Commit b0986158 authored by commit-queue@webkit.org's avatar commit-queue@webkit.org
Browse files

[BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection

https://bugs.webkit.org/show_bug.cgi?id=95747

PR199729

Patch by Otto Derek Cheung <otcheung@rim.com> on 2012-09-04
Reviewed by Rob Buis.
Internally Reviewed by Joe Mason.

If the browser has never saved a secure protocol cookie in its mapping before,
and it tries to set and retreive a secure cookie over a non-secure
protocol, it will not show up because the link between the secure and
non-secure mapping isn't created until a cookie (sent through secure) is set.

The fix is to also check for the linkage in getRawCookies. Note that we cannot
map the secure CookieMap to the non-secure one because getRawCookies is a const
function.

Manually tested using our Browser Test suite.

* platform/blackberry/CookieManager.cpp:
(WebCore::CookieManager::getRawCookies):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127470 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 1dd0161e
2012-09-04 Otto Derek Cheung <otcheung@rim.com>
[BlackBerry] Browser is not sending secured Cookie back to server over HTTPS connection
https://bugs.webkit.org/show_bug.cgi?id=95747
PR199729
Reviewed by Rob Buis.
Internally Reviewed by Joe Mason.
If the browser has never saved a secure protocol cookie in its mapping before,
and it tries to set and retreive a secure cookie over a non-secure
protocol, it will not show up because the link between the secure and
non-secure mapping isn't created until a cookie (sent through secure) is set.
The fix is to also check for the linkage in getRawCookies. Note that we cannot
map the secure CookieMap to the non-secure one because getRawCookies is a const
function.
Manually tested using our Browser Test suite.
* platform/blackberry/CookieManager.cpp:
(WebCore::CookieManager::getRawCookies):
2012-09-04 Philippe Normand <pnormand@igalia.com>
 
[GStreamer] 0.11 build breaks due to rename of gst_message_new_duration
......@@ -207,10 +207,22 @@ void CookieManager::getRawCookies(Vector<ParsedCookie*> &stackOfCookies, const K
Vector<ParsedCookie*> cookieCandidates;
Vector<CookieMap*> protocolsToSearch;
// Special Case: If a server sets a "secure" cookie over a non-secure channel and tries to access the cookie
// over a secure channel, it will not succeed because the secure protocol isn't mapped to the insecure protocol yet.
// Set the map to the non-secure version, so it'll search the mapping for a secure cookie.
CookieMap* targetMap = m_managerMap.get(requestURL.protocol());
if (!targetMap && isConnectionSecure) {
CookieLog("CookieManager - special case: secure protocol are not linked yet.");
if (requestURL.protocolIs("https"))
targetMap = m_managerMap.get("http");
else if (requestURL.protocolIs("wss"))
targetMap = m_managerMap.get("ws");
}
if (specialCaseForLocal)
copyValuesToVector(m_managerMap, protocolsToSearch);
else {
protocolsToSearch.append(m_managerMap.get(requestURL.protocol()));
protocolsToSearch.append(targetMap);
// FIXME: this is a hack for webworks apps; RFC 6265 says "Cookies do not provide isolation by scheme"
// so we should not be checking protocols at all. See PR 135595
if (m_shouldDumpAllCookies) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment