WebKit
diff --git a/‎LayoutTests/http/wpt/clear-site-data/partitioning-expected.txt‎
Lines changed: 6 additions & 0 deletions b/‎LayoutTests/http/wpt/clear-site-data/partitioning-expected.txt‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎LayoutTests/http/wpt/clear-site-data/partitioning.html‎
Lines changed: 60 additions & 0 deletions b/‎LayoutTests/http/wpt/clear-site-data/partitioning.html‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎LayoutTests/http/wpt/clear-site-data/resources/partitioning-popup.html‎
Lines changed: 14 additions & 0 deletions b/‎LayoutTests/http/wpt/clear-site-data/resources/partitioning-popup.html‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎LayoutTests/platform/glib/TestExpectations‎
Lines changed: 3 additions & 0 deletions b/‎LayoutTests/platform/glib/TestExpectations‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎Source/WebCore/loader/cache/MemoryCache.cpp‎
Lines changed: 15 additions & 4 deletions b/‎Source/WebCore/loader/cache/MemoryCache.cpp‎
Lines changed: 15 additions & 4 deletions
diff --git a/‎Source/WebCore/loader/cache/MemoryCache.h‎
Lines changed: 4 additions & 1 deletion b/‎Source/WebCore/loader/cache/MemoryCache.h‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎Source/WebCore/platform/network/NetworkStorageSession.cpp‎
Lines changed: 12 additions & 0 deletions b/‎Source/WebCore/platform/network/NetworkStorageSession.cpp‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎Source/WebCore/platform/network/NetworkStorageSession.h‎
Lines changed: 3 additions & 0 deletions b/‎Source/WebCore/platform/network/NetworkStorageSession.h‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm‎
Lines changed: 35 additions & 25 deletions b/‎Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm‎
Lines changed: 35 additions & 25 deletions
diff --git a/‎Source/WebCore/workers/service/server/SWServer.cpp‎
Lines changed: 19 additions & 5 deletions b/‎Source/WebCore/workers/service/server/SWServer.cpp‎
Lines changed: 19 additions & 5 deletions
@@ -0,0 +1,6 @@
+
+PASS Clear datatypes on navigation:
+PASS Clear datatypes on navigation: cookies
+PASS Clear datatypes on navigation: storage
+PASS Clear datatypes on navigation: cookies, storage
+
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/clear-site-data/support/test_utils.sub.js"></script>
+</head>
+<body>
+<script>
+/**
+ * @param Array.<Array.<Datatype>> combination A combination of datatypes.
+ * @param Dict.<string, boolean> report A map between a datatype name and
+ *     whether it is empty.
+ * @return boolean Whether all datatypes are empty if and only if they are
+ *     included in the |combination|.
+ */
+function verifyDatatypes(combination, report) {
+  TestUtils.DATATYPES.forEach(function(datatype) {
+    if (combination.indexOf(datatype) != -1) {
+      assert_true(report[datatype.name], datatype.name + " should have been cleared.");
+    } else {
+      assert_false(report[datatype.name], datatype.name + " should NOT have been cleared.");
+    }
+  });
+}
+
+TestUtils.COMBINATIONS.forEach(function(combination) {
+  var test_name = "Clear datatypes on navigation: " +
+    combination.map(function(e) { return e.name; }).join(", ");
+
+  promise_test(function(test) {
+    return new Promise(function(resolve_test, reject_test) {
+      TestUtils.populateDatatypes().then(function() {
+        return new Promise(function(resolve, reject) {
+          window.addEventListener("message", resolve);
+          let names = combination.map(function(e) { return e.name });
+          // Open a cross-origin popup with an iframe that is same-origin with us and serves the Clear-Site-Data header.
+          // Even though same origin with us, it shouldn't clear our data because of origin partitioning.
+          open(get_host_info().REMOTE_ORIGIN + "/WebKit/clear-site-data/resources/partitioning-popup.html?" + names.join("&"));
+        }).then(function(messageEvent) {
+          // The same-origin frame under a cross-origin parent cleared site data. Check that our data didn't go away.
+          var report = {};
+
+          Promise.all(TestUtils.DATATYPES.map(function(datatype) {
+            return datatype.isEmpty().then(function(isEmpty) {
+              report[datatype.name] = isEmpty;
+            });
+          })).then(() => {
+            verifyDatatypes([], report);
+            resolve_test();
+          });
+        });
+      });
+    });
+  }, test_name);
+});
+</script>
+</body>
+</html>
@@ -0,0 +1,14 @@
+<body>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+// Forward messages from iframe to opener.
+window.addEventListener("message", (e) => {
+  opener.postMessage(e.data, "*");
+});
+onload = () => {
+  let iframe = document.createElement("iframe");
+  iframe.src = get_host_info().ORIGIN + "/clear-site-data/support/echo-clear-site-data.py" + location.search;
+  document.body.appendChild(iframe);
+};
+</script>
+</body>
@@ -2966,6 +2966,9 @@ http/tests/webgpu/webgpu/api/operation/memory_sync/buffer/multiple_buffers.html
 
