Deny third-party cookie creation for prevalent resources without interaction
https://bugs.webkit.org/show_bug.cgi?id=175232
<rdar://problem/
33709386>
Reviewed by Alex Christensen.
Source/WebCore:
Prior to Intelligent Tracking Prevention, WebKit would deny the ability to create a third party cookie if the user's
settings prohibited it. Due to the internal mechanics of cookie partitioning, we now accept the third party cookie,
but destroy it at some arbitrary moment which is difficult for websites to work with.
This patch revises WebKit so that attempts to set third party cookies without user interaction fails immediately,
which is what sites are expecting from Safari.
Tests: http/tests/loading/resourceLoadStatistics/third-party-cookie-with-and-without-user-interaction.html
* platform/network/NetworkStorageSession.h:
* platform/network/cf/NetworkStorageSessionCFNet.cpp:
(WebCore::NetworkStorageSession::shouldPartitionCookies const): Revise for new naming.
(WebCore::NetworkStorageSession::shouldAllowThirdPartyCookies const): Allow third party cookies when the
user interaction property applies.
(WebCore::NetworkStorageSession::shouldBlockCookies const): Deny cookies for origins that are not allowed by
user interaction, and that are not being partitioned.
(WebCore::NetworkStorageSession::setPrevalentDomainsWithAndWithoutInteraction): Revise for new naming, and
to track prevalent origins with and without user interaction.
(WebCore::NetworkStorageSession::setShouldPartitionCookiesForHosts): Renamed to setPrevalentDomainsWithAndWithoutInteraction.
(WebCore::NetworkStorageSession::removePrevalentDomains): New helper function for testing.
Source/WebKit:
Prior to Intelligent Tracking Prevention, WebKit would deny the ability to create a third party cookie if the user's
settings prohibited it. Due to the internal mechanics of cookie partitioning, we now accept the third party cookie,
but destroy it at some arbitrary moment which is difficult for websites to work with.
This patch revises WebKit so that attempts to set third party cookies without user interaction fails immediately,
which is what sites are expecting from Safari.
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::updatePrevalentDomainsWithAndWithoutInteraction):
(WebKit::NetworkProcess::updateCookiePartitioningForTopPrivatelyOwnedDomains): Renamed to updatePrevalentDomainsWithAndWithoutInteraction.
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in: Renamed the UpdateCookiePartitioningForTopPrivatelyOwnedDomains message
to UpdatePrevalentDomainsWithAndWithoutInteraction.
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): Recognize cases where a network session should block cookies, and
use the stateless session so we fail immediately when attempting an invalid cookie set operation.
* UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
(WebKit::WKWebsiteDataStore::_resourceLoadStatisticsSetShouldPartitionCookies): Use new helper function to clear partitioning state.
* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore): Update for revised naming.
(WebKit::WebResourceLoadStatisticsStore::updateCookiePartitioning): Track domains with and without interaction so that we can recognize
domains that should be immediately blocked from setting cookies.
(WebKit::WebResourceLoadStatisticsStore::updateCookiePartitioningForDomains): Update for revised naming.
(WebKit::WebResourceLoadStatisticsStore::scheduleClearPartitioningStateForDomains): Added helper function for testing.
* UIProcess/WebResourceLoadStatisticsStore.h:
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::updatePrevalentDomainsWithAndWithoutInteraction): Update for revised naming.
(WebKit::WebsiteDataStore::enableResourceLoadStatisticsAndSetTestingCallback): Ditto.
(WebKit::WebsiteDataStore::updateCookiePartitioningForTopPrivatelyOwnedDomains): Renamed to updatePrevalentDomainsWithAndWithoutInteraction.
* UIProcess/WebsiteData/WebsiteDataStore.h:
LayoutTests:
* http/tests/loading/resourceLoadStatistics/third-party-cookie-with-and-without-user-interaction-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/third-party-cookie-with-and-without-user-interaction.html: Added.
* platform/mac-highsierra-wk2/TestExpectations: Add new test expectation.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221683
268f45cc-cd09-0410-ab3c-
d52691b4dbfc