Bug 64997 (CVE-2011-3242) - [WebKit2] Changing the cookie accept policy in Private Browsing doesn’t work
Summary: [WebKit2] Changing the cookie accept policy in Private Browsing doesn’t work
Status: RESOLVED FIXED
Alias: CVE-2011-3242
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.7
: P2 Normal
Assignee: Jessie Berlin
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2011-07-21 17:01 PDT by Jessie Berlin
Modified: 2011-09-08 16:59 PDT (History)
5 users (show)

See Also:


Attachments
Patch (1.89 KB, patch)
2011-07-21 17:24 PDT, Jessie Berlin
adachan: review-
webkit.review.bot: commit-queue-
Details | Formatted Diff | Diff
Patch (take 2) (7.69 KB, patch)
2011-07-22 11:40 PDT, Jessie Berlin
no flags Details | Formatted Diff | Diff
Patch (take 3 - the binary edition) (320.45 KB, patch)
2011-07-22 13:39 PDT, Jessie Berlin
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jessie Berlin 2011-07-21 17:01:58 PDT
<rdar://problem/9809364>

There is a FIXME in WebCookieManagerMac to set the cookie accept policy on the Private Browsing storage session as well. It needs to be fixed.
Comment 1 Jessie Berlin 2011-07-21 17:24:19 PDT
Created attachment 101675 [details]
Patch
Comment 2 WebKit Review Bot 2011-07-21 18:38:18 PDT
Comment on attachment 101675 [details]
Patch

Attachment 101675 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/9192911
Comment 3 Ada Chan 2011-07-21 21:30:12 PDT
Comment on attachment 101675 [details]
Patch

We have to fix the Mac build first...
Comment 4 Ada Chan 2011-07-21 21:45:40 PDT
Maybe we need a WKSetHTTPCookieAcceptPolicy in WebKitSystemInterface?
Comment 5 Jessie Berlin 2011-07-22 08:51:57 PDT
(In reply to comment #4)
> Maybe we need a WKSetHTTPCookieAcceptPolicy in WebKitSystemInterface?

Yep, working on it.
Comment 6 Jessie Berlin 2011-07-22 11:40:10 PDT
Created attachment 101746 [details]
Patch (take 2)
Comment 7 Jessie Berlin 2011-07-22 13:36:38 PDT
Comment on attachment 101746 [details]
Patch (take 2)

I will re-generate the diff with the --binary flag and post it again for review so that the EWS bots can apply it.
Comment 8 Jessie Berlin 2011-07-22 13:39:13 PDT
Created attachment 101760 [details]
Patch (take 3 - the binary edition)
Comment 9 Ada Chan 2011-07-22 13:55:27 PDT
Comment on attachment 101760 [details]
Patch (take 3 - the binary edition)

View in context: https://bugs.webkit.org/attachment.cgi?id=101760&action=review

> WebKitLibraries/ChangeLog:5
> +

Might be useful to mention the API you are adding here and that it's only implemented on Mac so far.
Comment 10 Jessie Berlin 2011-07-22 15:09:44 PDT
(In reply to comment #9)
> (From update of attachment 101760 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=101760&action=review
> 
> > WebKitLibraries/ChangeLog:5
> > +
> 
> Might be useful to mention the API you are adding here and that it's only implemented on Mac so far.

There is no need to implement that API on Windows - we don’t have the issue of not having the Private Headers not available on Windows.

I will mention that in the ChangeLog.

Thanks for the review!
Comment 11 Jessie Berlin 2011-07-22 16:23:36 PDT
Comment on attachment 101760 [details]
Patch (take 3 - the binary edition)

Fixed in http://trac.webkit.org/changeset/91616