Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6486b858428d7656e22868a3cee569f53a9cfbee
https://github.com/WebKit/WebKit/commit/6486b858428d7656e22868a3cee569f53a9cfbee
Author: Matthew Finkel <m_fin...@apple.com>
Date: 2025-08-15 (Fri, 15 Aug 2025)
Changed paths:
M Source/WebCore/loader/CookieJar.cpp
M Source/WebCore/platform/network/CacheValidation.cpp
M Source/WebCore/platform/network/NetworkStorageSession.cpp
M Source/WebCore/platform/network/NetworkStorageSession.h
M Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm
M Source/WebCore/platform/network/curl/NetworkStorageSessionCurl.cpp
M Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
M Source/WebKit/NetworkProcess/NetworkSession.cpp
M Source/WebKit/NetworkProcess/NetworkSession.h
M Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm
M Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
M Source/WebKit/NetworkProcess/curl/WebSocketTaskCurl.cpp
M Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
M Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp
M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h
M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm
M Source/WebKit/WebProcess/WebPage/WebCookieCache.cpp
Log Message:
-----------
[chips] Block known trackers from using partitioned cookies from script
https://bugs.webkit.org/show_bug.cgi?id=297399
rdar://151949021
Reviewed by Wenson Hsieh.
This change is mostly plumbing. In 289849@main, we blocked partitioned cookies
in HTTP requests and responses, but we didn't restrict access from JavaScript.
This patch extends the restrictions to JavaScript that is executing in a
cross-site iframe where that iframe was loaded from a known tracker domain.
The restriction is only applied in the Network Process, under the assumption
that we have proper data isolation and cookies should not be available in the
WebProcess's cookie cache if they are rejected in the network process.
No new tests.
* Source/WebCore/loader/CookieJar.cpp:
(WebCore::CookieJar::cookies const):
(WebCore::CookieJar::setCookies):
(WebCore::CookieJar::cookiesEnabled):
(WebCore::CookieJar::cookieRequestHeaderFieldValue const):
* Source/WebCore/platform/network/CacheValidation.cpp:
(WebCore::cookieRequestHeaderFieldValue):
* Source/WebCore/platform/network/NetworkStorageSession.cpp:
(WebCore::NetworkStorageSession::thirdPartyCookieBlockingDecisionForRequest
const):
(WebCore::NetworkStorageSession::shouldBlockCookies const):
(WebCore::NetworkStorageSession::maxAgeCacheCap):
(WebCore::NetworkStorageSession::cookiesEnabled const):
* Source/WebCore/platform/network/NetworkStorageSession.h:
* Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:
(WebCore::NetworkStorageSession::cookiesForURL const):
(WebCore::NetworkStorageSession::cookiesForSession const):
(WebCore::NetworkStorageSession::cookiesForSessionAsVector const):
(WebCore::NetworkStorageSession::cookiesForDOM const):
(WebCore::NetworkStorageSession::cookiesForDOMAsVector const):
(WebCore::NetworkStorageSession::cookieRequestHeaderFieldValue const):
(WebCore::NetworkStorageSession::setCookiesFromDOM const):
(WebCore::NetworkStorageSession::setCookieFromDOM const):
(WebCore::NetworkStorageSession::getRawCookies const):
(WebCore::NetworkStorageSession::startListeningForCookieChangeNotifications):
* Source/WebCore/platform/network/curl/NetworkStorageSessionCurl.cpp:
(WebCore::NetworkStorageSession::setCookiesFromDOM const):
(WebCore::NetworkStorageSession::setCookieFromDOM const):
(WebCore::NetworkStorageSession::cookiesForDOM const):
(WebCore::NetworkStorageSession::cookiesForDOMAsVector const):
(WebCore::NetworkStorageSession::cookieRequestHeaderFieldValue const):
* Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp:
(WebCore::NetworkStorageSession::setCookiesFromDOM const):
(WebCore::NetworkStorageSession::setCookieFromDOM const):
(WebCore::lookupCookies):
(WebCore::lookupCookiesHeaders):
(WebCore::NetworkStorageSession::getRawCookies const):
(WebCore::NetworkStorageSession::cookiesForDOM const):
(WebCore::NetworkStorageSession::cookiesForDOMAsVector const):
(WebCore::NetworkStorageSession::cookieRequestHeaderFieldValue const):
(WebCore::NetworkStorageSession::startListeningForCookieChangeNotifications):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
(WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
(WebKit::NetworkConnectionToWebProcess::subscribeToCookieChangeNotifications):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::validateCacheEntryForMaxAgeCapValidation):
(WebKit::NetworkResourceLoader::logCookieInformation):
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::isRequestToKnownCrossSiteTracker):
(WebKit::NetworkSession::isResourceFromKnownCrossSiteTracker):
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:
(WebKit::NetworkCache::SpeculativeLoad::willSendRedirectedRequest):
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate
URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate
URLSession:task:_schemeUpgraded:completionHandler:]):
(WebKit::NetworkSessionCocoa::createWebSocketTask):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm:
(WebKit::NetworkTaskCocoa::requestThirdPartyCookieBlockingDecision const):
* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:
(WebKit::WebSocketTask::WebSocketTask):
* Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp:
(WebKit::NetworkDataTaskCurl::appendCookieHeader):
(WebKit::NetworkDataTaskCurl::shouldBlockCookies):
* Source/WebKit/NetworkProcess/curl/WebSocketTaskCurl.cpp:
(WebKit::WebSocketTask::didOpen):
* Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp:
(WebKit::NetworkDataTaskSoup::createRequest):
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp:
(WebKit::NetworkSessionSoup::createWebSocketTask):
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm:
(WebKit::isRequestToKnownCrossSiteTracker):
* Source/WebKit/WebProcess/WebPage/WebCookieCache.cpp:
(WebKit::WebCookieCache::cookiesForDOM):
(WebKit::WebCookieCache::setCookiesFromDOM):
(WebKit::WebCookieCache::didSetCookieFromDOM):
Canonical link: https://commits.webkit.org/298790@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
