angler-fishThe Vulnerability History Project

Support HttpOnly cookie on Web Socket

      Web Socket should send &quotHttpOnly&quot cookie when handshaking.
In WebKit/WebCore, WebSocketHandshake uses cookieRequestHeaderFieldValue() to
get cookies including HttpOnly cookie.  However, Chrome doesn't trunk renderer
process, so we're not allowed to access HttpOnly cookie in WebCore.
Thus, we handle HttpOnly cookies in browser process.

Add SocketStreamJob as interface for protocol specific handling on
SocketStream.
WebSocketJob implements Web Socket specific handling.  For now, it handles
cookies in Web Socket.  It checks Web Socket handshake request message
from renderer process, and replaces Cookie: header to include HttpOnly cookies.
It also checks Web Socket handshake response message, sets cookies if any,
and strips Set-Cookie: header, so that renderer process couldn't see
Set-Cookie: header.

BUG=35660
TEST=net_unittests and layout_tests passes

Review URL: http://codereview.chromium.org/601077

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40250 0039d316-1c4b-4281-b951-d872f2087c98
by Cheryl the Tamarin 2010-03-01 02:37:13 UTC
commit 6a2c3677f12c18bcc1b57c37becd4e1149f0c8e4
Chromium VCC CVE-2011-2849 VCC CVE-2014-1740
chrome/browser/renderer_host/socket_stream_dispatcher_host.cc
-2
chrome/browser/renderer_host/socket_stream_host.cc
+2 -2
chrome/browser/renderer_host/socket_stream_host.h
+2 -2
net/net.gyp
-7
net/socket_stream/socket_stream.cc
+2 -2
net/socket_stream/socket_stream.h
+9 -12
net/socket_stream/socket_stream_job.cc
-27
net/socket_stream/socket_stream_job.h
-87
net/socket_stream/socket_stream_job_manager.cc
-59
net/socket_stream/socket_stream_job_manager.h
-40
net/websockets/websocket_job.cc
-378
net/websockets/websocket_job.h
-98
net/websockets/websocket_job_unittest.cc
-495
webkit/tools/layout_tests/test_expectations.txt
+4
webkit/tools/layout_tests/webkitpy/layout_tests/layout_package/websocket_server.py
-1
webkit/tools/test_shell/simple_socket_stream_bridge.cc
+3 -5
expand_less