310830 – cURL backend should support Secure cookies for HTTP loopback URLs

NEW310830

cURL backend should support Secure cookies for HTTP loopback URLs

https://bugs.webkit.org/show_bug.cgi?id=310830

Summary cURL backend should support Secure cookies for HTTP loopback URLs

Xyan

Reported 2026-03-26 13:14:19 PDT

This involves making the following changes to the cURL backend for WebKit: * For `NetworkStorageSessionCurl::getRawCookies`, instead of always including `Secure` cookies, only include `Secure` cookies if the URL scheme is HTTPS or the hostname is a loopback address (localhost, 127.0.0.0/8, ::1) * For `NetworkDataTaskCurl` and `WebSocketTaskCurl` add the loopback address condition for including `Secure` cookies.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-04-02 13:15:13 PDT

<rdar://problem/173958900>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2026-03-26 13:14 PDT

Modified

2026-04-02 13:15 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks