1.1 --- a/netwerk/cookie/nsCookieService.cpp Wed Dec 31 06:55:50 2014 +0100
1.2 +++ b/netwerk/cookie/nsCookieService.cpp Wed Dec 31 07:22:50 2014 +0100
1.3 @@ -262,6 +262,7 @@
1.4 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("name: %s\n", aCookie->Name().get()));
1.5 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("value: %s\n", aCookie->Value().get()));
1.6 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("%s: %s\n", aCookie->IsDomain() ? "domain" : "host", aCookie->Host().get()));
1.7 + PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("orighost: %s\n", aCookie->Origin().get()));
1.8 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("path: %s\n", aCookie->Path().get()));
1.9
1.10 PR_ExplodeTime(aCookie->Expiry() * int64_t(PR_USEC_PER_SEC),
1.11 @@ -1634,9 +1635,19 @@
1.12
1.13 bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
1.14
1.15 + nsCOMPtr<nsIURI> firstPartyURI;
1.16 + mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
1.17 + bool requireHostMatch;
1.18 + nsAutoCString origDomain;
1.19 + nsresult rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1.20 + if (NS_FAILED(rv)) {
1.21 + COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
1.22 + "couldn't get base domain from URI");
1.23 + }
1.24 +
1.25 nsAutoCString result;
1.26 GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId,
1.27 - inBrowserElement, isPrivate, result);
1.28 + inBrowserElement, isPrivate, origDomain, result);
1.29 *aCookie = result.IsEmpty() ? nullptr : ToNewCString(result);
1.30 return NS_OK;
1.31 }
1.32 @@ -1716,6 +1727,10 @@
1.33 return NS_OK;
1.34 }
1.35
1.36 +// FIXME:MSvB DEBUG DEBUG - DELETEME DELETEME - debug debug - deleteme deleteme
1.37 +// FIXME:MSvB Setting a 3rd party cookie (on third.tld) for URL bar browsed
1.38 +// FIXME:MSvB site first.tld causes aHostURI (and later the origin var) to
1.39 +// FIXME:MSvB contain 'third.tld'
1.40 void
1.41 nsCookieService::SetCookieStringInternal(nsIURI *aHostURI,
1.42 bool aIsForeign,
1.43 @@ -1792,9 +1807,20 @@
1.44 serverTime = PR_Now() / PR_USEC_PER_SEC;
1.45 }
1.46
1.47 + // double keyed cookie boilerplate
1.48 + nsCOMPtr<nsIURI> firstPartyURI;
1.49 + mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
1.50 + nsAutoCString origDomain;
1.51 + rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
1.52 + if (NS_FAILED(rv)) {
1.53 + COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
1.54 + "couldn't get base domain from URI");
1.55 + }
1.56 +
1.57 // process each cookie in the header
1.58 - while (SetCookieInternal(aHostURI, key, requireHostMatch, cookieStatus,
1.59 - aCookieHeader, serverTime, aFromHttp, aChannel)) {
1.60 + while (SetCookieInternal(aHostURI, key, requireHostMatch, origDomain,
1.61 + cookieStatus, aCookieHeader, serverTime,
1.62 + aFromHttp, aChannel)) {
1.63 // document.cookie can only set one cookie at a time
1.64 if (!aFromHttp)
1.65 break;
1.66 @@ -2026,7 +2052,7 @@
1.67 int64_t currentTimeInUsec = PR_Now();
1.68
1.69 nsRefPtr<nsCookie> cookie =
1.70 - nsCookie::Create(aName, aValue, host, aPath,
1.71 + nsCookie::Create(aName, aValue, host, baseDomain, aPath,
1.72 aExpiry,
1.73 currentTimeInUsec,
1.74 nsCookie::GenerateUniqueCreationTime(currentTimeInUsec),
1.75 @@ -2064,6 +2090,7 @@
1.76 nsListIter matchIter;
1.77 nsRefPtr<nsCookie> cookie;
1.78 if (FindCookie(nsCookieKey(baseDomain, aAppId, aInBrowserElement),
1.79 + baseDomain,
1.80 host,
1.81 PromiseFlatCString(aName),
1.82 PromiseFlatCString(aPath),
1.83 @@ -2191,8 +2218,12 @@
1.84 bool isSecure = 0 != aRow->AsInt32(IDX_SECURE);
1.85 bool isHttpOnly = 0 != aRow->AsInt32(IDX_HTTPONLY);
1.86
1.87 + nsAutoCString baseDomain;
1.88 + rv = GetBaseDomainFromHost(host, baseDomain);
1.89 + NS_ASSERT_SUCCESS(rv);
1.90 +
1.91 // Create a new nsCookie and assign the data.
