Disable Ad Click Attribution in ephemeral sessions and make sure conversion requests...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 20 Apr 2019 00:00:26 +0000 (00:00 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 20 Apr 2019 00:00:26 +0000 (00:00 +0000)
commit015101bffb80978c5d0e574b23094bc4f0b3de33
treebfc2d718d44acab36ee7139096f32166918cf649
parentea7c7214ccabd0bf62bc2ef0be3cd04748f2e5a2
Disable Ad Click Attribution in ephemeral sessions and make sure conversion requests use an ephemeral, stateless session
https://bugs.webkit.org/show_bug.cgi?id=197108
<rdar://problem/49918702>

Patch by John Wilander <wilander@apple.com> on 2019-04-19
Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/adClickAttribution/conversion-disabled-in-ephemeral-session.html
       http/tests/adClickAttribution/store-disabled-in-ephemeral-session.html

* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::parseAdClickAttribution const):
    Early return for ephemeral sessions.
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::shouldUseCredentialStorage):
    Now returns false for StoredCredentialsPolicy:EphemeralStatelessCookieless.
* platform/network/StoredCredentialsPolicy.h:
    Added enum value EphemeralStatelessCookieless.

Source/WebKit:

This patch introduces a new NSURLSession in WebKit::NetworkSessionCocoa called
m_ephemeralStatelessCookielessSession. As its name implies, it's ephemeral,
stateless, and has a NSHTTPCookieAcceptPolicyNever cookie policy.

The new session can be invoked with the new enum value of
WebCore::StoredCredentialsPolicy called EphemeralStatelessCookieless.

WebKit::AdClickAttributionManager::fireConversionRequest() makes use of
the new session for its conversion requests.

This patch also makes sure that Ad Click Attributions cannot be stored in
ephemeral sessions and already stored attributions cannot be converted in
ephemeral sessions.

* NetworkProcess/AdClickAttributionManager.cpp:
(WebKit::AdClickAttributionManager::fireConversionRequest):
(WebKit::AdClickAttributionManager::toString const):
* NetworkProcess/NetworkLoadChecker.h:
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
    Calls NetworkSessionCocoa::initializeEphemeralStatelessCookielessSession() lazily.
(WebKit::NetworkDataTaskCocoa::~NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
* NetworkProcess/cocoa/NetworkSessionCocoa.h:
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::NetworkSessionCocoa::initializeEphemeralStatelessCookielessSession):
(WebKit::NetworkSessionCocoa::invalidateAndCancel):
* Shared/WebCoreArgumentCoders.h:

LayoutTests:

Except for the details below, this patch introduces the utility functions
prepareTest() and tearDownAndFinish() and all applicable tests now make use
of them.

* http/tests/adClickAttribution/attribution-conversion-through-cross-site-image-redirect.html:
* http/tests/adClickAttribution/attribution-conversion-through-image-redirect-with-priority.html:
* http/tests/adClickAttribution/attribution-conversion-through-image-redirect-without-priority.html:
* http/tests/adClickAttribution/conversion-disabled-in-ephemeral-session-expected.txt: Added.
* http/tests/adClickAttribution/conversion-disabled-in-ephemeral-session.html: Copied from LayoutTests/http/tests/adClickAttribution/send-attribution-conversion-request.html.
* http/tests/adClickAttribution/resources/conversionReport.php:
    Now tries to set a cookie in the response.
* http/tests/adClickAttribution/resources/util.js: Added.
(prepareTest):
(tearDownAndFinish):
* http/tests/adClickAttribution/second-attribution-converted-with-higher-priority.html:
* http/tests/adClickAttribution/second-attribution-converted-with-lower-priority.html:
* http/tests/adClickAttribution/second-conversion-with-higher-priority.html:
* http/tests/adClickAttribution/second-conversion-with-lower-priority.html:
* http/tests/adClickAttribution/send-attribution-conversion-request-expected.txt:
* http/tests/adClickAttribution/send-attribution-conversion-request.html:
* http/tests/adClickAttribution/store-ad-click-attribution.html:
    Now sets a cookie which is checked for it in the conversion report.
* http/tests/adClickAttribution/store-disabled-in-ephemeral-session-expected.txt: Added.
* http/tests/adClickAttribution/store-disabled-in-ephemeral-session.html: Copied from LayoutTests/http/tests/adClickAttribution/store-ad-click-attribution.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244475 268f45cc-cd09-0410-ab3c-d52691b4dbfc
31 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/adClickAttribution/attribution-conversion-through-cross-site-image-redirect.html
LayoutTests/http/tests/adClickAttribution/attribution-conversion-through-image-redirect-with-priority.html
LayoutTests/http/tests/adClickAttribution/attribution-conversion-through-image-redirect-without-priority.html
LayoutTests/http/tests/adClickAttribution/conversion-disabled-in-ephemeral-session-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/adClickAttribution/conversion-disabled-in-ephemeral-session.html [new file with mode: 0644]
LayoutTests/http/tests/adClickAttribution/resources/conversionReport.php
LayoutTests/http/tests/adClickAttribution/resources/util.js [new file with mode: 0644]
LayoutTests/http/tests/adClickAttribution/second-attribution-converted-with-higher-priority.html
LayoutTests/http/tests/adClickAttribution/second-attribution-converted-with-lower-priority.html
LayoutTests/http/tests/adClickAttribution/second-conversion-with-higher-priority.html
LayoutTests/http/tests/adClickAttribution/second-conversion-with-lower-priority.html
LayoutTests/http/tests/adClickAttribution/send-attribution-conversion-request-expected.txt
LayoutTests/http/tests/adClickAttribution/send-attribution-conversion-request.html
LayoutTests/http/tests/adClickAttribution/store-ad-click-attribution.html
LayoutTests/http/tests/adClickAttribution/store-disabled-in-ephemeral-session-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/adClickAttribution/store-disabled-in-ephemeral-session.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLAnchorElement.cpp
Source/WebCore/loader/ResourceLoader.cpp
Source/WebCore/platform/network/StoredCredentialsPolicy.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/AdClickAttributionManager.cpp
Source/WebKit/NetworkProcess/NetworkLoadChecker.h
Source/WebKit/NetworkProcess/NetworkProcess.h
Source/WebKit/NetworkProcess/NetworkProcess.messages.in
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h
Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
Source/WebKit/Shared/WebCoreArgumentCoders.h