1.1 --- a/netwerk/cookie/nsCookieService.cpp Wed Dec 31 13:27:57 2014 +0100
1.2 +++ b/netwerk/cookie/nsCookieService.cpp Sat Jan 03 20:18:00 2015 +0100
1.3 @@ -1635,15 +1635,20 @@
1.4
1.5 bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
1.6
1.7 + // Double keying: First get the first party URI
1.8 nsCOMPtr<nsIURI> firstPartyURI;
1.9 - mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
1.10 + nsAutoCString origDomain;
1.11 bool requireHostMatch;
1.12 - nsAutoCString origDomain;
1.13 - nsresult rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1.14 - if (NS_FAILED(rv)) {
1.15 - COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
1.16 - "couldn't get base domain from URI");
1.17 + nsresult rv = mThirdPartyUtil->GetFirstPartyIsolationURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
1.18 + if (firstPartyURI) {
1.19 + // Double keying: Now get the originating domain
1.20 + rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1.21 + if (NS_FAILED(rv)) {
1.22 + COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
1.23 + "couldn't get base domain from URI");
1.24 + }
1.25 }
1.26 + //else if (NS_SUCCEEDED(rv)) {}; // Not reached, we got a originating domain!
1.27
1.28 nsAutoCString result;
1.29 GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId,
1.30 @@ -1809,7 +1814,8 @@
1.31
1.32 // double keyed cookie boilerplate
1.33 nsCOMPtr<nsIURI> firstPartyURI;
1.34 - mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
1.35 + mThirdPartyUtil->GetFirstPartyURIFromChannel(aChannel, true, getter_AddRefs(firstPartyURI));
1.36 + NS_ASSERTION(firstPartyURI, "couldn't get the first party URI");
1.37 nsAutoCString origDomain;
1.38 rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1.39 if (NS_FAILED(rv)) {
1.40 @@ -2765,10 +2771,11 @@
1.41 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
1.42 cookie = cookies[i];
1.43
1.44 - // Check the origin key. We only continue if the
1.45 - // saved origin matches matches the origin domain.
1.46 + // Check the origin key. We only continue if the saved
1.47 + // origin matches matches the origin domain and a populated
1.48 + // 'aOrigDomain' indicates that first party isolation is active
1.49 // FIXME:MSvB, other places iterate cookies too, handle them likewise?
1.50 - if (cookie->Origin() != aOrigDomain) {
1.51 + if (!aOrigDomain.IsEmpty() && cookie->Origin() != aOrigDomain) {
1.52 continue;
1.53 }
1.54
1.55 @@ -4149,6 +4156,7 @@
1.56 }
1.57
1.58 // find an exact cookie specified by host, name, and path that hasn't expired.
1.59 +// reveal the cookie only if its 1st party domain matches the (optional) origin.
1.60 bool
1.61 nsCookieService::FindCookie(const nsCookieKey &aKey,
1.62 const nsAFlatCString &aOrigin,
1.63 @@ -4167,12 +4175,13 @@
1.64 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
1.65 nsCookie *cookie = cookies[i];
1.66
1.67 - if (aOrigin.Equals(cookie->Origin()) &&
1.68 - aHost.Equals(cookie->Host()) &&
1.69 + if (aHost.Equals(cookie->Host()) &&
1.70 aPath.Equals(cookie->Path()) &&
1.71 aName.Equals(cookie->Name())) {
1.72 - aIter = nsListIter(entry, i);
1.73 - return true;
1.74 + if (aOrigin.IsEmpty() || aOrigin.Equals(cookie->Origin())) {
1.75 + aIter = nsListIter(entry, i);
1.76 + return true;
1.77 + }
1.78 }
1.79 }
1.80
