Cookie Store API: add branch for empty string path #49270
Conversation
annevk
added
the
WebCore Misc.
|
EWS run on previous version of this PR (hash b060803) Details |
webkit-ews-buildbot
added
the
merging-blocked
|
This needs to use |
annevk
force-pushed
the
eng/Cookie-Store-API-add-branch-for-empty-string-path
branch
from
b060803 to
1fd68bc
Compare
|
EWS run on previous version of this PR (hash 1fd68bc) Details
|
🛠 win
annevk
force-pushed
the
eng/Cookie-Store-API-add-branch-for-empty-string-path
branch
from
1fd68bc to
7b2a1a7
Compare
|
EWS run on previous version of this PR (hash 7b2a1a7) Details |
annevk
requested review from
RupinMittal and
achristensen07
and removed request for
achristensen07
| return; | ||
| } | ||
|
|
||
| // FIXME: The specification does not perform this initialization of domain. |
There was a problem hiding this comment.
I think this code is correct and it's actually the spec that is wrong here. It says here https://cookiestore.spec.whatwg.org/#CookieStore-set (in the green box) that the domain defaults to "Domain: same as the domain of the current document or service worker’s location"
Yet the steps say "Let domain be null". I'm not sure how the spec expects the domain to be default to the same as that of the current document if it defaults to null in the steps.
I think this is a mistake in the spec maybe? Because last year, the default for domain was null (WebKit always defaulted to current document domain since CFNetwork won't let us set cookies with null domain). At some point the spec default was changed to current document domain but maybe they forgot to change in the steps?
(Contrast this with path, whose default is "/" and steps indeed start it off with "/"). Of course, the default is being changed in this patch here, but still the spec will be consistent in both places for path. It looks like a change needs to be made for domain to be consistent.
There was a problem hiding this comment.
That's what the network layer ends up defaulting domain to. The domintro box is arguably a bit misleading, but it's also non-normative and not aimed at implementers.
There was a problem hiding this comment.
Right, the comment is ok. I do remember that when implementing, I had to add this even though the spec didn't have it because setting cookies simply doesn't work without it (due to our network layer). Hence that one bug I filed. Then at some point I saw that the domintro box was changed, so I thought that the spec had in fact changed from default null to the current context's domain. And I thought great! Our quirk is correct now.
But I'm now realizing from your comment that's not fully true, and we're still figuring out that area. So yes, the comment is ok for now.
| promise->reject(Exception { ExceptionCode::TypeError, "If the cookie name begins with \"__Host-\", the path must either not be specified or be \"/\"."_s }); | ||
| return; | ||
| } | ||
| // FIXME: This should be further down. |
There was a problem hiding this comment.
It seems like the spec should figure out the steps of where it wants to set the default domain (see my below comment), which will tell us where this should go.
There was a problem hiding this comment.
It's a separate problem from what this PR is tackling though. I was hoping to tackle that next, though I think the changes will be mostly on our side.
There was a problem hiding this comment.
Sounds good. Yeah since you're working on this area, I think the FIXME is ok for now then.
| promise->reject(Exception { ExceptionCode::TypeError, "The path must begin with a '/'"_s }); | ||
| return; | ||
| } | ||
| ASSERT(!cookie.path.isNull()); |
There was a problem hiding this comment.
It's not possible for this to happen. CookieInit::path is default initialized to "/". Perhaps we can remove this assertion.
There was a problem hiding this comment.
Happy to remove it. The previous code checked for it being null so I thought I'd clarify that's not possible.
There was a problem hiding this comment.
Actually yeah good point. It also doesn't hurt to have that there. Also a good safeguard just in case we change the default for path later too.
Let's keep it.
| } | ||
|
|
||
| if (cookie.path != "/"_s && cookie.name.startsWithIgnoringASCIICase("__Host-"_s)) { | ||
| promise->reject(Exception { ExceptionCode::TypeError, "If the cookie name begins with \"__Host-\", the eventual path must be \"/\"."_s }); |
There was a problem hiding this comment.
Nit: What's the point of "eventual" here? Perhaps it's most clear to simply say "... the path must be "/".
There was a problem hiding this comment.
Actually I get it. You're trying to explain the whole "it should either be "/" or empty so it can default to that" in a nice way.
Maybe we can say ... the path must be either be specified as "/" or not be specified so it defaults to "/". to make it clear to the developer.
annevk
force-pushed
the
eng/Cookie-Store-API-add-branch-for-empty-string-path
branch
from
7b2a1a7 to
91f4b2b
Compare
|
EWS run on current version of this PR (hash 91f4b2b) Details
|
🧪 style
|
EWS run on current version of this PR (hash 91f4b2b) Details |
annevk
added
the
unsafe-merge-queue
https://bugs.webkit.org/show_bug.cgi?id=297268 Reviewed by Rupin Mittal. Implement whatwg/cookiestore#283 with tests upstreamed at web-platform-tests/wpt#54264 Canonical link: https://commits.webkit.org/298681@main
webkit-commit-queue
force-pushed
the
eng/Cookie-Store-API-add-branch-for-empty-string-path
branch
from
91f4b2b to
2c5cf3d
Compare
|
Committed 298681@main (2c5cf3d): https://commits.webkit.org/298681@main Reviewed commits have been landed. Closing PR #49270 and removing active labels. |
webkit-commit-queue
removed
the
unsafe-merge-queue
annevk
deleted the
eng/Cookie-Store-API-add-branch-for-empty-string-path
branch
5 participants
2c5cf3d
91f4b2b
🧪 win-tests