Service Worker should correctly set its document first party for cookies URL
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Dec 2019 17:10:36 +0000 (17:10 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Dec 2019 17:10:36 +0000 (17:10 +0000)
https://bugs.webkit.org/show_bug.cgi?id=204742

Reviewed by Chris Dumez.

Source/WebCore:

Test: http/wpt/service-workers/third-party-cookie.html

* workers/service/context/ServiceWorkerThreadProxy.cpp:
(WebCore::createPageForServiceWorker):
Set document first party cookie for URL to the top origin.

LayoutTests:

* http/wpt/service-workers/resources/set-cookie.py: Added.
* http/wpt/service-workers/resources/third-party-cookie-iframe.html: Added.
* http/wpt/service-workers/resources/third-party-worker.js:
* http/wpt/service-workers/third-party-cookie-expected.txt: Added.
* http/wpt/service-workers/third-party-cookie.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@252985 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/wpt/service-workers/resources/set-cookie.py [new file with mode: 0644]
LayoutTests/http/wpt/service-workers/resources/third-party-cookie-iframe.html [new file with mode: 0644]
LayoutTests/http/wpt/service-workers/resources/third-party-worker.js
LayoutTests/http/wpt/service-workers/third-party-cookie-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/service-workers/third-party-cookie.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp

index 6b62557..7b7aee3 100644 (file)
@@ -1,3 +1,16 @@
+2019-12-02  youenn fablet  <youenn@apple.com>
+
+        Service Worker should correctly set its document first party for cookies URL
+        https://bugs.webkit.org/show_bug.cgi?id=204742
+
+        Reviewed by Chris Dumez.
+
+        * http/wpt/service-workers/resources/set-cookie.py: Added.
+        * http/wpt/service-workers/resources/third-party-cookie-iframe.html: Added.
+        * http/wpt/service-workers/resources/third-party-worker.js:
+        * http/wpt/service-workers/third-party-cookie-expected.txt: Added.
+        * http/wpt/service-workers/third-party-cookie.html: Added.
+
 2019-12-02  Simon Fraser  <simon.fraser@apple.com>
 
