Diff
Modified: branches/safari-605-branch/LayoutTests/ChangeLog (230300 => 230301)
--- branches/safari-605-branch/LayoutTests/ChangeLog 2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/LayoutTests/ChangeLog 2018-04-05 17:05:08 UTC (rev 230301)
@@ -1,3 +1,19 @@
+2018-04-05 Jason Marcell <jmarc...@apple.com>
+
+ Apply patch. rdar://problem/39191858
+
+ fix-httponly-cookie
+
+ 2018-04-04 Youenn Fablet <you...@apple.com>
+
+ iOS 11.4 Beta WKWebView does not send cookies with HttpOnly flag set, for cache manifest request and its resources
+ <rdar://problem/39144159>
+
+ Reviewed by Brady Eidson.
+
+ * http/tests/appcache/document-cookie-http-only-expected.txt: Added.
+ * http/tests/appcache/document-cookie-http-only.php: Added.
+
2018-04-03 Jason Marcell <jmarc...@apple.com>
Cherry-pick r230172. rdar://problem/39155049
Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only-expected.txt (0 => 230301)
--- branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only-expected.txt (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only-expected.txt 2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1: ApplicationCache is deprecated. Please use ServiceWorkers instead.
+This tests that HttpOnly cookies set on the main document are used when accessing resources in the manifest.
+This also tests that cookies used by appcache resource loading are scoped properly.
+PASSED: Cookie should not be visible from _javascript_.
+PASSED: Script Cookie is set to 'script'
Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only.php (0 => 230301)
--- branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only.php (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/document-cookie-http-only.php 2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,34 @@
+<?php
+setcookie("scope", "manifest", 0, "/appcache/resources/scope1", null, null, true);
+setcookie("scope", "script", 0, "/appcache/resources/scope2", null, null, true);
+?>
+<html manifest="resources/scope1/cookie-protected-manifest.php">
+
+<div>This tests that HttpOnly cookies set on the main document are used when accessing resources in the manifest.</div>
+<div>This also tests that cookies used by appcache resource loading are scoped properly.</div>
+<div id="log">Not checked cookie yet</div>
+<div id="result">Not run yet</div>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText()
+ testRunner.waitUntilDone();
+}
+
+var cookieTest = document.cookie === "" ? "PASSED" : "FAILED";
+log.innerHTML = cookieTest + ": Cookie should not be visible from _javascript_.";
+
+function dynamicScriptLoad() {
+ var script = document.createElement("script");
+ script.type = "text/_javascript_";
+ script.src = ""
+ document.getElementsByTagName("head")[0].appendChild(script);
+}
+
+function cached()
+{
+ setTimeout("dynamicScriptLoad();", 0);
+}
+
+applicationCache.addEventListener('cached', cached, false);
+</script>
+</html>
Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/manifest-protected-script.php (0 => 230301)
--- branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/manifest-protected-script.php (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/manifest-protected-script.php 2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,12 @@
+<?php
+
+if (isset($_COOKIE['foo']) and $_COOKIE['foo'] == 'manifest') {
+ header('Content-Type: text/html; ' . $_COOKIE['foo']);
+ print("CACHE MANIFEST\n");
+ print("simple.txt\n");
+ return;
+}
+header('HTTP/1.0 404 Not Found');
+header('Content-Type: text/html; ' . count($_COOKIE));
+
+?>
Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope1/cookie-protected-manifest.php (0 => 230301)
--- branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope1/cookie-protected-manifest.php (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope1/cookie-protected-manifest.php 2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,13 @@
+<?php
+
+if (isset($_COOKIE['scope']) and $_COOKIE['scope'] == 'manifest') {
+ header('Content-Type: text/html; ' . $_COOKIE['scope']);
+ print("CACHE MANIFEST\n");
+ print("/appcache/resources/simple.txt\n");
+ print("/appcache/resources/scope2/cookie-protected-script.php\n");
