mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-14 13:55:43 +00:00
Bug 1469993 - Grant storage access to a 3rd party, tracking resource if a opened document has user-interaction - part 7 - cookies, r=ehsan
This commit is contained in:
parent
d983dd1bcd
commit
0a542c2c05
@ -8091,6 +8091,17 @@ nsGlobalWindowInner::AddFirstPartyStorageAccessGrantedFor(const nsAString& aOrig
|
||||
nsContentUtils::StorageDisabledByAntiTracking(this, nullptr, nullptr)) {
|
||||
PropagateFirstPartyStorageAccessGrantedToWorkers(this);
|
||||
}
|
||||
|
||||
// Let's store the origin in the loadInfo as well.
|
||||
if (mDoc) {
|
||||
nsCOMPtr<nsIChannel> channel = mDoc->GetChannel();
|
||||
if (channel) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = channel->GetLoadInfo();
|
||||
if (loadInfo) {
|
||||
loadInfo->AddFirstPartyStorageAccessGrantedFor(aOrigin);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1430,5 +1430,13 @@ LoadInfo::IsFirstPartyStorageAccessGrantedFor(nsIURI* aURI)
|
||||
return mFirstPartyStorageAccessGrantedOrigins.Contains(origin);
|
||||
}
|
||||
|
||||
void
|
||||
LoadInfo::AddFirstPartyStorageAccessGrantedFor(const nsAString& aOrigin)
|
||||
{
|
||||
if (!mFirstPartyStorageAccessGrantedOrigins.Contains(aOrigin)) {
|
||||
mFirstPartyStorageAccessGrantedOrigins.AppendElement(aOrigin);
|
||||
}
|
||||
}
|
||||
|
||||
} // namespace net
|
||||
} // namespace mozilla
|
||||
|
@ -1029,4 +1029,6 @@ interface nsILoadInfo : nsISupports
|
||||
StringArrayRef getFirstPartyStorageAccessGrantedOrigins();
|
||||
[noscript, notxpcom, nostdcall]
|
||||
bool isFirstPartyStorageAccessGrantedFor(in nsIURI aURI);
|
||||
[noscript, notxpcom, nostdcall]
|
||||
void addFirstPartyStorageAccessGrantedFor(in AString aOrigin);
|
||||
};
|
||||
|
@ -173,6 +173,7 @@ CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel)
|
||||
|
||||
bool isForeign = false;
|
||||
bool isTrackingResource = false;
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aChannel->GetURI(getter_AddRefs(uri));
|
||||
if (RequireThirdPartyCheck()) {
|
||||
@ -186,13 +187,17 @@ CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel)
|
||||
mozilla::OriginAttributes attrs;
|
||||
if (loadInfo) {
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
if (loadInfo->IsFirstPartyStorageAccessGrantedFor(uri)) {
|
||||
firstPartyStorageAccessGranted = true;
|
||||
}
|
||||
}
|
||||
URIParams uriParams;
|
||||
SerializeURI(uri, uriParams);
|
||||
bool isSafeTopLevelNav = NS_IsSafeTopLevelNav(aChannel);
|
||||
bool isSameSiteForeign = NS_IsSameSiteForeign(aChannel, uri);
|
||||
SendPrepareCookieList(uriParams, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign, attrs);
|
||||
firstPartyStorageAccessGranted, isSafeTopLevelNav,
|
||||
isSameSiteForeign, attrs);
|
||||
}
|
||||
|
||||
mozilla::ipc::IPCResult
|
||||
@ -334,6 +339,7 @@ void
|
||||
CookieServiceChild::GetCookieStringFromCookieHashTable(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aOriginAttrs,
|
||||
@ -367,7 +373,8 @@ CookieServiceChild::GetCookieStringFromCookieHashTable(nsIURI *a
|
||||
nsCookieService::CheckPrefs(permissionService, mCookieBehavior,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aIsTrackingResource, nullptr,
|
||||
aIsForeign, aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted, nullptr,
|
||||
CountCookiesFromHashTable(baseDomain, aOriginAttrs),
|
||||
aOriginAttrs);
|
||||
|
||||
@ -429,6 +436,7 @@ void
|
||||
CookieServiceChild::GetCookieStringSyncIPC(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
@ -437,7 +445,9 @@ CookieServiceChild::GetCookieStringSyncIPC(nsIURI *aHostURI,
|
||||
URIParams uriParams;
|
||||
SerializeURI(aHostURI, uriParams);
|
||||
|
||||
SendGetCookieString(uriParams, aIsForeign, aIsTrackingResource, aIsSafeTopLevelNav, aIsSameSiteForeign, aAttrs, &aCookieString);
|
||||
SendGetCookieString(uriParams, aIsForeign, aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted, aIsSafeTopLevelNav,
|
||||
aIsSameSiteForeign, aAttrs, &aCookieString);
|
||||
}
|
||||
|
||||
uint32_t
|
||||
@ -548,9 +558,10 @@ CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
if (scheme.EqualsLiteral("moz-nullprincipal"))
