commit dac140c824652c4b3533267ffe04a1fb772c7fec
author jochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Mon Aug 01 21:18:49 2011 +0000
committer jochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Mon Aug 01 21:18:49 2011 +0000
tree 333e492155a0ac326a8fba006d69ee303a1036ac
parent 43433278d923ef8049794fc85f706505a6e4bc61

Source/WebCore: Never override the policy URL on form submissions.
https://bugs.webkit.org/show_bug.cgi?id=61809

Reviewed by Adam Barth.

Tests: http/tests/security/cookies/third-party-cookie-blocking-main-frame.html
       http/tests/security/cookies/third-party-cookie-blocking-user-action.html
       http/tests/security/cookies/third-party-cookie-blocking.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::addExtraFieldsToSubresourceRequest):
(WebCore::FrameLoader::addExtraFieldsToMainResourceRequest):
(WebCore::FrameLoader::addExtraFieldsToRequest):
(WebCore::FrameLoader::loadPostRequest):
(WebCore::FrameLoader::loadDifferentDocumentItem):
* loader/FrameLoader.h:

LayoutTests: Require explicit user action to override the policy URL on form submissions.
https://bugs.webkit.org/show_bug.cgi?id=61809

Reviewed by Adam Barth.

* http/tests/loading/redirect-methods-expected.txt:
* http/tests/security/cookies/resources/set-a-cookie.php: Added.
* http/tests/security/cookies/third-party-cookie-blocking-expected.txt: Added.
* http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt: Added.
* http/tests/security/cookies/third-party-cookie-blocking-main-frame.html: Added.
* http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt: Added.
* http/tests/security/cookies/third-party-cookie-blocking-user-action.html: Added.
* http/tests/security/cookies/third-party-cookie-blocking.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@92142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/loader/FrameLoader.cpp

diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index 47bb220..f3c8ab0 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp
@@ -1175,7 +1175,7 @@
         RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
         addHTTPOriginIfNeeded(request, referrerOrigin->toString());
     }
-    addExtraFieldsToRequest(request, newLoadType, true, event || isFormSubmission);
+    addExtraFieldsToRequest(request, newLoadType, true);
     if (newLoadType == FrameLoadTypeReload || newLoadType == FrameLoadTypeReloadFromOrigin)
         request.setCachePolicy(ReloadIgnoringCacheData);
 
@@ -2437,20 +2437,20 @@
     
 void FrameLoader::addExtraFieldsToSubresourceRequest(ResourceRequest& request)
 {
-    addExtraFieldsToRequest(request, m_loadType, false, false);
+    addExtraFieldsToRequest(request, m_loadType, false);
 }
 
 void FrameLoader::addExtraFieldsToMainResourceRequest(ResourceRequest& request)
 {
-    addExtraFieldsToRequest(request, m_loadType, true, false);
+    addExtraFieldsToRequest(request, m_loadType, true);
 }
 
-void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource, bool cookiePolicyURLFromRequest)
+void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource)
 {
     // Don't set the cookie policy URL if it's already been set.
     // But make sure to set it on all requests, as it has significance beyond the cookie policy for all protocols (<rdar://problem/6616664>).
     if (request.firstPartyForCookies().isEmpty()) {
-        if (mainResource && (isLoadingMainFrame() || cookiePolicyURLFromRequest))
+        if (mainResource && isLoadingMainFrame())
             request.setFirstPartyForCookies(request.url());
         else if (Document* document = m_frame->document())
             request.setFirstPartyForCookies(document->firstPartyForCookies());
@@ -2550,7 +2550,7 @@
     workingResourceRequest.setHTTPMethod("POST");
     workingResourceRequest.setHTTPBody(formData);
     workingResourceRequest.setHTTPContentType(contentType);
-    addExtraFieldsToRequest(workingResourceRequest, loadType, true, true);
+    addExtraFieldsToRequest(workingResourceRequest, loadType, true);
 
     NavigationAction action(url, loadType, true, event);
 
@@ -3024,7 +3024,7 @@
 
         // Make sure to add extra fields to the request after the Origin header is added for the FormData case.
         // See https://bugs.webkit.org/show_bug.cgi?id=22194 for more discussion.
-        addExtraFieldsToRequest(request, m_loadType, true, formData);
+        addExtraFieldsToRequest(request, m_loadType, true);
         addedExtraFields = true;
         
         // FIXME: Slight hack to test if the NSURL cache contains the page we're going to.
@@ -3067,7 +3067,7 @@
     }
     
     if (!addedExtraFields)
-        addExtraFieldsToRequest(request, m_loadType, true, formData);
+        addExtraFieldsToRequest(request, m_loadType, true);
 
     loadWithNavigationAction(request, action, false, loadType, 0);
 }