Bug 218863

Summary: [SOUP] ITP should cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bugs-noreply, mcatanzaro, pgriffis
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   

Description Michael Catanzaro 2020-11-12 11:21:14 PST 
ITP should protect against CNAME cloaking. This requires soup-specific code. See:

https://webkit.org/blog/11338/cname-cloaking-and-bounce-tracking-defense/
https://trac.webkit.org/changeset/265389/webkit
Comment 1 Michael Catanzaro 2021-06-04 12:02:17 PDT 
We found:

 * The Apple code lives in NetworkDataTaskCocoa.mm
 * GResolver doesn't actually have support for CNAME records currently, it will need to be added