+ return;
+}
+header('HTTP/1.0 404 Not Found');
+header('Content-Type: text/html; ' . count($_COOKIE));
+
+?>
Added: branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope2/cookie-protected-script.php (0 => 230301)
--- branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope2/cookie-protected-script.php (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/appcache/resources/scope2/cookie-protected-script.php 2018-04-05 17:05:08 UTC (rev 230301)
@@ -0,0 +1,18 @@
+<?php
+header("Content-type:application/_javascript_");
+
+if (isset($_COOKIE["scope"])) {
+ echo "var cookieVal = '" . $_COOKIE["scope"] . "';";
+} else {
+ echo "var cookieVal = '<null>';";
+}
+
+?>
+
+if (cookieVal === "script")
+ document.getElementById("result").innerHTML = "PASSED: Script Cookie is set to 'script'";
+else
+ document.getElementById("result").innerHTML = "FAILED: Script Cookie should be 'script', is set to '" + cookieVal + "'";
+
+if (window.testRunner)
+ testRunner.notifyDone();
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (230300 => 230301)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-04-05 17:05:08 UTC (rev 230301)
@@ -1,3 +1,27 @@
+2018-04-05 Jason Marcell <jmarc...@apple.com>
+
+ Apply patch. rdar://problem/39191858
+
+ fix-httponly-cookie
+
+ 2018-04-04 Youenn Fablet <you...@apple.com>
+
+ iOS 11.4 Beta WKWebView does not send cookies with HttpOnly flag set, for cache manifest request and its resources
+ <rdar://problem/39144159>
+
+ Reviewed by Brady Eidson.
+
+ Test: http/tests/appcache/document-cookie-http-only.php
+ Before that patch, we were using cookie as visible by the DOM document for loading manifest and other cached resources.
+ We now are back to the exact same behavior as preElk/Emet by fully respecting cookies for appcache:
+ - HttpOnly headers are used for appcache loading
+ - Cookie is retrieved for each appcache loading so that cookie scopes are respected.
+
+ * loader/appcache/ApplicationCacheGroup.cpp:
+ (WebCore::ApplicationCacheGroup::update):
+ (WebCore::ApplicationCacheGroup::createResourceHandle):
+ * loader/appcache/ApplicationCacheGroup.h:
+
2018-04-04 Ryan Haddad <ryanhad...@apple.com>
Cherry-pick r230016. rdar://problem/38154623
Modified: branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp (230300 => 230301)
--- branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp 2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp 2018-04-05 17:05:08 UTC (rev 230301)
@@ -32,6 +32,7 @@
#include "ApplicationCacheStorage.h"
#include "Chrome.h"
#include "ChromeClient.h"
+#include "CookieJar.h"
#include "DOMApplicationCache.h"
#include "DocumentLoader.h"
#include "EventNames.h"
@@ -442,12 +443,6 @@
ASSERT(!m_currentResource);
ASSERT(m_completionType == None);
- if (auto* document = m_frame->document()) {
- auto documentCookie = document->cookie();
- if (!documentCookie.hasException())
- m_cookieStringFromDocument = documentCookie.releaseReturnValue();
- }
-
// FIXME: Handle defer loading
m_manifestHandle = createResourceHandle(m_manifestURL, m_newestCache ? m_newestCache->manifestResource() : 0);
}
@@ -471,8 +466,11 @@
m_frame->loader().applyUserAgentIfNeeded(request);
request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
- if (!m_cookieStringFromDocument.isEmpty())
- request.setHTTPHeaderField(HTTPHeaderName::Cookie, m_cookieStringFromDocument);
+ if (auto* document = m_frame->document()) {
+ auto cookie = cookieRequestHeaderFieldValue(*document, url);
+ if (!cookie.isEmpty())
+ request.setHTTPHeaderField(HTTPHeaderName::Cookie, cookie);
+ }
if (newestCachedResource) {
const String& lastModified = newestCachedResource->response().httpHeaderField(HTTPHeaderName::LastModified);
Modified: branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.h (230300 => 230301)
--- branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.h 2018-04-05 15:50:26 UTC (rev 230300)
+++ branches/safari-605-branch/Source/WebCore/loader/appcache/ApplicationCacheGroup.h 2018-04-05 17:05:08 UTC (rev 230301)
@@ -201,7 +201,6 @@
bool m_originQuotaExceededPreviously { false };
friend class ChromeClientCallbackTimer;
- String m_cookieStringFromDocument;
};
} // namespace WebCore