The Tor Browser / file comparison

comparison: netwerk/cookie/nsCookieService.cpp

netwerk/cookie/nsCookieService.cpp

branch
TOR_BUG_3246
changeset 7
129ffea94266
parent 4
fc2d59ddac77
equal deleted inserted replaced
1:0311a3db56de 2:2aa496bcf876
1633 NS_GetAppInfo(aChannel, &appId, &inBrowserElement); 1633 NS_GetAppInfo(aChannel, &appId, &inBrowserElement);
1634 } 1634 }
1635 1635
1636 bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel); 1636 bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
1637 1637
1638 // Double keying: First get the first party URI
1638 nsCOMPtr<nsIURI> firstPartyURI; 1639 nsCOMPtr<nsIURI> firstPartyURI;
1639 mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1640 nsAutoCString origDomain;
1640 bool requireHostMatch; 1641 bool requireHostMatch;
1641 nsAutoCString origDomain; 1642 nsresult rv = mThirdPartyUtil->GetFirstPartyIsolationURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
1642 nsresult rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1643 if (firstPartyURI) {
1643 if (NS_FAILED(rv)) { 1644 // Double keying: Now get the originating domain
1644 COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, 1645 rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1645 "couldn't get base domain from URI"); 1646 if (NS_FAILED(rv)) {
1646 } 1647 COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
1648 "couldn't get base domain from URI");
1649 }
1650 }
1651 //else if (NS_SUCCEEDED(rv)) {}; // Not reached, we got a originating domain!
1647 1652
1648 nsAutoCString result; 1653 nsAutoCString result;
1649 GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId, 1654 GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId,
1650 inBrowserElement, isPrivate, origDomain, result); 1655 inBrowserElement, isPrivate, origDomain, result);
1651 *aCookie = result.IsEmpty() ? nullptr : ToNewCString(result); 1656 *aCookie = result.IsEmpty() ? nullptr : ToNewCString(result);
1807 serverTime = PR_Now() / PR_USEC_PER_SEC; 1812 serverTime = PR_Now() / PR_USEC_PER_SEC;
1808 } 1813 }
1809 1814
1810 // double keyed cookie boilerplate 1815 // double keyed cookie boilerplate
1811 nsCOMPtr<nsIURI> firstPartyURI; 1816 nsCOMPtr<nsIURI> firstPartyURI;
1812 mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1817 mThirdPartyUtil->GetFirstPartyURIFromChannel(aChannel, true, getter_AddRefs(firstPartyURI));
1818 NS_ASSERTION(firstPartyURI, "couldn't get the first party URI");
1813 nsAutoCString origDomain; 1819 nsAutoCString origDomain;
1814 rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1820 rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1815 if (NS_FAILED(rv)) { 1821 if (NS_FAILED(rv)) {
1816 COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, 1822 COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
1817 "couldn't get base domain from URI"); 1823 "couldn't get base domain from URI");
2763 // iterate the cookies! 2769 // iterate the cookies!
2764 const nsCookieEntry::ArrayType &cookies = entry->GetCookies(); 2770 const nsCookieEntry::ArrayType &cookies = entry->GetCookies();
2765 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) { 2771 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
2766 cookie = cookies[i]; 2772 cookie = cookies[i];
2767 2773
2768 // Check the origin key. We only continue if the 2774 // Check the origin key. We only continue if the saved
2769 // saved origin matches matches the origin domain. 2775 // origin matches matches the origin domain and a populated
2776 // 'aOrigDomain' indicates that first party isolation is active
2770 // FIXME:MSvB, other places iterate cookies too, handle them likewise? 2777 // FIXME:MSvB, other places iterate cookies too, handle them likewise?
2771 if (cookie->Origin() != aOrigDomain) { 2778 if (!aOrigDomain.IsEmpty() && cookie->Origin() != aOrigDomain) {
2772 continue; 2779 continue;
2773 } 2780 }
2774 2781
2775 // check the host, since the base domain lookup is conservative. 2782 // check the host, since the base domain lookup is conservative.
2776 // first, check for an exact host or domain cookie match, e.g. "google.com" 2783 // first, check for an exact host or domain cookie match, e.g. "google.com"
4147 4154
4148 return NS_OK; 4155 return NS_OK;
4149 } 4156 }
4150 4157
4151 // find an exact cookie specified by host, name, and path that hasn't expired. 4158 // find an exact cookie specified by host, name, and path that hasn't expired.
4159 // reveal the cookie only if its 1st party domain matches the (optional) origin.
4152 bool 4160 bool
4153 nsCookieService::FindCookie(const nsCookieKey &aKey, 4161 nsCookieService::FindCookie(const nsCookieKey &aKey,
4154 const nsAFlatCString &aOrigin, 4162 const nsAFlatCString &aOrigin,
4155 const nsAFlatCString &aHost, 4163 const nsAFlatCString &aHost,
4156 const nsAFlatCString &aName, 4164 const nsAFlatCString &aName,
4165 4173
4166 const nsCookieEntry::ArrayType &cookies = entry->GetCookies(); 4174 const nsCookieEntry::ArrayType &cookies = entry->GetCookies();
4167 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) { 4175 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
4168 nsCookie *cookie = cookies[i]; 4176 nsCookie *cookie = cookies[i];
4169 4177
4170 if (aOrigin.Equals(cookie->Origin()) && 4178 if (aHost.Equals(cookie->Host()) &&
4171 aHost.Equals(cookie->Host()) &&
4172 aPath.Equals(cookie->Path()) && 4179 aPath.Equals(cookie->Path()) &&
4173 aName.Equals(cookie->Name())) { 4180 aName.Equals(cookie->Name())) {
4174 aIter = nsListIter(entry, i); 4181 if (aOrigin.IsEmpty() || aOrigin.Equals(cookie->Origin())) {
4175 return true; 4182 aIter = nsListIter(entry, i);
4183 return true;
4184 }
4176 } 4185 }
4177 } 4186 }
4178 4187
4179 return false; 4188 return false;
4180 } 4189 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial