New issue
Advanced search Search tips

Issue 626243 link

Starred by 3 users
Status: Untriaged
Owner: ----
Cc:
mef@chromium.org
craig.fr...@gmail.com
creis@chromium.org
morlovich@chromium.org
mmenke@chromium.org
chlily@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 626242



Sign in to add a comment

SameSite cookies + history navigations.

Project Member Reported by mkwst@chromium.org, Jul 7 2016 
As noted in https://bugs.chromium.org/p/chromium/issues/detail?id=619603#c6

"""
I think this also comes into effect on the "Confirm Form Resubmission" page.

So if you submit a form (POST), maybe it shows an error message, the user follows a link (e.g. to find more information), then from that page they click on the back button to see the "Confirm Form Resubmission" page.
"""

This is test #2 at http://www.krang.org.uk/misc/sameSiteCookies/.

Comment 1 by mkwst@chromium.org, Jul 7 2016

Blocking: 626242
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 7 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c19960b67391c5789878f475163b813ad9daf994

commit c19960b67391c5789878f475163b813ad9daf994
Author: mkwst <mkwst@chromium.org>
Date: Thu Jul 07 10:53:16 2016

Teach HistoryItem about a request's initiator.

Currently, we don't store enough information on HistoryItem to deal
correctly with 'SameSite' cookies for cases in which the user navigates
their history. This patch adds the initiator of the original request to
the HistoryItem, and restores it as part of the navigation work in
FrameLoader.

BUG=626243
R=yoav@yoav.ws

Review-Url: https://codereview.chromium.org/2130623003
Cr-Commit-Position: refs/heads/master@{#404123}

[modify] https://crrev.com/c19960b67391c5789878f475163b813ad9daf994/third_party/WebKit/LayoutTests/http/tests/cookies/resources/post-cookies-to-opener.php
[modify] https://crrev.com/c19960b67391c5789878f475163b813ad9daf994/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html
[modify] https://crrev.com/c19960b67391c5789878f475163b813ad9daf994/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/popup-cross-site.html
[modify] https://crrev.com/c19960b67391c5789878f475163b813ad9daf994/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/c19960b67391c5789878f475163b813ad9daf994/third_party/WebKit/Source/core/loader/HistoryItem.cpp
[modify] https://crrev.com/c19960b67391c5789878f475163b813ad9daf994/third_party/WebKit/Source/core/loader/HistoryItem.h

Comment 3 by creis@chromium.org, Jul 7 2016

Cc: creis@chromium.org
Components: UI>Browser>Navigation Internals>Sandbox>SiteIsolation
I'm reverting r404123 because it doesn't account for restored NavigationEntries (which contain serialized HistoryItems) and because it's failing on the Site Isolation Linux FYI bot:
https://build.chromium.org/p/chromium.fyi/builders/Site%20Isolation%20Linux/builds/9833

Let's discuss when you get a chance.
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 7 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/991714e6f6dbfae1e3b5896ce184ce25172788d0

commit 991714e6f6dbfae1e3b5896ce184ce25172788d0
Author: creis <creis@chromium.org>
Date: Thu Jul 07 22:21:49 2016

Revert of Teach HistoryItem about a request's initiator. (patchset #2 id:20001 of https://codereview.chromium.org/2130623003/ )

Reason for revert:
Failing on Site Isolation Linux FYI bot:
https://build.chromium.org/p/chromium.fyi/builders/Site%20Isolation%20Linux/builds/9841

Also appears to have problems with restored session history items.

Original issue's description:
> Teach HistoryItem about a request's initiator.
>
> Currently, we don't store enough information on HistoryItem to deal
> correctly with 'SameSite' cookies for cases in which the user navigates
> their history. This patch adds the initiator of the original request to
> the HistoryItem, and restores it as part of the navigation work in
> FrameLoader.
>
> BUG=626243
> R=yoav@yoav.ws
>
> Committed: https://crrev.com/c19960b67391c5789878f475163b813ad9daf994
> Cr-Commit-Position: refs/heads/master@{#404123}

TBR=yoav@yoav.ws,mkwst@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=626243

Review-Url: https://codereview.chromium.org/2124143005
Cr-Commit-Position: refs/heads/master@{#404258}

[modify] https://crrev.com/991714e6f6dbfae1e3b5896ce184ce25172788d0/third_party/WebKit/LayoutTests/http/tests/cookies/resources/post-cookies-to-opener.php
[modify] https://crrev.com/991714e6f6dbfae1e3b5896ce184ce25172788d0/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html
[modify] https://crrev.com/991714e6f6dbfae1e3b5896ce184ce25172788d0/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/popup-cross-site.html
[modify] https://crrev.com/991714e6f6dbfae1e3b5896ce184ce25172788d0/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/991714e6f6dbfae1e3b5896ce184ce25172788d0/third_party/WebKit/Source/core/loader/HistoryItem.cpp
[modify] https://crrev.com/991714e6f6dbfae1e3b5896ce184ce25172788d0/third_party/WebKit/Source/core/loader/HistoryItem.h

Comment 5 by mkwst@chromium.org, Oct 4

Cc: chlily@chromium.org mef@chromium.org mmenke@chromium.org morlovich@chromium.org
Labels: Hotlist-Cookies
Owner: ----
Status: Untriaged (was: Started)
(Unassigning myself, marking untriaged in preparation to retriage with folks who will do a better job taking care of cookies than I've been able to)

Sign in to add a comment