1.1 --- a/netwerk/cookie/nsCookieService.cpp Wed Dec 31 06:55:50 2014 +0100 1.2 +++ b/netwerk/cookie/nsCookieService.cpp Wed Dec 31 07:22:50 2014 +0100 1.3 @@ -262,6 +262,7 @@ 1.4 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("name: %s\n", aCookie->Name().get())); 1.5 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("value: %s\n", aCookie->Value().get())); 1.6 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("%s: %s\n", aCookie->IsDomain() ? "domain" : "host", aCookie->Host().get())); 1.7 + PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("orighost: %s\n", aCookie->Origin().get())); 1.8 PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("path: %s\n", aCookie->Path().get())); 1.9 1.10 PR_ExplodeTime(aCookie->Expiry() * int64_t(PR_USEC_PER_SEC), 1.11 @@ -1634,9 +1635,19 @@ 1.12 1.13 bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel); 1.14 1.15 + nsCOMPtr<nsIURI> firstPartyURI; 1.16 + mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1.17 + bool requireHostMatch; 1.18 + nsAutoCString origDomain; 1.19 + nsresult rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1.20 + if (NS_FAILED(rv)) { 1.21 + COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, 1.22 + "couldn't get base domain from URI"); 1.23 + } 1.24 + 1.25 nsAutoCString result; 1.26 GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId, 1.27 - inBrowserElement, isPrivate, result); 1.28 + inBrowserElement, isPrivate, origDomain, result); 1.29 *aCookie = result.IsEmpty() ? nullptr : ToNewCString(result); 1.30 return NS_OK; 1.31 } 1.32 @@ -1716,6 +1727,10 @@ 1.33 return NS_OK; 1.34 } 1.35 1.36 +// FIXME:MSvB DEBUG DEBUG - DELETEME DELETEME - debug debug - deleteme deleteme 1.37 +// FIXME:MSvB Setting a 3rd party cookie (on third.tld) for URL bar browsed 1.38 +// FIXME:MSvB site first.tld causes aHostURI (and later the origin var) to 1.39 +// FIXME:MSvB contain 'third.tld' 1.40 void 1.41 nsCookieService::SetCookieStringInternal(nsIURI *aHostURI, 1.42 bool aIsForeign, 1.43 @@ -1792,9 +1807,20 @@ 1.44 serverTime = PR_Now() / PR_USEC_PER_SEC; 1.45 } 1.46 1.47 + // double keyed cookie boilerplate 1.48 + nsCOMPtr<nsIURI> firstPartyURI; 1.49 + mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1.50 + nsAutoCString origDomain; 1.51 + rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1.52 + if (NS_FAILED(rv)) { 1.53 + COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, 1.54 + "couldn't get base domain from URI"); 1.55 + } 1.56 + 1.57 // process each cookie in the header 1.58 - while (SetCookieInternal(aHostURI, key, requireHostMatch, cookieStatus, 1.59 - aCookieHeader, serverTime, aFromHttp, aChannel)) { 1.60 + while (SetCookieInternal(aHostURI, key, requireHostMatch, origDomain, 1.61 + cookieStatus, aCookieHeader, serverTime, 1.62 + aFromHttp, aChannel)) { 1.63 // document.cookie can only set one cookie at a time 1.64 if (!aFromHttp) 1.65 break; 1.66 @@ -2026,7 +2052,7 @@ 1.67 int64_t currentTimeInUsec = PR_Now(); 1.68 1.69 nsRefPtr<nsCookie> cookie = 1.70 - nsCookie::Create(aName, aValue, host, aPath, 1.71 + nsCookie::Create(aName, aValue, host, baseDomain, aPath, 1.72 aExpiry, 1.73 currentTimeInUsec, 1.74 nsCookie::GenerateUniqueCreationTime(currentTimeInUsec), 1.75 @@ -2064,6 +2090,7 @@ 1.76 nsListIter matchIter; 1.77 nsRefPtr<nsCookie> cookie; 1.78 if (FindCookie(nsCookieKey(baseDomain, aAppId, aInBrowserElement), 1.79 + baseDomain, 1.80 host, 1.81 PromiseFlatCString(aName), 1.82 PromiseFlatCString(aPath), 1.83 @@ -2191,8 +2218,12 @@ 1.84 bool isSecure = 0 != aRow->AsInt32(IDX_SECURE); 1.85 bool isHttpOnly = 0 != aRow->AsInt32(IDX_HTTPONLY); 1.86 1.87 + nsAutoCString baseDomain; 1.88 + rv = GetBaseDomainFromHost(host, baseDomain); 1.89 + NS_ASSERT_SUCCESS(rv); 1.90 + 1.91 // Create a new nsCookie and assign the data. 1.92 - return nsCookie::Create(name, value, host, path, 