Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
webkit2gtk3
webkit2gtk3-CVE-2024-44309.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File webkit2gtk3-CVE-2024-44309.patch of Package webkit2gtk3
From c52da7c313795d61665253f23c9f298005549c73 Mon Sep 17 00:00:00 2001 From: Charlie Wolfe <charliew@apple.com> Date: Thu, 14 Nov 2024 13:56:35 -0800 Subject: [PATCH] Cherry-pick 60c387845715. https://bugs.webkit.org/show_bug.cgi?id=282197 Cherry-pick 2815b4e29829. rdar://139893250 Data Isolation bypass via attacker controlled firstPartyForCookies https://bugs.webkit.org/show_bug.cgi?id=283095 rdar://139818629 Reviewed by Matthew Finkel and Alex Christensen. `NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly have about:blank set as their firstPartyForCookies, causing us to kill the WCP. This patch is a lower risk change that removes the unconditional cookie access for requests that have an empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty firstPartyForCookies. * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::createSocketChannel): (WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad): (WebKit::NetworkConnectionToWebProcess::cookiesForDOM): (WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM): (WebKit::NetworkConnectionToWebProcess::cookiesEnabled): (WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue): (WebKit::NetworkConnectionToWebProcess::getRawCookies): (WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync): (WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync): (WebKit::NetworkConnectionToWebProcess::domCookiesForHost): (WebKit::NetworkConnectionToWebProcess::establishSWContextConnection): * Source/WebKit/NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::allowsFirstPartyForCookies): * Source/WebKit/NetworkProcess/NetworkProcess.h: * Source/WebKit/NetworkProcess/NetworkSession.cpp: (WebKit::NetworkSession::addAllowedFirstPartyForCookies): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp: (WebKit::WebSWServerConnection::scheduleJobInServer): * Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp: (WebKit::WebSharedWorkerServerConnection::requestSharedWorker): * Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm: (EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)): Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46 --- .../NetworkConnectionToWebProcess.cpp | 51 ++++++++++++++----- .../WebKit/NetworkProcess/NetworkProcess.cpp | 37 +++++++------- Source/WebKit/NetworkProcess/NetworkProcess.h | 5 +- .../WebKit/NetworkProcess/NetworkSession.cpp | 2 +- .../ServiceWorker/WebSWServerConnection.cpp | 2 +- .../WebSharedWorkerServerConnection.cpp | 2 +- .../Tests/WebKitCocoa/IPCTestingAPI.mm | 33 ++++++++++++ 7 files changed, 96 insertions(+), 36 deletions(-) diff --git a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp index a0ad3c628ec3..c13a96f0e796 100644 --- a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp +++ b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp @@ -502,7 +502,7 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy) { - MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies())); + MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()) != NetworkProcess::AllowCookieAccess::Terminate); ASSERT(!m_networkSocketChannels.contains(identifier)); if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, advancedPrivacyProtections, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy)) @@ -552,11 +552,11 @@ RefPtr<ServiceWorkerFetchTask> NetworkConnectionToWebProcess::createFetchTask(Ne void NetworkConnectionToWebProcess::scheduleResourceLoad(NetworkResourceLoadParameters&& loadParameters, std::optional<NetworkResourceLoadIdentifier> existingLoaderToResume) { - bool hasCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies()); - if (UNLIKELY(!hasCookieAccess)) + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies()); + if (UNLIKELY(allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)) RELEASE_LOG_ERROR(Loading, "scheduleResourceLoad: Web process does not have cookie access to url %" SENSITIVE_LOG_STRING " for request %" SENSITIVE_LOG_STRING, loadParameters.request.firstPartyForCookies().string().utf8().data(), loadParameters.request.url().string().utf8().data()); - MESSAGE_CHECK(hasCookieAccess); + MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); CONNECTION_RELEASE_LOG(Loading, "scheduleResourceLoad: (parentPID=%d, pageProxyID=%" PRIu64 ", webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 ", existingLoaderToResume=%" PRIu64 ")", loadParameters.parentPID, loadParameters.webPageProxyID.toUInt64(), loadParameters.webPageID.toUInt64(), loadParameters.webFrameID.object().toUInt64(), loadParameters.identifier.toUInt64(), valueOrDefault(existingLoaderToResume).toUInt64()); @@ -785,7 +785,10 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector<Strin void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, FrameIdentifier frameID, PageIdentifier pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&& completionHandler) { - MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false)); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false)); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler({ }, false); auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -802,7 +805,10 @@ void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const S void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, WebCore::FrameIdentifier frameID, PageIdentifier pageID, ApplyTrackingPrevention applyTrackingPrevention, const String& cookieString, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) { - MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty)); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return; auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -823,7 +829,10 @@ void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, co void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler) { - MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false)); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false)); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler(false); auto* networkStorageSession = storageSession(); if (!networkStorageSession) { @@ -837,7 +846,10 @@ void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String, bool)>&& completionHandler) { - MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false)); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false)); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler({ }, false); auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -848,7 +860,10 @@ void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& fir void NetworkConnectionToWebProcess::getRawCookies(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&& completionHandler) { - MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ })); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ })); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler({ }); auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -877,7 +892,10 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&& options, CompletionHandler<void(std::optional<Vector<WebCore::Cookie>>&&)>&& completionHandler) { - MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(std::nullopt)); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(std::nullopt)); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler(std::nullopt); auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -894,7 +912,10 @@ void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, co void NetworkConnectionToWebProcess::setCookieFromDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, WebCore::Cookie&& cookie, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler) { - MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty)); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false)); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler(false); auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -914,7 +935,10 @@ void NetworkConnectionToWebProcess::domCookiesForHost(const URL& url, Completion { auto host = url.host().toString(); MESSAGE_CHECK_COMPLETION(HashSet<String>::isValidValue(host), completionHandler({ })); - MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url), completionHandler({ })); + auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url); + MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ })); + if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) + return completionHandler({ }); auto* networkStorageSession = storageSession(); if (!networkStorageSession) @@ -1423,7 +1447,8 @@ void NetworkConnectionToWebProcess::establishSWContextConnection(WebPageProxyIde { auto* session = networkSession(); if (auto* swServer = session ? session->swServer() : nullptr) { - MESSAGE_CHECK(session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain)); + auto allowCookieAccess = session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain); + MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); m_swContextConnection = makeUnique<WebSWServerToContextConnection>(*this, webPageProxyID, WTFMove(registrableDomain), serviceWorkerPageIdentifier, *swServer); } completionHandler(); diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp index db0437d3b70a..8f637e6c85fd 100644 --- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp +++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp @@ -458,48 +458,49 @@ void NetworkProcess::webProcessWillLoadWebArchive(WebCore::ProcessIdentifier pro }).iterator->value.first = LoadedWebArchive::Yes; } -bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) +auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -> AllowCookieAccess { - // FIXME: This should probably not be necessary. If about:blank is the first party for cookies, - // we should set it to be the inherited origin then remove this exception. - if (firstParty.isAboutBlank()) - return true; + auto allowCookieAccess = allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty }); + if (allowCookieAccess == NetworkProcess::AllowCookieAccess::Terminate) { + // FIXME: This should probably not be necessary. If about:blank is the first party for cookies, + // we should set it to be the inherited origin then remove this exception. + if (firstParty.isAboutBlank()) + return