parent
0634a5f2d5
commit
ee28b472ba
@ -0,0 +1,320 @@
|
|||||||
|
From c52da7c313795d61665253f23c9f298005549c73 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Charlie Wolfe <charliew@apple.com>
|
||||||
|
Date: Thu, 14 Nov 2024 13:56:35 -0800
|
||||||
|
Subject: [PATCH] Cherry-pick 60c387845715.
|
||||||
|
|
||||||
|
Cherry-pick 2815b4e29829. rdar://139893250
|
||||||
|
|
||||||
|
Data Isolation bypass via attacker controlled firstPartyForCookies
|
||||||
|
https://bugs.webkit.org/show_bug.cgi?id=283095
|
||||||
|
rdar://139818629
|
||||||
|
|
||||||
|
Reviewed by Matthew Finkel and Alex Christensen.
|
||||||
|
|
||||||
|
`NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or
|
||||||
|
empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but
|
||||||
|
we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly
|
||||||
|
have about:blank set as their firstPartyForCookies, causing us to kill the WCP.
|
||||||
|
|
||||||
|
This patch is a lower risk change that removes the unconditional cookie access for requests that have an
|
||||||
|
empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty
|
||||||
|
firstPartyForCookies.
|
||||||
|
|
||||||
|
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::getRawCookies):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
|
||||||
|
(WebKit::NetworkConnectionToWebProcess::establishSWContextConnection):
|
||||||
|
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
|
||||||
|
(WebKit::NetworkProcess::allowsFirstPartyForCookies):
|
||||||
|
* Source/WebKit/NetworkProcess/NetworkProcess.h:
|
||||||
|
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
|
||||||
|
(WebKit::NetworkSession::addAllowedFirstPartyForCookies):
|
||||||
|
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
|
||||||
|
(WebKit::WebSWServerConnection::scheduleJobInServer):
|
||||||
|
* Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp:
|
||||||
|
(WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
|
||||||
|
* Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
|
||||||
|
(EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)):
|
||||||
|
|
||||||
|
Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch
|
||||||
|
|
||||||
|
Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46
|
||||||
|
---
|
||||||
|
.../NetworkConnectionToWebProcess.cpp | 51 ++++++++++++++-----
|
||||||
|
.../WebKit/NetworkProcess/NetworkProcess.cpp | 37 +++++++-------
|
||||||
|
Source/WebKit/NetworkProcess/NetworkProcess.h | 5 +-
|
||||||
|
.../WebKit/NetworkProcess/NetworkSession.cpp | 2 +-
|
||||||
|
.../ServiceWorker/WebSWServerConnection.cpp | 2 +-
|
||||||
|
.../WebSharedWorkerServerConnection.cpp | 2 +-
|
||||||
|
.../Tests/WebKitCocoa/IPCTestingAPI.mm | 33 ++++++++++++
|
||||||
|
7 files changed, 96 insertions(+), 36 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
|
||||||
|
index a0ad3c628ec38..c13a96f0e796a 100644
|
||||||
|
--- a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
|
||||||
|
+++ b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
|
||||||
|
@@ -502,7 +502,7 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()));
|
||||||
|
+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()) != NetworkProcess::AllowCookieAccess::Terminate);
|
||||||
|
|
||||||
|
ASSERT(!m_networkSocketChannels.contains(identifier));
|
||||||
|
if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, advancedPrivacyProtections, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy))
|
||||||
|
@@ -552,11 +552,11 @@ RefPtr<ServiceWorkerFetchTask> NetworkConnectionToWebProcess::createFetchTask(Ne
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::scheduleResourceLoad(NetworkResourceLoadParameters&& loadParameters, std::optional<NetworkResourceLoadIdentifier> existingLoaderToResume)
|
||||||
|
{
|
||||||
|
- bool hasCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies());
|
||||||
|
- if (UNLIKELY(!hasCookieAccess))
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies());
|
||||||
|
+ if (UNLIKELY(allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow))
|
||||||
|
RELEASE_LOG_ERROR(Loading, "scheduleResourceLoad: Web process does not have cookie access to url %" SENSITIVE_LOG_STRING " for request %" SENSITIVE_LOG_STRING, loadParameters.request.firstPartyForCookies().string().utf8().data(), loadParameters.request.url().string().utf8().data());
|
||||||
|
|
||||||
|
- MESSAGE_CHECK(hasCookieAccess);
|
||||||
|
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
|
||||||
|
|
||||||
|
CONNECTION_RELEASE_LOG(Loading, "scheduleResourceLoad: (parentPID=%d, pageProxyID=%" PRIu64 ", webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 ", existingLoaderToResume=%" PRIu64 ")", loadParameters.parentPID, loadParameters.webPageProxyID.toUInt64(), loadParameters.webPageID.toUInt64(), loadParameters.webFrameID.object().toUInt64(), loadParameters.identifier.toUInt64(), valueOrDefault(existingLoaderToResume).toUInt64());
|
||||||
|
|
||||||
|
@@ -785,7 +785,10 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector<Strin
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, FrameIdentifier frameID, PageIdentifier pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&& completionHandler)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler({ }, false);
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -802,7 +805,10 @@ void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const S
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, WebCore::FrameIdentifier frameID, PageIdentifier pageID, ApplyTrackingPrevention applyTrackingPrevention, const String& cookieString, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -823,7 +829,10 @@ void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, co
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler(false);
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession) {
|
||||||
|
@@ -837,7 +846,10 @@ void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String, bool)>&& completionHandler)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler({ }, false);
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -848,7 +860,10 @@ void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& fir
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::getRawCookies(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&& completionHandler)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler({ });
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -877,7 +892,10 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&& options, CompletionHandler<void(std::optional<Vector<WebCore::Cookie>>&&)>&& completionHandler)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(std::nullopt));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(std::nullopt));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler(std::nullopt);
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -894,7 +912,10 @@ void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, co
|
||||||
|
|
||||||
|
void NetworkConnectionToWebProcess::setCookieFromDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, WebCore::Cookie&& cookie, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler(false);
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -914,7 +935,10 @@ void NetworkConnectionToWebProcess::domCookiesForHost(const URL& url, Completion
|
||||||
|
{
|
||||||
|
auto host = url.host().toString();
|
||||||
|
MESSAGE_CHECK_COMPLETION(HashSet<String>::isValidValue(host), completionHandler({ }));
|
||||||
|
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url), completionHandler({ }));
|
||||||
|
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url);
|
||||||
|
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }));
|
||||||
|
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
|
||||||
|
+ return completionHandler({ });
|
||||||
|
|
||||||
|
auto* networkStorageSession = storageSession();
|
||||||
|
if (!networkStorageSession)
|
||||||
|
@@ -1423,7 +1447,8 @@ void NetworkConnectionToWebProcess::establishSWContextConnection(WebPageProxyIde
|
||||||
|
{
|
||||||
|
auto* session = networkSession();
|
||||||
|
if (auto* swServer = session ? session->swServer() : nullptr) {
|
||||||
|
- MESSAGE_CHECK(session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain));
|
||||||
|
+ auto allowCookieAccess = session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain);
|
||||||
|
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
|
||||||
|
m_swContextConnection = makeUnique<WebSWServerToContextConnection>(*this, webPageProxyID, WTFMove(registrableDomain), serviceWorkerPageIdentifier, *swServer);
|
||||||
|
}
|
||||||
|
completionHandler();
|
||||||
|
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
|
||||||
|
index db0437d3b70a2..8f637e6c85fd4 100644
|
||||||
|
--- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp
|
||||||
|
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
|
||||||
|
@@ -458,48 +458,49 @@ void NetworkProcess::webProcessWillLoadWebArchive(WebCore::ProcessIdentifier pro
|
||||||
|
}).iterator->value.first = LoadedWebArchive::Yes;
|
||||||
|
}
|
||||||
|
|
||||||
|
-bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty)
|
||||||
|
+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -> AllowCookieAccess
|
||||||
|
{
|
||||||
|
- // FIXME: This should probably not be necessary. If about:blank is the first party for cookies,
|
||||||
|
- // we should set it to be the inherited origin then remove this exception.