|
||||
return NS_OK;
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo;
|
||||
mozilla::OriginAttributes attrs;
|
||||
if (aChannel) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
||||
loadInfo = aChannel->GetLoadInfo();
|
||||
if (loadInfo) {
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
}
|
||||
@ -567,20 +578,26 @@ CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
if (loadInfo->IsFirstPartyStorageAccessGrantedFor(aHostURI)) {
|
||||
firstPartyStorageAccessGranted = true;
|
||||
}
|
||||
|
||||
bool isSafeTopLevelNav = NS_IsSafeTopLevelNav(aChannel);
|
||||
bool isSameSiteForeign = NS_IsSameSiteForeign(aChannel, aHostURI);
|
||||
|
||||
nsAutoCString result;
|
||||
if (!mIPCSync) {
|
||||
GetCookieStringFromCookieHashTable(aHostURI, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign,
|
||||
attrs, result);
|
||||
firstPartyStorageAccessGranted, isSafeTopLevelNav,
|
||||
isSameSiteForeign, attrs, result);
|
||||
} else {
|
||||
if (!mIPCOpen) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
GetCookieStringSyncIPC(aHostURI, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign, attrs, result);
|
||||
firstPartyStorageAccessGranted, isSafeTopLevelNav,
|
||||
isSameSiteForeign, attrs, result);
|
||||
}
|
||||
|
||||
if (!result.IsEmpty())
|
||||
@ -630,18 +647,23 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
URIParams channelURIParams;
|
||||
SerializeURI(channelURI, channelURIParams);
|
||||
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
mozilla::OriginAttributes attrs;
|
||||
if (aChannel) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
||||
if (loadInfo) {
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
if (loadInfo->IsFirstPartyStorageAccessGrantedFor(aHostURI)) {
|
||||
firstPartyStorageAccessGranted = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Asynchronously call the parent.
|
||||
if (mIPCOpen) {
|
||||
SendSetCookieString(hostURIParams, channelURIParams,
|
||||
isForeign, isTrackingResource, cookieString,
|
||||
isForeign, isTrackingResource,
|
||||
firstPartyStorageAccessGranted, cookieString,
|
||||
stringServerTime, attrs, aFromHttp);
|
||||
}
|
||||
|
||||
@ -660,7 +682,8 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
nsCookieService::CheckPrefs(permissionService, mCookieBehavior,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
isForeign, isTrackingResource, aCookieString,
|
||||
isForeign, isTrackingResource,
|
||||
firstPartyStorageAccessGranted, aCookieString,
|
||||
CountCookiesFromHashTable(baseDomain, attrs),
|
||||
attrs);
|
||||
|
||||
|
@ -66,6 +66,7 @@ protected:
|
||||
void GetCookieStringFromCookieHashTable(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
@ -75,6 +76,7 @@ protected:
|
||||
GetCookieStringSyncIPC(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
|
@ -162,10 +162,16 @@ CookieServiceParent::TrackCookieLoad(nsIChannel *aChannel)
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
bool storageAccessGranted = false;
|
||||
if (loadInfo && loadInfo->IsFirstPartyStorageAccessGrantedFor(uri)) {
|
||||
storageAccessGranted = true;
|
||||
}
|
||||
|
||||
nsTArray<nsCookie*> foundCookieList;
|
||||
mCookieService->GetCookiesForURI(uri, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, aIsSameSiteForeign,
|
||||
false, attrs, foundCookieList);
|
||||
storageAccessGranted, isSafeTopLevelNav,
|
||||
aIsSameSiteForeign, false, attrs,
|
||||
foundCookieList);
|
||||
nsTArray<CookieStruct> matchingCookiesList;
|
||||
SerialializeCookieList(foundCookieList, matchingCookiesList, uri);
|
||||
Unused << SendTrackCookiesLoad(matchingCookiesList, attrs);
|
||||
@ -196,6 +202,7 @@ mozilla::ipc::IPCResult
|
||||
CookieServiceParent::RecvPrepareCookieList(const URIParams &aHost,
|
||||
const bool &aIsForeign,
|
||||
const bool &aIsTrackingResource,
|
||||
const bool &aFirstPartyStorageAccessGranted,
|
||||
const bool &aIsSafeTopLevelNav,
|
||||
const bool &aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs)
|
||||
@ -205,8 +212,9 @@ CookieServiceParent::RecvPrepareCookieList(const URIParams &aHost,
|
||||
// Send matching cookies to Child.
|
||||
nsTArray<nsCookie*> foundCookieList;
|
||||
mCookieService->GetCookiesForURI(hostURI, aIsForeign, aIsTrackingResource,
|
||||
aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
false, aAttrs, foundCookieList);
|
||||
aFirstPartyStorageAccessGranted, aIsSafeTopLevelNav,
|
||||
aIsSameSiteForeign, false, aAttrs,
|
||||
foundCookieList);
|
||||
nsTArray<CookieStruct> matchingCookiesList;
|
||||
SerialializeCookieList(foundCookieList, matchingCookiesList, hostURI);
|
||||
Unused << SendTrackCookiesLoad(matchingCookiesList, aAttrs);
|
||||
@ -224,6 +232,7 @@ mozilla::ipc::IPCResult
|
||||
CookieServiceParent::RecvGetCookieString(const URIParams& aHost,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const bool& aFirstPartyStorageAccessGranted,
|
||||
const bool& aIsSafeTopLevelNav,
|
||||
const bool& aIsSameSiteForeign,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -238,8 +247,8 @@ CookieServiceParent::RecvGetCookieString(const URIParams& aHost,
|
||||
if (!hostURI)
|
||||
return IPC_FAIL_NO_REASON(this);
|
||||
mCookieService->GetCookieStringInternal(hostURI, aIsForeign, aIsTrackingResource,
|
||||
aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
false, aAttrs, *aResult);
|
||||
aFirstPartyStorageAccessGranted, aIsSafeTopLevelNav,
|
||||
aIsSameSiteForeign, false, aAttrs, *aResult);
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
@ -248,6 +257,7 @@ CookieServiceParent::RecvSetCookieString(const URIParams& aHost,
|
||||
const URIParams& aChannelURI,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const bool& aFirstPartyStorageAccessGranted,
|
||||
const nsCString& aCookieString,
|
||||
const nsCString& aServerTime,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -285,9 +295,10 @@ CookieServiceParent::RecvSetCookieString(const URIParams& aHost,
|
||||
// we don't send it back to the same content process.
|
||||
mProcessingCookie = true;
|
||||
mCookieService->SetCookieStringInternal(hostURI, aIsForeign,
|
||||
aIsTrackingResource, cookieString,
|
||||
aServerTime, aFromHttp, aAttrs,
|
||||
dummyChannel);
|
||||
aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted,
|
||||
cookieString, aServerTime, aFromHttp,
|
||||
aAttrs, dummyChannel);
|
||||
mProcessingCookie = false;
|
||||
return IPC_OK();
|
||||
}
|
||||
|
@ -43,6 +43,7 @@ protected:
|
||||
virtual mozilla::ipc::IPCResult RecvGetCookieString(const URIParams& aHost,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const bool& aFirstPartyStorageAccessGranted,
|
||||
const bool& aIsSafeTopLevelNav,
|
||||
const bool& aIsSameSiteForeign,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -52,6 +53,7 @@ protected:
|
||||
const URIParams& aChannelURI,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const bool& aFirstPartyStorageAccessGranted,
|
||||
const nsCString& aCookieString,
|
||||
const nsCString& aServerTime,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -60,6 +62,7 @@ protected:
|
||||
mozilla::ipc::IPCResult RecvPrepareCookieList(const URIParams &aHost,
|
||||
const bool &aIsForeign,
|
||||
const bool &aIsTackingResource,
|
||||
const bool& aFirstPartyStorageAccessGranted,
|
||||
const bool &aIsSafeTopLevelNav,
|
||||
const bool &aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs) override;
|
||||
|
@ -47,7 +47,11 @@ parent:
|
||||
* rejected depending on user preferences; if those checks are
|
||||
* disabled, this parameter is ignored.
