Bug 217010 - [SOUP] Do not set site for cookies twice in case of redirection
Summary: [SOUP] Do not set site for cookies twice in case of redirection
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks:
 
Reported: 2020-09-26 00:59 PDT by Carlos Garcia Campos
Modified: 2020-09-26 09:00 PDT (History)
6 users (show)

See Also:


Attachments
Patch (3.96 KB, patch)
2020-09-26 01:03 PDT, Carlos Garcia Campos
mcatanzaro: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Garcia Campos 2020-09-26 00:59:58 PDT
ResourceRequest::updateSoupMessage() already fills the same site information, but we are duplicating the code in NetworkDataTaskSoup::continueHTTPRedirection()
Comment 1 Carlos Garcia Campos 2020-09-26 01:03:02 PDT
Created attachment 409771 [details]
Patch
Comment 2 Michael Catanzaro 2020-09-26 04:47:18 PDT
Comment on attachment 409771 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409771&action=review

> Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp:115
> +    if (!isSameSiteUnspecified()) {

Is it OK for SameSite to ever be unspecified when we send a message? Maybe we should have an assert to ensure that doesn't happen?
Comment 3 Carlos Garcia Campos 2020-09-26 06:49:53 PDT
(In reply to Michael Catanzaro from comment #2)
> Comment on attachment 409771 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=409771&action=review
> 
> > Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp:115
> > +    if (!isSameSiteUnspecified()) {
> 
> Is it OK for SameSite to ever be unspecified when we send a message? Maybe
> we should have an assert to ensure that doesn't happen?

I don't know.
Comment 4 Carlos Garcia Campos 2020-09-26 06:52:42 PDT
Committed r267621: <https://trac.webkit.org/changeset/267621>
Comment 5 Michael Catanzaro 2020-09-26 09:00:00 PDT
(In reply to Michael Catanzaro from comment #2)
> Is it OK for SameSite to ever be unspecified when we send a message? Maybe
> we should have an assert to ensure that doesn't happen?

Hm, I was thinking: "can we assert that same site data has been provided when needed?" But I think this actually is just used to indicate SameSite is not specified, rather than being set with SameSite=Lax, SameSite=Strict, or SameSite=None.