New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 707480 link

Starred by 4 users
Status: Fixed
Owner:
sgu...@chromium.org
Last visit > 30 days ago
Closed: Apr 2017
Cc:
mkwst@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug


Show other hotlists

Hotlists containing this issue:
Hotlist-1
Hotlist-1
Hotlist-1


Sign in to add a comment

Add a warning for catching apps that violate strict secure policy

Project Member Reported by sgu...@chromium.org, Apr 1 2017 
In M58, Chromium has enabled strict secure cookie policy. This has broken 2 apps until now and a potential third one. Both of the apps were using WebView CookieManagers setCookie API to set secure cookies for HTTP domains. 

Unfortunately, there is no warning or log message in the code that allows us catch these bugs. 

This bug is to allow such a warning.

Comment 1 Deleted

Project Member

Comment 2 by bugdroid1@chromium.org, Apr 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bff9177a06145165275e20245a3b7ecf9c4156e2

commit bff9177a06145165275e20245a3b7ecf9c4156e2
Author: sgurun <sgurun@chromium.org>
Date: Sat Apr 01 13:55:51 2017

Add a warning for strict secure cookie policy

Add a warning to ease catching bugs that originate due to
strict secure policy. This policy has created bugs in WebViews apps that use WebView setCookie API to set secure cookies for HTTP domains.

BUG= 707480 

Review-Url: https://codereview.chromium.org/2791853002
Cr-Commit-Position: refs/heads/master@{#461324}

[modify] https://crrev.com/bff9177a06145165275e20245a3b7ecf9c4156e2/android_webview/native/cookie_manager.cc

Comment 3 by tobiasjs@chromium.org, Apr 3 2017 

com.getpebble.android.basalt is another affected app.

Comment 4 by k...@google.com, Apr 3 2017

Labels: -M58 M-58

Comment 5 by sgu...@chromium.org, Apr 3 2017

Labels: Merge-Request-58
Project Member

Comment 6 by sheriffbot@chromium.org, Apr 3 2017

Labels: -Merge-Request-58 Hotlist-Merge-Approved Merge-Approved-58
Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by bugdroid1@chromium.org, Apr 3 2017

Labels: -merge-approved-58 merge-merged-3029
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5cf3fe3ada4cd68ef353905071a9b59129051abe

commit 5cf3fe3ada4cd68ef353905071a9b59129051abe
Author: Selim Gurun <sgurun@chromium.org>
Date: Mon Apr 03 18:51:19 2017

Add a warning for strict secure cookie policy

Add a warning to ease catching bugs that originate due to
strict secure policy. This policy has created bugs in WebViews apps that use WebView setCookie API to set secure cookies for HTTP domains.

BUG= 707480 

Review-Url: https://codereview.chromium.org/2791853002
Cr-Commit-Position: refs/heads/master@{#461324}
(cherry picked from commit bff9177a06145165275e20245a3b7ecf9c4156e2)

Review-Url: https://codereview.chromium.org/2794083002 .
Cr-Commit-Position: refs/branch-heads/3029@{#552}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}

[modify] https://crrev.com/5cf3fe3ada4cd68ef353905071a9b59129051abe/android_webview/native/cookie_manager.cc

Comment 8 by sgu...@chromium.org, Apr 3 2017

Status: Fixed (was: Assigned)

Sign in to add a comment