1.92 - return nsCookie::Create(name, value, host, path,
1.93 + return nsCookie::Create(name, value, host, baseDomain, path,
1.94 expiry,
1.95 lastAccessed,
1.96 creationTime,
1.97 @@ -2579,6 +2610,7 @@
1.98 nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1),
1.99 Substring(buffer, cookieIndex, buffer.Length() - cookieIndex),
1.100 host,
1.101 + baseDomain,
1.102 Substring(buffer, pathIndex, secureIndex - pathIndex - 1),
1.103 expires,
1.104 lastAccessedCounter,
1.105 @@ -2664,6 +2696,7 @@
1.106 uint32_t aAppId,
1.107 bool aInBrowserElement,
1.108 bool aIsPrivate,
1.109 + nsCString &aOrigDomain,
1.110 nsCString &aCookieString)
1.111 {
1.112 NS_ASSERTION(aHostURI, "null host!");
1.113 @@ -2732,6 +2765,13 @@
1.114 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
1.115 cookie = cookies[i];
1.116
1.117 + // Check the origin key. We only continue if the
1.118 + // saved origin matches matches the origin domain.
1.119 + // FIXME:MSvB, other places iterate cookies too, handle them likewise?
1.120 + if (cookie->Origin() != aOrigDomain) {
1.121 + continue;
1.122 + }
1.123 +
1.124 // check the host, since the base domain lookup is conservative.
1.125 // first, check for an exact host or domain cookie match, e.g. "google.com"
1.126 // or ".google.com"; second a subdomain match, e.g.
1.127 @@ -2854,6 +2894,7 @@
1.128 nsCookieService::SetCookieInternal(nsIURI *aHostURI,
1.129 const nsCookieKey &aKey,
1.130 bool aRequireHostMatch,
1.131 + const nsCString &aOrigin,
1.132 CookieStatus aStatus,
1.133 nsDependentCString &aCookieHeader,
1.134 int64_t aServerTime,
1.135 @@ -2910,10 +2951,13 @@
1.136 }
1.137
1.138 // create a new nsCookie and copy attributes
1.139 +//FIXME:MSvB, The name and value vars are neither host nor key
1.140 +//FIXME:MSvB, host shows up in cookie inspector, as a index key
1.141 nsRefPtr<nsCookie> cookie =
1.142 nsCookie::Create(cookieAttributes.name,
1.143 cookieAttributes.value,
1.144 cookieAttributes.host,
1.145 + aOrigin,
1.146 cookieAttributes.path,
1.147 cookieAttributes.expiryTime,
1.148 currentTimeInUsec,
1.149 @@ -2975,8 +3019,8 @@
1.150 }
1.151
1.152 nsListIter matchIter;
1.153 - bool foundCookie = FindCookie(aKey, aCookie->Host(),
1.154 - aCookie->Name(), aCookie->Path(), matchIter);
1.155 + bool foundCookie = FindCookie(aKey, aCookie->Origin(),
1.156 + aCookie->Host(), aCookie->Name(), aCookie->Path(), matchIter);
1.157
1.158 nsRefPtr<nsCookie> oldCookie;
1.159 nsCOMPtr<nsIArray> purgedList;
1.160 @@ -3885,9 +3929,11 @@
1.161 return NS_ERROR_NOT_AVAILABLE;
1.162 }
1.163
1.164 - nsAutoCString host, name, path;
1.165 + nsAutoCString host, origin, name, path;
1.166 nsresult rv = aCookie->GetHost(host);
1.167 NS_ENSURE_SUCCESS(rv, rv);
1.168 + rv = aCookie->GetOrigin(origin);
1.169 + NS_ENSURE_SUCCESS(rv, rv);
1.170 rv = aCookie->GetName(name);
1.171 NS_ENSURE_SUCCESS(rv, rv);
1.172 rv = aCookie->GetPath(path);
1.173 @@ -3898,7 +3944,7 @@
1.174 NS_ENSURE_SUCCESS(rv, rv);
1.175
1.176 nsListIter iter;
1.177 - *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), host, name, path, iter);
1.178 + *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), origin, host, name, path, iter);
1.179 return NS_OK;
1.180 }
1.181
1.182 @@ -4105,6 +4151,7 @@
1.183 // find an exact cookie specified by host, name, and path that hasn't expired.
1.184 bool
1.185 nsCookieService::FindCookie(const nsCookieKey &aKey,
1.186 + const nsAFlatCString &aOrigin,
1.187 const nsAFlatCString &aHost,
1.188 const nsAFlatCString &aName,
1.189 const nsAFlatCString &aPath,
1.190 @@ -4120,7 +4167,8 @@
1.191 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
1.192 nsCookie *cookie = cookies[i];
1.193
1.194 - if (aHost.Equals(cookie->Host()) &&
1.195 + if (aOrigin.Equals(cookie->Origin()) &&
1.196 + aHost.Equals(cookie->Host()) &&
1.197 aPath.Equals(cookie->Path()) &&
1.198 aName.Equals(cookie->Name())) {
1.199 aIter = nsListIter(entry, i);