|
||||||
|
- if (firstParty.isAboutBlank())
|
||||||
|
- return true;
|
||||||
|
+ auto allowCookieAccess = allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty });
|
||||||
|
+ if (allowCookieAccess == NetworkProcess::AllowCookieAccess::Terminate) {
|
||||||
|
+ // FIXME: This should probably not be necessary. If about:blank is the first party for cookies,
|
||||||
|
+ // we should set it to be the inherited origin then remove this exception.
|
||||||
|
+ if (firstParty.isAboutBlank())
|
||||||
|
+ return AllowCookieAccess::Disallow;
|
||||||
|
|
||||||
|
- if (firstParty.isNull())
|
||||||
|
- return true; // FIXME: This shouldn't be allowed.
|
||||||
|
+ if (firstParty.isNull())
|
||||||
|
+ return AllowCookieAccess::Disallow; // FIXME: This shouldn't be allowed.
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- return allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty });
|
||||||
|
+ return allowCookieAccess;
|
||||||
|
}
|
||||||
|
|
||||||
|
-bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain)
|
||||||
|
+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -> AllowCookieAccess
|
||||||
|
{
|
||||||
|
// FIXME: This shouldn't be needed but it is hit sometimes at least with PDFs.
|
||||||
|
- if (firstPartyDomain.isEmpty())
|
||||||
|
- return true;
|
||||||
|
-
|
||||||
|
+ auto terminateOrDisallow = firstPartyDomain.isEmpty() ? AllowCookieAccess::Disallow : AllowCookieAccess::Terminate;
|
||||||
|
if (!decltype(m_allowedFirstPartiesForCookies)::isValidKey(processIdentifier)) {
|
||||||
|
ASSERT_NOT_REACHED();
|
||||||
|
- return false;
|
||||||
|
+ return terminateOrDisallow;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto iterator = m_allowedFirstPartiesForCookies.find(processIdentifier);
|
||||||
|
if (iterator == m_allowedFirstPartiesForCookies.end()) {
|
||||||
|
ASSERT_NOT_REACHED();
|
||||||
|
- return false;
|
||||||
|
+ return terminateOrDisallow;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (iterator->value.first == LoadedWebArchive::Yes)
|
||||||
|
- return true;
|
||||||
|
+ return AllowCookieAccess::Allow;
|
||||||
|
|
||||||
|
auto& set = iterator->value.second;
|
||||||
|
if (!std::remove_reference_t<decltype(set)>::isValidValue(firstPartyDomain)) {
|
||||||
|
ASSERT_NOT_REACHED();
|
||||||
|
- return false;
|
||||||
|
+ return terminateOrDisallow;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto result = set.contains(firstPartyDomain);
|
||||||
|
- ASSERT(result);
|
||||||
|
- return result;
|
||||||
|
+ ASSERT(result || terminateOrDisallow == AllowCookieAccess::Disallow);
|
||||||
|
+ return result ? AllowCookieAccess::Allow : terminateOrDisallow;
|
||||||
|
}
|
||||||
|
|
||||||
|
void NetworkProcess::addStorageSession(PAL::SessionID sessionID, const WebsiteDataStoreParameters& parameters)
|
||||||
|
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h
|
||||||
|
index 0897537e58476..54f19ab96ce47 100644
|
||||||
|
--- a/Source/WebKit/NetworkProcess/NetworkProcess.h
|
||||||
|
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.h
|
||||||
|
@@ -417,8 +417,9 @@ class NetworkProcess final : public AuxiliaryProcess, private DownloadManager::C
|
||||||
|
void deleteWebsiteDataForOrigin(PAL::SessionID, OptionSet<WebsiteDataType>, const WebCore::ClientOrigin&, CompletionHandler<void()>&&);
|
||||||
|