AllowCookieAccess::Disallow; - if (firstParty.isNull()) - return true; // FIXME: This shouldn't be allowed. + if (firstParty.isNull()) + return AllowCookieAccess::Disallow; // FIXME: This shouldn't be allowed. + } - return allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty }); + return allowCookieAccess; } -bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) +auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -> AllowCookieAccess { // FIXME: This shouldn't be needed but it is hit sometimes at least with PDFs. - if (firstPartyDomain.isEmpty()) - return true; - + auto terminateOrDisallow = firstPartyDomain.isEmpty() ? AllowCookieAccess::Disallow : AllowCookieAccess::Terminate; if (!decltype(m_allowedFirstPartiesForCookies)::isValidKey(processIdentifier)) { ASSERT_NOT_REACHED(); - return false; + return terminateOrDisallow; } auto iterator = m_allowedFirstPartiesForCookies.find(processIdentifier); if (iterator == m_allowedFirstPartiesForCookies.end()) { ASSERT_NOT_REACHED(); - return false; + return terminateOrDisallow; } if (iterator->value.first == LoadedWebArchive::Yes) - return true; + return AllowCookieAccess::Allow; auto& set = iterator->value.second; if (!std::remove_reference_t<decltype(set)>::isValidValue(firstPartyDomain)) { ASSERT_NOT_REACHED(); - return false; + return terminateOrDisallow; } auto result = set.contains(firstPartyDomain); - ASSERT(result); - return result; + ASSERT(result || terminateOrDisallow == AllowCookieAccess::Disallow); + return result ? AllowCookieAccess::Allow : terminateOrDisallow; } void NetworkProcess::addStorageSession(PAL::SessionID sessionID, const WebsiteDataStoreParameters& parameters) diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h index 0897537e5847..54f19ab96ce4 100644 --- a/Source/WebKit/NetworkProcess/NetworkProcess.h +++ b/Source/WebKit/NetworkProcess/NetworkProcess.h @@ -417,8 +417,9 @@ public: void deleteWebsiteDataForOrigin(PAL::SessionID, OptionSet<WebsiteDataType>, const WebCore::ClientOrigin&, CompletionHandler<void()>&&); void deleteWebsiteDataForOrigins(PAL::SessionID, OptionSet<WebsiteDataType>, const Vector<WebCore::SecurityOriginData>& origins, const Vector<String>& cookieHostNames, const Vector<String>& HSTSCacheHostnames, const Vector<RegistrableDomain>&, CompletionHandler<void()>&&); - bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&); - bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&); + enum class AllowCookieAccess : uint8_t { Disallow, Allow, Terminate }; + AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&); + AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&); void addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier, WebCore::RegistrableDomain&&, LoadedWebArchive, CompletionHandler<void()>&&); void webProcessWillLoadWebArchive(WebCore::ProcessIdentifier); diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp index d3e9e8b4b64b..2c5fb9ad6765 100644 --- a/Source/WebKit/NetworkProcess/NetworkSession.cpp +++ b/Source/WebKit/NetworkProcess/NetworkSession.cpp @@ -728,7 +728,7 @@ void NetworkSession::appBoundDomains(CompletionHandler<void(HashSet<WebCore::Reg void NetworkSession::addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier webProcessIdentifier, std::optional<WebCore::ProcessIdentifier> requestingProcessIdentifier, WebCore::RegistrableDomain&& firstPartyForCookies) { - if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && !m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies)) { + if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies) != NetworkProcess::AllowCookieAccess::Allow) { ASSERT_NOT_REACHED(); return; } diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp index 72d67d9f98a2..515f4597cf33 100644 --- a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp +++ b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp @@ -344,7 +344,7 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData) { - MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host()))); + MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate); ASSERT(!jobData.scopeURL.isNull()); if (jobData.scopeURL.isNull()) { diff --git a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp index 83affaaded38..084bbdf8f8c5 100644 --- a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp +++ b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp @@ -79,7 +79,7 @@ NetworkSession* WebSharedWorkerServerConnection::session() void WebSharedWorkerServerConnection::requestSharedWorker(WebCore::SharedWorkerKey&& sharedWorkerKey, WebCore::SharedWorkerObjectIdentifier sharedWorkerObjectIdentifier, WebCore::TransferredMessagePort&& port, WebCore::WorkerOptions&& workerOptions) { - MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host()))); + MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate); MESSAGE_CHECK(sharedWorkerObjectIdentifier.processIdentifier() == m_webProcessIdentifier); MESSAGE_CHECK(sharedWorkerKey.name == workerOptions.name); CONNECTION_RELEASE_LOG("requestSharedWorker: sharedWorkerObjectIdentifier=%" PUBLIC_LOG_STRING, sharedWorkerObjectIdentifier.toString().utf8().data());
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor