changeset
Conditionally enable double key logic according to:
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- parent 6
- 8bccb770b82d
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
| netwerk/cookie/nsCookieService.cpp | file | annotate | diff | comparison | revisions |
1.1 --- a/netwerk/cookie/nsCookieService.cpp Wed Dec 31 13:27:57 2014 +0100 1.2 +++ b/netwerk/cookie/nsCookieService.cpp Sat Jan 03 20:18:00 2015 +0100 1.3 @@ -1635,15 +1635,20 @@ 1.4 1.5 bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel); 1.6 1.7 + // Double keying: First get the first party URI 1.8 nsCOMPtr<nsIURI> firstPartyURI; 1.9 - mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1.10 + nsAutoCString origDomain; 1.11 bool requireHostMatch; 1.12 - nsAutoCString origDomain; 1.13 - nsresult rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1.14 - if (NS_FAILED(rv)) { 1.15 - COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, 1.16 - "couldn't get base domain from URI"); 1.17 + nsresult rv = mThirdPartyUtil->GetFirstPartyIsolationURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1.18 + if (firstPartyURI) { 1.19 + // Double keying: Now get the originating domain 1.20 + rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1.21 + if (NS_FAILED(rv)) { 1.22 + COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr, 1.23 + "couldn't get base domain from URI"); 1.24 + } 1.25 } 1.26 + //else if (NS_SUCCEEDED(rv)) {}; // Not reached, we got a originating domain! 1.27 1.28 nsAutoCString result; 1.29 GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId, 1.30 @@ -1809,7 +1814,8 @@ 1.31 1.32 // double keyed cookie boilerplate 1.33 nsCOMPtr<nsIURI> firstPartyURI; 1.34 - mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI)); 1.35 + mThirdPartyUtil->GetFirstPartyURIFromChannel(aChannel, true, getter_AddRefs(firstPartyURI)); 1.36 + NS_ASSERTION(firstPartyURI, "couldn't get the first party URI"); 1.37 nsAutoCString origDomain; 1.38 rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch); 1.39 if (NS_FAILED(rv)) { 1.40 @@ -2765,10 +2771,11 @@ 1.41 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) { 1.42 cookie = cookies[i]; 1.43 1.44 - // Check the origin key. We only continue if the 1.45 - // saved origin matches matches the origin domain. 1.46 + // Check the origin key. We only continue if the saved 1.47 + // origin matches matches the origin domain and a populated 1.48 + // 'aOrigDomain' indicates that first party isolation is active 1.49 // FIXME:MSvB, other places iterate cookies too, handle them likewise? 1.50 - if (cookie->Origin() != aOrigDomain) { 1.51 + if (!aOrigDomain.IsEmpty() && cookie->Origin() != aOrigDomain) { 1.52 continue; 1.53 } 1.54 1.55 @@ -4149,6 +4156,7 @@ 1.56 } 1.57 1.58 // find an exact cookie specified by host, name, and path that hasn't expired. 1.59 +// reveal the cookie only if its 1st party domain matches the (optional) origin. 1.60 bool 1.61 nsCookieService::FindCookie(const nsCookieKey &aKey, 1.62 const nsAFlatCString &aOrigin, 1.63 @@ -4167,12 +4175,13 @@ 1.64 for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) { 1.65 nsCookie *cookie = cookies[i]; 1.66 1.67 - if (aOrigin.Equals(cookie->Origin()) && 1.68 - aHost.Equals(cookie->Host()) && 1.69 + if (aHost.Equals(cookie->Host()) && 1.70 aPath.Equals(cookie->Path()) && 1.71 aName.Equals(cookie->Name())) { 1.72 - aIter = nsListIter(entry, i); 1.73 - return true; 1.74 + if (aOrigin.IsEmpty() || aOrigin.Equals(cookie->Origin())) { 1.75 + aIter = nsListIter(entry, i); 1.76 + return true; 1.77 + } 1.78 } 1.79 } 1.80