void deleteWebsiteDataForOrigins(PAL::SessionID, OptionSet<WebsiteDataType>, const Vector<WebCore::SecurityOriginData>& origins, const Vector<String>& cookieHostNames, const Vector<String>& HSTSCacheHostnames, const Vector<RegistrableDomain>&, CompletionHandler<void()>&&);
|
||||||
|
|
||||||
|
- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&);
|
||||||
|
- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&);
|
||||||
|
+ enum class AllowCookieAccess : uint8_t { Disallow, Allow, Terminate };
|
||||||
|
+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&);
|
||||||
|
+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&);
|
||||||
|
void addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier, WebCore::RegistrableDomain&&, LoadedWebArchive, CompletionHandler<void()>&&);
|
||||||
|
void webProcessWillLoadWebArchive(WebCore::ProcessIdentifier);
|
||||||
|
|
||||||
|
diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp
|
||||||
|
index d3e9e8b4b64bc..2c5fb9ad6765e 100644
|
||||||
|
--- a/Source/WebKit/NetworkProcess/NetworkSession.cpp
|
||||||
|
+++ b/Source/WebKit/NetworkProcess/NetworkSession.cpp
|
||||||
|
@@ -728,7 +728,7 @@ void NetworkSession::appBoundDomains(CompletionHandler<void(HashSet<WebCore::Reg
|
||||||
|
|
||||||
|
void NetworkSession::addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier webProcessIdentifier, std::optional<WebCore::ProcessIdentifier> requestingProcessIdentifier, WebCore::RegistrableDomain&& firstPartyForCookies)
|
||||||
|
{
|
||||||
|
- if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && !m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies)) {
|
||||||
|
+ if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies) != NetworkProcess::AllowCookieAccess::Allow) {
|
||||||
|
ASSERT_NOT_REACHED();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
|
||||||
|
index 72d67d9f98a2d..515f4597cf33f 100644
|
||||||
|
--- a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
|
||||||
|
+++ b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
|
||||||
|
@@ -344,7 +344,7 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d
|
||||||
|
|
||||||
|
void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())));
|
||||||
|
+ MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate);
|
||||||
|
|
||||||
|
ASSERT(!jobData.scopeURL.isNull());
|
||||||
|
if (jobData.scopeURL.isNull()) {
|
||||||
|
diff --git a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
|
||||||
|
index 83affaaded38e..084bbdf8f8c55 100644
|
||||||
|
--- a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
|
||||||
|
+++ b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
|
||||||
|
@@ -79,7 +79,7 @@ NetworkSession* WebSharedWorkerServerConnection::session()
|
||||||
|
|
||||||
|
void WebSharedWorkerServerConnection::requestSharedWorker(WebCore::SharedWorkerKey&& sharedWorkerKey, WebCore::SharedWorkerObjectIdentifier sharedWorkerObjectIdentifier, WebCore::TransferredMessagePort&& port, WebCore::WorkerOptions&& workerOptions)
|
||||||
|
{
|
||||||
|
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())));
|
||||||
|
+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate);
|
||||||
|
MESSAGE_CHECK(sharedWorkerObjectIdentifier.processIdentifier() == m_webProcessIdentifier);
|
||||||
|
MESSAGE_CHECK(sharedWorkerKey.name == workerOptions.name);
|
||||||
|
CONNECTION_RELEASE_LOG("requestSharedWorker: sharedWorkerObjectIdentifier=%" PUBLIC_LOG_STRING, sharedWorkerObjectIdentifier.toString().utf8().data());
|
Loading…
Reference in new issue