1.93 + return nsCookie::Create(name, value, host, baseDomain, path, 1.94 expiry, 1.95 lastAccessed, 1.96 creationTime, 1.97 @@ -2579,6 +2610,7 @@ 1.98 nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1), 1.99 Substring(buffer, cookieIndex, buffer.Length() - cookieIndex), 1.100 host, 1.101 + baseDomain, 1.102 Substring(buffer, pathIndex, secureIndex - pathIndex - 1), 1.103 expires, 1.104 lastAccessedCounter, 1.105 @@ -2664,6 +2696,7 @@ 1.106 uint32_t aAppId, 1.107 bool aInBrowserElement, 1.108 bool aIsPrivate, 1.109 + nsCString &aOrigDomain, 1.110 nsCString &aCookieString) 1.111 { 1.112 NS_ASSERTION(aHostURI, "null host!"); 1.113 @@ -2732,6 +2765,13 @@ 1.114 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) { 1.115 cookie = cookies[i]; 1.116 1.117 + // Check the origin key. We only continue if the 1.118 + // saved origin matches matches the origin domain. 1.119 + // FIXME:MSvB, other places iterate cookies too, handle them likewise? 1.120 + if (cookie->Origin() != aOrigDomain) { 1.121 + continue; 1.122 + } 1.123 + 1.124 // check the host, since the base domain lookup is conservative. 1.125 // first, check for an exact host or domain cookie match, e.g. "google.com" 1.126 // or ".google.com"; second a subdomain match, e.g. 1.127 @@ -2854,6 +2894,7 @@ 1.128 nsCookieService::SetCookieInternal(nsIURI *aHostURI, 1.129 const nsCookieKey &aKey, 1.130 bool aRequireHostMatch, 1.131 + const nsCString &aOrigin, 1.132 CookieStatus aStatus, 1.133 nsDependentCString &aCookieHeader, 1.134 int64_t aServerTime, 1.135 @@ -2910,10 +2951,13 @@ 1.136 } 1.137 1.138 // create a new nsCookie and copy attributes 1.139 +//FIXME:MSvB, The name and value vars are neither host nor key 1.140 +//FIXME:MSvB, host shows up in cookie inspector, as a index key 1.141 nsRefPtr<nsCookie> cookie = 1.142 nsCookie::Create(cookieAttributes.name, 1.143 cookieAttributes.value, 1.144 cookieAttributes.host, 1.145 + aOrigin, 1.146 cookieAttributes.path, 1.147 cookieAttributes.expiryTime, 1.148 currentTimeInUsec, 1.149 @@ -2975,8 +3019,8 @@ 1.150 } 1.151 1.152 nsListIter matchIter; 1.153 - bool foundCookie = FindCookie(aKey, aCookie->Host(), 1.154 - aCookie->Name(), aCookie->Path(), matchIter); 1.155 + bool foundCookie = FindCookie(aKey, aCookie->Origin(), 1.156 + aCookie->Host(), aCookie->Name(), aCookie->Path(), matchIter); 1.157 1.158 nsRefPtr<nsCookie> oldCookie; 1.159 nsCOMPtr<nsIArray> purgedList; 1.160 @@ -3885,9 +3929,11 @@ 1.161 return NS_ERROR_NOT_AVAILABLE; 1.162 } 1.163 1.164 - nsAutoCString host, name, path; 1.165 + nsAutoCString host, origin, name, path; 1.166 nsresult rv = aCookie->GetHost(host); 1.167 NS_ENSURE_SUCCESS(rv, rv); 1.168 + rv = aCookie->GetOrigin(origin); 1.169 + NS_ENSURE_SUCCESS(rv, rv); 1.170 rv = aCookie->GetName(name); 1.171 NS_ENSURE_SUCCESS(rv, rv); 1.172 rv = aCookie->GetPath(path); 1.173 @@ -3898,7 +3944,7 @@ 1.174 NS_ENSURE_SUCCESS(rv, rv); 1.175 1.176 nsListIter iter; 1.177 - *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), host, name, path, iter); 1.178 + *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), origin, host, name, path, iter); 1.179 return NS_OK; 1.180 } 1.181 1.182 @@ -4105,6 +4151,7 @@ 1.183 // find an exact cookie specified by host, name, and path that hasn't expired. 1.184 bool 1.185 nsCookieService::FindCookie(const nsCookieKey &aKey, 1.186 + const nsAFlatCString &aOrigin, 1.187 const nsAFlatCString &aHost, 1.188 const nsAFlatCString &aName, 1.189 const nsAFlatCString &aPath, 1.190 @@ -4120,7 +4167,8 @@ 1.191 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) { 1.192 nsCookie *cookie = cookies[i]; 1.193 1.194 - if (aHost.Equals(cookie->Host()) && 1.195 + if (aOrigin.Equals(cookie->Origin()) && 1.196 + aHost.Equals(cookie->Host()) && 1.197 aPath.Equals(cookie->Path()) && 1.198 aName.Equals(cookie->Name())) { 1.199 aIter = nsListIter(entry, i);