GNOME Bugzilla – Bug 730464
Broken session management in google.com and live.com when DNT setting is enabled
Last modified: 2014-05-22 09:23:11 UTC
It seems we are doing something wrong in ephy_remove_tracking_from_uri(). See https://bugs.webkit.org/show_bug.cgi?id=128730
The problem looks similar to bug #724724, but this time due to an _ that is decoded, I've added a new test for this, see: /lib/ephy-uri-helpers/remove_tracking: ** ERROR:ephy-uri-helpers-test.c:64:test_ephy_uri_helpers_remove_tracking: assertion failed (items[i].output == result): ("https://mail.google.com/mail/u/0/?ui=2&ik=37373eb942&rid=7cea..&auto=1&view=lno&_reqid=1168127&pcd=1&mb=0&rt=j" == "https://mail.google.com/mail/u/0/?ui=2&ik=37373eb942&rid=7cea..&auto=1&view=lno&%5Freqid=1168127&pcd=1&mb=0&rt=j") The diff is "&_reqid" -> "&%5Freqi". But as you can see there's not garbage in this URL, so there's no reason to modify the request at all. I've just landed a patch to fix that case, which fixes the gmail problem, but only because there's no garbage in the gmail urls when closing the session. The real problem is still there as you can see in the test. https://git.gnome.org/browse/epiphany/commit/?id=ea6537f38237f4e5cfb424ec793c7f0aee4e6feb
The fix was pushed here: commit ea6537f38237f4e5cfb424ec793c7f0aee4e6feb Author: Carlos Garcia Campos <cgarcia@igalia.com> Date: Tue May 20 19:24:51 2014 +0200 ephy-uri-helpers: Dot no modify the URI when it doesn't have garbage We are currently decoding/encoding the uri query and returning it unchanged when it doesn't have garbage. We should return NULL instead in such case. This fixes the session management issues in some sites like gmail, but because the URLs processed don't actually have garbage. A URL with garbage and an underscore will still fail. This patch adds a unit test cover that particular case. https://bugzilla.gnome.org/show_bug.cgi?id=730464 Thanks for fixing it!
I left the bug opened, because the bug is still present, and one of the tests I added in that commit still fails
Created attachment 276929 [details] [review] ephy-uri-helpers: Don't encode '-' or '_' in field names '-' and '_' are allowed characters in form field names, so don't encode them.
Created attachment 276933 [details] [review] ephy-uri-helpers: Don't re-encode parameters ourselves Implement Dan Williams' approach to detecting unwanted parameters by reusing the original key pair values (without decoding/encoding) when they are wanted, and simply dropping them when not. See https://bugzilla.gnome.org/show_bug.cgi?id=724724#c14
(In reply to comment #5) > Implement Dan Williams' approach to detecting unwanted parameters Oh, come on! I understand when strangers get us confused, but you know both of us! :)
Created attachment 276934 [details] [review] ephy-uri-helpers: Don't re-encode parameters ourselves Implement Dan Winship's approach to detecting unwanted parameters by reusing the original key pair values (without decoding/encoding) when they are wanted, and simply dropping them when not. See https://bugzilla.gnome.org/show_bug.cgi?id=724724#c14
(In reply to comment #6) > (In reply to comment #5) > > Implement Dan Williams' approach to detecting unwanted parameters > > Oh, come on! I understand when strangers get us confused, but you know both of > us! :) I swear I was thinking of you :)
Review of attachment 276934 [details] [review]: Thanks!
Attachment 276934 [details] pushed as aa861a7 - ephy-uri-helpers: Don't re-encode parameters ourselves
(In reply to comment #10) > Attachment 276934 [details] pushed as aa861a7 - ephy-uri-helpers: Don't re-encode > parameters ourselves I don't think the patch is correct. It's assuming that each element in the query is a key/value pair, something that is indeed common but not required. That triggers crashes in popular websites as www.yahoo.com. You can see it crashing as well simply by adding some url to the ephy-uri-helpers test case like this: http://www.test.com/?some&valid&query Also it isn't fixing the broken session management in google.com for me.
reopening...
Created attachment 276949 [details] [review] ephy-uri-helpers: Handle keys without a value Fixes a crash with a URI such as: http://www.test.com/?some&valid&query
(In reply to comment #11) > (In reply to comment #10) > > Attachment 276934 [details] [details] pushed as aa861a7 - ephy-uri-helpers: Don't re-encode > > parameters ourselves > > I don't think the patch is correct. It's assuming that each element in the > query is a key/value pair, something that is indeed common but not required. Oh! good point. > That triggers crashes in popular websites as www.yahoo.com. You can see it > crashing as well simply by adding some url to the ephy-uri-helpers test case > like this: > > http://www.test.com/?some&valid&query > > Also it isn't fixing the broken session management in google.com for me. hmm, I only tried with gmail, not with google, assuming it was the same
Review of attachment 276949 [details] [review]: Ok.
(In reply to comment #14) > > Also it isn't fixing the broken session management in google.com for me. > > hmm, I only tried with gmail, not with google, assuming it was the same Works for me in google.com as well.
Attachment 276949 [details] pushed as 63bd650 - ephy-uri-helpers: Handle keys without a value