 webkit.org/b/245324 http/tests/notifications/notification.html  [ Crash ]
 
+# NetworkStorageSession::deleteCookies() doesn't obey partitioning for glib ports.
+http/wpt/clear-site-data/partitioning.html [ Skip ]
+
 # Failure since import.
 webkit.org/b/243614 imported/w3c/web-platform-tests/IndexedDB/idb-partitioned-coverage.tentative.sub.html [ Failure ]
 webkit.org/b/243614 imported/w3c/web-platform-tests/IndexedDB/idbobjectstore_batchGetAll_largeValue.tentative.any.html [ Failure ]
 
@@ -28,6 +28,7 @@
 #include "CachedImageClient.h"
 #include "CachedResource.h"
 #include "CachedResourceHandle.h"
+#include "ClientOrigin.h"
 #include "Document.h"
 #include "FrameLoader.h"
 #include "FrameLoaderTypes.h"
@@ -484,16 +485,14 @@ void MemoryCache::resourceAccessed(CachedResource& resource)
     insertInLRUList(resource);
 }
 
-void MemoryCache::removeResourcesWithOrigin(SecurityOrigin& origin)
+void MemoryCache::removeResourcesWithOrigin(const SecurityOrigin& origin, const String& cachePartition)
 {
-    String originPartition = ResourceRequest::partitionName(origin.host());
-
     Vector<CachedResource*> resourcesWithOrigin;
     for (auto& resources : m_sessionResources.values()) {
         for (auto& keyValue : *resources) {
             auto& resource = *keyValue.value;
             auto& partitionName = keyValue.key.second;
-            if (partitionName == originPartition) {
+            if (partitionName == cachePartition) {
                 resourcesWithOrigin.append(&resource);
                 continue;
             }
@@ -507,6 +506,18 @@ void MemoryCache::removeResourcesWithOrigin(SecurityOrigin& origin)
         remove(*resource);
 }
 
+void MemoryCache::removeResourcesWithOrigin(const SecurityOrigin& origin)
+{
+    String originPartition = ResourceRequest::partitionName(origin.host());
+    removeResourcesWithOrigin(origin, originPartition);
+}
+
+void MemoryCache::removeResourcesWithOrigin(const ClientOrigin& origin)
+{
+    auto cachePartition = origin.topOrigin == origin.clientOrigin ? emptyString() : ResourceRequest::partitionName(origin.topOrigin.host);
+    removeResourcesWithOrigin(origin.clientOrigin.securityOrigin(), cachePartition);
+}
+
 void MemoryCache::removeResourcesWithOrigins(PAL::SessionID sessionID, const HashSet<RefPtr<SecurityOrigin>>& origins)
 {
     auto* resourceMap = sessionResourceMap(sessionID);
 
@@ -45,6 +45,7 @@ class ResourceRequest;
 class ResourceResponse;
 class ScriptExecutionContext;
 class SecurityOrigin;
+struct ClientOrigin;
 
 // This cache holds subresources used by Web pages: images, scripts, stylesheets, etc.
 
@@ -151,7 +152,9 @@ class MemoryCache {
     bool inLiveDecodedResourcesList(CachedResource& resource) const { return m_liveDecodedResources.contains(&resource); }
 
     typedef HashSet<RefPtr<SecurityOrigin>> SecurityOriginSet;
-    WEBCORE_EXPORT void removeResourcesWithOrigin(SecurityOrigin&);
+    WEBCORE_EXPORT void removeResourcesWithOrigin(const SecurityOrigin&);
+    void removeResourcesWithOrigin(const SecurityOrigin&, const String& cachePartition);
+    WEBCORE_EXPORT void removeResourcesWithOrigin(const ClientOrigin&);
     WEBCORE_EXPORT void removeResourcesWithOrigins(PAL::SessionID, const HashSet<RefPtr<SecurityOrigin>>&);
     WEBCORE_EXPORT void getOriginsWithCache(SecurityOriginSet& origins);
     WEBCORE_EXPORT HashSet<RefPtr<SecurityOrigin>> originsWithCache(PAL::SessionID) const;
 
@@ -26,9 +26,11 @@
 #include "config.h"
 #include "NetworkStorageSession.h"
 
+#include "ClientOrigin.h"
 #include "Cookie.h"
 #include "CookieJar.h"
 #include "HTTPCookieAcceptPolicy.h"
+#include "NotImplemented.h"
 #include "RuntimeApplicationChecks.h"
 #include <wtf/NeverDestroyed.h>
 #include <wtf/ProcessPrivilege.h>
@@ -463,4 +465,14 @@ void NetworkStorageSession::deleteCookiesForHostnames(const Vector<String>& cook
     deleteCookiesForHostnames(cookieHostNames, IncludeHttpOnlyCookies::Yes, ScriptWrittenCookiesOnly::No, WTFMove(completionHandler));
 }
 
+#if !PLATFORM(COCOA)
+void NetworkStorageSession::deleteCookies(const ClientOrigin& origin, CompletionHandler<void()>&& completionHandler)
+{
+    // FIXME: Stop ignoring origin.topOrigin.
+    notImplemented();
+
+    deleteCookiesForHostnames(Vector { origin.clientOrigin.host }, WTFMove(completionHandler));
+}
+#endif
+
 }
@@ -77,6 +77,7 @@ class CurlProxySettings;
 class NetworkingContext;
 class ResourceRequest;
 
+struct ClientOrigin;
 struct Cookie;
 struct CookieRequestHeaderFieldProxy;
 struct SameSiteInfo;
@@ -164,6 +165,7 @@ class NetworkStorageSession : public CanMakeWeakPtr<NetworkStorageSession> {
     WEBCORE_EXPORT void deleteCookie(const URL&, const String&, CompletionHandler<void()>&&) const;
     WEBCORE_EXPORT void deleteAllCookies(CompletionHandler<void()>&&);
     WEBCORE_EXPORT void deleteAllCookiesModifiedSince(WallTime, CompletionHandler<void()>&&);
+    WEBCORE_EXPORT void deleteCookies(const ClientOrigin&, CompletionHandler<void()>&&);
     WEBCORE_EXPORT void deleteCookiesForHostnames(const Vector<String>& cookieHostNames, CompletionHandler<void()>&&);
     WEBCORE_EXPORT void deleteCookiesForHostnames(const Vector<String>& cookieHostNames, IncludeHttpOnlyCookies, ScriptWrittenCookiesOnly, CompletionHandler<void()>&&);
     WEBCORE_EXPORT Vector<Cookie> getAllCookies();
@@ -243,6 +245,7 @@ class NetworkStorageSession : public CanMakeWeakPtr<NetworkStorageSession> {
     RetainPtr<NSArray> cookiesForURL(const URL& firstParty, const SameSiteInfo&, const URL&, std::optional<FrameIdentifier>, std::optional<PageIdentifier>, ApplyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking) const;
     void setHTTPCookiesForURL(CFHTTPCookieStorageRef, NSArray *cookies, NSURL *, NSURL *mainDocumentURL, const SameSiteInfo&) const;
     void deleteHTTPCookie(CFHTTPCookieStorageRef, NSHTTPCookie *, CompletionHandler<void()>&&) const;
+    void deleteCookiesMatching(const Function<bool(NSHTTPCookie *)>& matches, CompletionHandler<void()>&&);
 #endif
 
 #if HAVE(COOKIE_CHANGE_LISTENER_API)
 
@@ -26,10 +26,12 @@
 #import "config.h"
 #import "NetworkStorageSession.h"
 
+#import "ClientOrigin.h"
 #import "Cookie.h"
 #import "CookieRequestHeaderFieldProxy.h"
 #import "CookieStorageObserver.h"
 #import "HTTPCookieAcceptPolicyCocoa.h"
+#import "ResourceRequest.h"
 #import "SameSiteInfo.h"
 #import <pal/spi/cf/CFNetworkSPI.h>
 #import <wtf/BlockObjCExceptions.h>
@@ -575,50 +577,58 @@ static NSHTTPCookieAcceptPolicy httpCookieAcceptPolicy(CFHTTPCookieStorageRef co
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), makeBlockPtr(WTFMove(work)).get());
 }
 
-void NetworkStorageSession::deleteCookiesForHostnames(const Vector<String>& hostnames, IncludeHttpOnlyCookies includeHttpOnlyCookies, ScriptWrittenCookiesOnly scriptWrittenCookiesOnly, CompletionHandler<void()>&& completionHandler)
+void NetworkStorageSession::deleteCookiesMatching(const Function<bool(NSHTTPCookie *)>& matches, CompletionHandler<void()>&& completionHandler)
 {
     ASSERT(hasProcessPrivilege(ProcessPrivilege::CanAccessRawCookies) || m_isInMemoryCookieStore);
 
-    auto aggregator = CallbackAggregator::create([completionHandler = WTFMove(completionHandler), cookieStorage = RetainPtr { nsCookieStorage() }] () mutable {
-        [cookieStorage _saveCookies:makeBlockPtr([completionHandler = WTFMove(completionHandler)] () mutable {
+    BEGIN_BLOCK_OBJC_EXCEPTIONS
+
+    RetainPtr<CFHTTPCookieStorageRef> cookieStorage = this->cookieStorage();
+    auto nsCookieStorage = adoptNS([[NSHTTPCookieStorage alloc] _initWithCFHTTPCookieStorage:cookieStorage.get()]);
+    auto aggregator = CallbackAggregator::create([completionHandler = WTFMove(completionHandler), nsCookieStorage = WTFMove(nsCookieStorage)] () mutable {
+        [nsCookieStorage _saveCookies:makeBlockPtr([completionHandler = WTFMove(completionHandler)] () mutable {
             ensureOnMainThread(WTFMove(completionHandler));
         }).get()];
     });
-    
-    BEGIN_BLOCK_OBJC_EXCEPTIONS
 
-    RetainPtr<CFHTTPCookieStorageRef> cookieStorage = this->cookieStorage();
     RetainPtr<NSArray> cookies = httpCookies(cookieStorage.get());
     if (!cookies)
         return;
 
-    HashMap<String, Vector<RetainPtr<NSHTTPCookie>>> cookiesByDomain;
     for (NSHTTPCookie *cookie in cookies.get()) {
-        if (!cookie.domain || (includeHttpOnlyCookies == IncludeHttpOnlyCookies::No && cookie.isHTTPOnly))
-            continue;
+        if (matches(cookie))
+            deleteHTTPCookie(cookieStorage.get(), cookie, [aggregator] { });
+    }
 
+    END_BLOCK_OBJC_EXCEPTIONS
+}
+
+void NetworkStorageSession::deleteCookies(const ClientOrigin& origin, CompletionHandler<void()>&& completionHandler)
+{
+    auto cachePartition = origin.topOrigin == origin.clientOrigin ? emptyString() : ResourceRequest::partitionName(origin.topOrigin.host);
+    deleteCookiesMatching([domain = origin.clientOrigin.host, &cachePartition](NSHTTPCookie* cookie) {
+        return String(cookie.domain) == domain && equalIgnoringNullity(String(cookie._storagePartition), cachePartition);
+    }, WTFMove(completionHandler));
+}
+
+void NetworkStorageSession::deleteCookiesForHostnames(const Vector<String>& hostnames, IncludeHttpOnlyCookies includeHttpOnlyCookies, ScriptWrittenCookiesOnly scriptWrittenCookiesOnly, CompletionHandler<void()>&& completionHandler)
+{
+    HashSet<String> hostnamesSet;
+    for (auto& hostname : hostnames)
+        hostnamesSet.add(hostname);
+
+    deleteCookiesMatching([&](NSHTTPCookie* cookie) {
+        if (!cookie.domain || (includeHttpOnlyCookies == IncludeHttpOnlyCookies::No && cookie.isHTTPOnly))
+            return false;
 #if ENABLE(JS_COOKIE_CHECKING)
         bool setInJS = [[cookie properties] valueForKey:@"SetInJavaScript"];
         if (scriptWrittenCookiesOnly == ScriptWrittenCookiesOnly::Yes && !setInJS)
-            continue;
+            return false;
 #else
         UNUSED_PARAM(scriptWrittenCookiesOnly);
 #endif
-        cookiesByDomain.ensure(cookie.domain, [] {
-            return Vector<RetainPtr<NSHTTPCookie>>();
-        }).iterator->value.append(cookie);
-    }
-
-    for (const auto& hostname : hostnames) {
-        auto it = cookiesByDomain.find(hostname);
-        if (it == cookiesByDomain.end())
-            continue;
-
-        for (auto& cookie : it->value)
-            deleteHTTPCookie(cookieStorage.get(), cookie.get(), [aggregator] { });
-    }
-
-    END_BLOCK_OBJC_EXCEPTIONS
+        return hostnamesSet.contains(String(cookie.domain));
+    }, WTFMove(completionHandler));
 }
 
 void NetworkStorageSession::deleteAllCookiesModifiedSince(WallTime timePoint, CompletionHandler<void()>&& completionHandler)
 
@@ -313,28 +313,42 @@ void SWServer::endSuspension()
 }
 
 void SWServer::clear(const SecurityOriginData& securityOrigin, CompletionHandler<void()>&& completionHandler)
+{
+    clearInternal([securityOrigin](auto& key) {
+        return key.relatesToOrigin(securityOrigin);
+    }, WTFMove(completionHandler));
+}
+
+void SWServer::clear(const ClientOrigin& origin, CompletionHandler<void()>&& completionHandler)
+{
+    clearInternal([origin](auto& key) {
+        return key.topOrigin() == origin.topOrigin && origin.clientOrigin == SecurityOriginData::fromURL(key.scope());
+    }, WTFMove(completionHandler));
+}
+
+void SWServer::clearInternal(Function<bool(const ServiceWorkerRegistrationKey&)>&& matches, CompletionHandler<void()>&& completionHandler)
 {
     if (!m_importCompleted) {
-        m_clearCompletionCallbacks.append([this, securityOrigin, completionHandler = WTFMove(completionHandler)] () mutable {
+        m_clearCompletionCallbacks.append([this, matches = WTFMove(matches), completionHandler = WTFMove(completionHandler)] () mutable {
             ASSERT(m_importCompleted);
-            clear(securityOrigin, WTFMove(completionHandler));
+            clearInternal(WTFMove(matches), WTFMove(completionHandler));
         });
         return;
     }
 
     m_jobQueues.removeIf([&](auto& keyAndValue) {
-        return keyAndValue.key.relatesToOrigin(securityOrigin);
+        return matches(keyAndValue.key);
     });
 
     Vector<SWServerRegistration*> registrationsToRemove;
     for (auto& registration : m_registrations.values()) {
-        if (registration->key().relatesToOrigin(securityOrigin))
+        if (matches(registration->key()))
             registrationsToRemove.append(registration.get());
     }
 
     for (auto& contextDatas : m_pendingContextDatas.values()) {
         contextDatas.removeAllMatching([&](auto& contextData) {
-            return contextData.registration.key.relatesToOrigin(securityOrigin);
+            return matches(contextData.registration.key);
         
4285
});
     }