docs: add security note for non-secure cookie handling in WebDriver

goosewobbler · goosewobbler · commit aeb03afdab4f · 2026-02-20T17:43:26.000Z
- Added comments to clarify the intentional allowance of non-secure cookies for testing flexibility in the WebDriver implementation.
- Emphasized that this approach is necessary to support both secure and non-secure cookie scenarios as per the WebDriver specification.
diff --git a/packages/tauri-plugin-webdriver/src/platform/executor.rs b/packages/tauri-plugin-webdriver/src/platform/executor.rs
@@ -1887,6 +1887,10 @@ fn webdriver_cookie_to_tauri(cookie: &Cookie) -> TauriCookie<'static> {
         builder = builder.domain(domain.clone());
     }
 
+    // SECURITY: Intentionally allows non-secure cookies for test flexibility.
+    // This WebDriver implementation must support testing both secure and non-secure
+    // cookie scenarios per the WebDriver specification. Test code controls cookie
+    // creation, not untrusted external sources.
     if cookie.secure {
         builder = builder.secure(true);
     }

Original file line number	Diff line number	Diff line change
`@@ -1887,6 +1887,10 @@ fn webdriver_cookie_to_tauri(cookie: &Cookie) -> TauriCookie<'static> {`
`1887`	`1887`	`builder = builder.domain(domain.clone());`
`1888`	`1888`	`}`
`1889`	`1889`
	`1890`	`+ // SECURITY: Intentionally allows non-secure cookies for test flexibility.`
	`1891`	`+ // This WebDriver implementation must support testing both secure and non-secure`
	`1892`	`+ // cookie scenarios per the WebDriver specification. Test code controls cookie`
	`1893`	`+ // creation, not untrusted external sources.`
`1890`	`1894`	`if cookie.secure {`
`1891`	`1895`	`builder = builder.secure(true);`
`1892`	`1896`	`}`