Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 093f34607a3e8c6bdf6fbe178a68ca96ecc067c6
https://github.com/WebKit/WebKit/commit/093f34607a3e8c6bdf6fbe178a68ca96ecc067c6
Author: Charlie Wolfe <[email protected]>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M Source/WebCore/loader/FrameLoader.cpp
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WKHTTPCookieStore.mm
Log Message:
-----------
Initiator-omitted samesite classification can lead to SameSite=Strict cookie
cross-site leakage
https://bugs.webkit.org/show_bug.cgi?id=311228
rdar://171546575
Reviewed by Brent Fulgham.
FrameLoader::load called addSameSiteInfoToRequestIfNeeded without an initiator
document,
unconditionally forcing isSameSite=true on requests. This prevented the later
initiator-aware
recomputation in updateRequestAndAddExtraFields from running (gated on
isSameSiteUnspecified),
causing cross-site navigations to include SameSite=Strict cookies.
Pass the FrameLoadRequest's requester document as the initiator so the SameSite
disposition is
computed correctly. When the requester is an initial document
(about:blank/empty), pass nullptr to
preserve the same-site default for fresh navigations.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::load):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm:
(TEST(WKHTTPCookieStore, SameSiteStrictCookieNotSentOnCrossSiteNavigation)):
Originally-landed-as: 305413.605@rapid/safari-7624.2.5.110-branch
(52a76d6c003e). rdar://176061578
Canonical link: https://commits.webkit.org/314396@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
