218863 – [SOUP] ITP should cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses

NEW 218863

[SOUP] ITP should cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses

https://bugs.webkit.org/show_bug.cgi?id=218863

Summary [SOUP] ITP should cap the expiry of persistent cookies set in 3rd-party CNAME...

Michael Catanzaro

Reported 2020-11-12 11:21:14 PST

ITP should protect against CNAME cloaking. This requires soup-specific code. See: https://webkit.org/blog/11338/cname-cloaking-and-bounce-tracking-defense/ https://trac.webkit.org/changeset/265389/webkit

Attachments
Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2021-06-04 12:02:17 PDT

We found: * The Apple code lives in NetworkDataTaskCocoa.mm * GResolver doesn't actually have support for CNAME records currently, it will need to be added

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2020-11-12 11:21 PST

Modified

2021-06-04 12:02 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks