joseph Pecoraro
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-04-15 13:00 PDT by Joseph Pecoraro
Modified: 2019-04-16 11:20 PDT (History)
8 users (show)

See Also:


Attachments
[PATCH] Proposed Fix (7.97 KB, patch)
2019-04-15 13:10 PDT, Joseph Pecoraro
hi: review+
hi: commit-queue-
Details | Formatted Diff | Diff
[PATCH] For Landing (17.86 KB, patch)
2019-04-15 13:26 PDT, Joseph Pecoraro
no flags Details | Formatted Diff | Diff
[PATCH] For Landing (14.23 KB, patch)
2019-04-15 13:34 PDT, Joseph Pecoraro
no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews101 for mac-highsierra (3.43 MB, application/zip)
2019-04-15 13:52 PDT, EWS Watchlist
no flags Details
Archive of layout-test-results from ews116 for mac-highsierra (2.87 MB, application/zip)
2019-04-15 14:49 PDT, EWS Watchlist
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Pecoraro 2019-04-15 13:00:36 PDT
SameSite parsing should be stricter:
https://httpwg.org/http-extensions/rfc6265bis.html#the-samesite-attribute-1

    SameSite=lax     => Lax
    SameSite=strict  => Strict

    SameSite         => Ignore
    SameSite=unknown => Ignore
Comment 1 Joseph Pecoraro 2019-04-15 13:02:43 PDT
<rdar://problem/42291601>
Comment 2 Joseph Pecoraro 2019-04-15 13:10:42 PDT
Created attachment 367445 [details]
[PATCH] Proposed Fix
Comment 3 Devin Rousso 2019-04-15 13:23:01 PDT
Comment on attachment 367445 [details]
[PATCH] Proposed Fix

r=me, please update the expected result for `inspector/unit-tests/cookie.html` :)
Comment 4 Joseph Pecoraro 2019-04-15 13:26:27 PDT
Created attachment 367449 [details]
[PATCH] For Landing
Comment 5 Joseph Pecoraro 2019-04-15 13:34:23 PDT
Created attachment 367452 [details]
[PATCH] For Landing
Comment 6 EWS Watchlist 2019-04-15 13:52:37 PDT Comment hidden (obsolete)
Comment 7 EWS Watchlist 2019-04-15 13:52:39 PDT Comment hidden (obsolete)
Comment 8 EWS Watchlist 2019-04-15 14:49:54 PDT
Comment on attachment 367445 [details]
[PATCH] Proposed Fix

Attachment 367445 [details] did not pass mac-debug-ews (mac):
Output: https://webkit-queues.webkit.org/results/11875103

New failing tests:
inspector/unit-tests/cookie.html
Comment 9 EWS Watchlist 2019-04-15 14:49:55 PDT
Created attachment 367463 [details]
Archive of layout-test-results from ews116 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews116  Port: mac-highsierra  Platform: Mac OS X 10.13.6
Comment 10 WebKit Commit Bot 2019-04-15 14:53:53 PDT
Comment on attachment 367452 [details]
[PATCH] For Landing

Clearing flags on attachment: 367452

Committed r244294: <https://trac.webkit.org/changeset/244294>
Comment 11 Shawn Roberts 2019-04-16 10:53:25 PDT
After changes in https://trac.webkit.org/changeset/244294 

http/tests/inspector/network/har/har-page.html is failing on WK2 Release and Debug builds.

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Finspector%2Fnetwork%2Fhar%2Fhar-page.html

Was a flaky timeout/failure in previous revisions. 

Diff:

--- /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/tests/inspector/network/har/har-page-expected.txt
+++ /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/tests/inspector/network/har/har-page-actual.txt
@@ -588,8 +588,7 @@
               "path": "/",
               "expires": "",
               "httpOnly": false,
-              "secure": false,
-              "sameSite": "Strict"
+              "secure": false
             }
           ],
           "headers": "<filtered>",
@@ -661,8 +660,7 @@
               "path": "/",
               "expires": "",
               "httpOnly": false,
-              "secure": false,
-              "sameSite": "Strict"
+              "secure": false
             }
           ],
           "headers": "<filtered>",
Comment 12 Joseph Pecoraro 2019-04-16 11:09:59 PDT
(In reply to Shawn Roberts from comment #11)
> After changes in https://trac.webkit.org/changeset/244294 
> 
> http/tests/inspector/network/har/har-page.html is failing on WK2 Release and
> Debug builds.
> 
> https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.
> html#showAllRuns=true&tests=http%2Ftests%2Finspector%2Fnetwork%2Fhar%2Fhar-
> page.html
> 
> Was a flaky timeout/failure in previous revisions. 
> 
> Diff:
> 
> ---
> /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/
> tests/inspector/network/har/har-page-expected.txt
> +++
> /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/
> tests/inspector/network/har/har-page-actual.txt
> @@ -588,8 +588,7 @@
>                "path": "/",
>                "expires": "",
>                "httpOnly": false,
> -              "secure": false,
> -              "sameSite": "Strict"
> +              "secure": false
>              }
>            ],
>            "headers": "<filtered>",
> @@ -661,8 +660,7 @@
>                "path": "/",
>                "expires": "",
>                "httpOnly": false,
> -              "secure": false,
> -              "sameSite": "Strict"
> +              "secure": false
>              }
>            ],
>            "headers": "<filtered>",

Oops, yes updating now.
Comment 13 Joseph Pecoraro 2019-04-16 11:20:02 PDT
> Oops, yes updating now.

Test + Expectations updated in:
https://trac.webkit.org/r244345