         Don't do range checking for calc() at parse time
diff --git a/LayoutTests/http/wpt/service-workers/resources/set-cookie.py b/LayoutTests/http/wpt/service-workers/resources/set-cookie.py
new file mode 100644 (file)
index 0000000..e12e61e
--- /dev/null
@@ -0,0 +1,26 @@
+import sys
+import urlparse
+
+def main(request, response):
+    """
+    Returns cookie name and path from query params in a Set-Cookie header.
+    e.g.
+    > GET /WebKit/service-workers/resources/set-cookie.py?name=match-slash&path=%2F HTTP/1.1
+    > Host: localhost:8000
+    > User-Agent: curl/7.43.0
+    > Accept: */*
+    >
+    < HTTP/1.1 200 OK
+    < Content-Type: application/json
+    < Set-Cookie: match-slash=1; Path=/; Expires=Wed, 09 Jun 2021 10:18:14 GMT
+    < Server: BaseHTTP/0.3 Python/2.7.12
+    < Date: Tue, 04 Oct 2016 18:16:06 GMT
+    < Content-Length: 80
+    """
+    params = urlparse.parse_qs(request.url_parts.query)
+    headers = [
+        ("Content-Type", "application/json"),
+        ("Set-Cookie", "{name[0]}=1; Path={path[0]}; Expires=Wed, 09 Jun 2021 10:18:14 GMT".format(**params))
+    ]
+    body = "{}"
+    return headers, body
diff --git a/LayoutTests/http/wpt/service-workers/resources/third-party-cookie-iframe.html b/LayoutTests/http/wpt/service-workers/resources/third-party-cookie-iframe.html
new file mode 100644 (file)
index 0000000..db21a26
--- /dev/null
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+</head>
+<body>
+<script>
+var activeWorker;
+var registration;
+async function doTest()
+{
+    registration = await navigator.serviceWorker.register("third-party-worker.js", { scope : "." });
+    activeWorker = registration.installing;
+    await new Promise((resolve, reject) => {
+        activeWorker.addEventListener('statechange', () => {
+            if (activeWorker.state === "activated")
+                resolve();
+        });
+        setTimeout(reject, 5000);
+    });
+}
+window.onmessage = async (e) => {
+    try {
+        await doTest();
+        navigator.serviceWorker.onmessage = async (e) => {
+            await registration.unregister();
+            parent.postMessage(e.data, '*');
+        }
+        activeWorker.postMessage(e.data);
+    } catch (e) {
+        if (registration)
+            registration.unregister();
+        parent.postMessage("FAILED: " + e, '*');
+    }
+}
+</script>
+</body>
+</html>
index 24f9e10..0a1424e 100644 (file)
@@ -18,6 +18,11 @@ addEventListener('message', async (e) => {
             e.source.postMessage(JSON.stringify(result));
             return;
         }
+        if (e.data === 'set-cookie') {
+            await fetch("/WebKit/service-workers/resources/set-cookie.py?name=mycookie&path=%2F");
+            e.source.postMessage('cookie-is-set');
+            return;
+        }
         e.source.postMessage('error');
     } catch (e) {
         e.source.postMessage('Got error:' + e);
diff --git a/LayoutTests/http/wpt/service-workers/third-party-cookie-expected.txt b/LayoutTests/http/wpt/service-workers/third-party-cookie-expected.txt
new file mode 100644 (file)
index 0000000..c04f37c
--- /dev/null
@@ -0,0 +1,3 @@
+Click to restart test
+
+PASS
diff --git a/LayoutTests/http/wpt/service-workers/third-party-cookie.html b/LayoutTests/http/wpt/service-workers/third-party-cookie.html
new file mode 100644 (file)
index 0000000..653bde0
--- /dev/null
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Service Worker third party cookie setting</title>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+</head>
+<body>
+<div id="restart" onclick="window.location = 'http://localhost:8800/WebKit/service-workers/third-party-cookie.html'">Click to restart test</div>
+<br>
+<div id="log"></div>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+}
+
+async function setCookie()
+{
+    var iframe = await with_iframe("http://127.0.0.1:8800/WebKit/service-workers/resources/third-party-cookie-iframe.html");
+    var result = await new Promise((resolve) => {
+        window.onmessage = (e) => {
+            resolve(e.data);
+        };
+        iframe.contentWindow.postMessage("set-cookie", '*');
+    });
+    if (result !== "cookie-is-set") {
+        document.body.innerHTML = "Fail setting cookie";
+        if (window.testRunner)
+             testRunner.notifyDone();
+        return;
+    }
+    iframe.remove();
+    window.location = "http://127.0.0.1:8800/WebKit/service-workers/third-party-cookie.html?second-step#report";
+}
+
+function reportCookie()
+{
+    window.location = "http://localhost:8800/WebKit/service-workers/third-party-cookie.html?third-step#cookie='" + document.cookie + "'";
+}
+
+function checkCookie()
+{
+    log.innerHTML = window.location.hash === "#cookie=''"? "PASS" : "FAIL, got :" + window.location.hash;
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+const shouldSetCookie = !window.location.hash;
+const shouldReportCookie = window.location.hostname === "127.0.0.1";
+
+if (shouldSetCookie)
+    setCookie();
+else if (shouldReportCookie)
+    reportCookie();
+else
+    checkCookie();
+</script>
+</body>
+</html>
index 54b3b6f..8f5c8b0 100644 (file)
@@ -1,3 +1,16 @@
+2019-12-02  youenn fablet  <youenn@apple.com>
+
+        Service Worker should correctly set its document first party for cookies URL
+        https://bugs.webkit.org/show_bug.cgi?id=204742
+
+        Reviewed by Chris Dumez.
+
+        Test: http/wpt/service-workers/third-party-cookie.html
+
+        * workers/service/context/ServiceWorkerThreadProxy.cpp:
+        (WebCore::createPageForServiceWorker):
+        Set document first party cookie for URL to the top origin.
+
 2019-12-02  Simon Fraser  <simon.fraser@apple.com>
 
         Don't do range checking for calc() at parse time
index 57e9321..40069a9 100644 (file)
@@ -69,7 +69,7 @@ static inline UniqueRef<Page> createPageForServiceWorker(PageConfiguration&& con
     origin->setStorageBlockingPolicy(storageBlockingPolicy);
 
     document->setSiteForCookies(topOriginURL(origin));
-    document->setFirstPartyForCookies(data.scriptURL);
+    document->setFirstPartyForCookies(topOriginURL(origin));
     document->setDomainForCachePartition(origin->domainForCachePartition());
 
     if (auto policy = parseReferrerPolicy(data.referrerPolicy, ReferrerPolicySource::HTTPHeader))