|
||||
* @param isTrackingResource
|
||||
* True if the the request has been marked as tracking.
|
||||
* True if the request has been marked as tracking.
|
||||
* @param firstPartyStorageAccessGranted
|
||||
* True if host has storage access granted. Note that the storage
|
||||
* access is automatically granted also if the channel is not marked as
|
||||
* tracking resource, or if it's not a 3rd party context.
|
||||
* @param isSafeTopLevelNav
|
||||
* True for safe methods like e.g. GET.
|
||||
* @param isSameSiteForeign
|
||||
@ -69,6 +73,7 @@ parent:
|
||||
nested(inside_cpow) sync GetCookieString(URIParams host,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
bool firstPartyStorageAccessGranted,
|
||||
bool isSafeTopLevelNav,
|
||||
bool isSameSiteForeign,
|
||||
OriginAttributes attrs)
|
||||
@ -88,7 +93,11 @@ parent:
|
||||
* rejected depending on user preferences; if those checks are
|
||||
* disabled, this parameter is ignored.
|
||||
* @param isTrackingResource
|
||||
* True if the the request has been marked as tracking.
|
||||
* True if the request has been marked as tracking.
|
||||
* @param firstPartyStorageAccessGranted
|
||||
* True if host has storage access granted. Note that the storage
|
||||
* access is automatically granted also if the channel is not marked as
|
||||
* tracking resource, or if it's not a 3rd party context.
|
||||
* @param cookieString
|
||||
* Same as the 'aCookie' argument to nsICookieService.setCookieString.
|
||||
* @param serverTime
|
||||
@ -111,6 +120,7 @@ parent:
|
||||
URIParams channelURI,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
bool firstPartyStorageAccessGranted,
|
||||
nsCString cookieString,
|
||||
nsCString serverTime,
|
||||
OriginAttributes attrs,
|
||||
@ -119,6 +129,7 @@ parent:
|
||||
async PrepareCookieList(URIParams host,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
bool firstPartyStorageAccessGranted,
|
||||
bool isSafeTopLevelNav,
|
||||
bool isSameSiteForeign,
|
||||
OriginAttributes attrs);
|
||||
|
@ -2045,9 +2045,14 @@ nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
// Get originAttributes.
|
||||
OriginAttributes attrs;
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
if (aChannel) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
||||
if (loadInfo && loadInfo->IsFirstPartyStorageAccessGrantedFor(aHostURI)) {
|
||||
firstPartyStorageAccessGranted = true;
|
||||
}
|
||||
|
||||
NS_GetOriginAttributes(aChannel, attrs);
|
||||
}
|
||||
|
||||
@ -2055,8 +2060,8 @@ nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
|
||||
bool isSameSiteForeign = NS_IsSameSiteForeign(aChannel, aHostURI);
|
||||
nsAutoCString result;
|
||||
GetCookieStringInternal(aHostURI, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign,
|
||||
aHttpBound, attrs, result);
|
||||
firstPartyStorageAccessGranted, isSafeTopLevelNav,
|
||||
isSameSiteForeign, aHttpBound, attrs, result);
|
||||
*aCookie = result.IsEmpty() ? nullptr : ToNewCString(result);
|
||||
return NS_OK;
|
||||
}
|
||||
@ -2146,15 +2151,20 @@ nsCookieService::SetCookieStringCommon(nsIURI *aHostURI,
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
// Get originAttributes.
|
||||
OriginAttributes attrs;
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
if (aChannel) {
|
||||
NS_GetOriginAttributes(aChannel, attrs);
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
||||
if (loadInfo && loadInfo->IsFirstPartyStorageAccessGrantedFor(aHostURI)) {
|
||||
firstPartyStorageAccessGranted = true;
|
||||
}
|
||||
}
|
||||
|
||||
nsDependentCString cookieString(aCookieHeader);
|
||||
nsDependentCString serverTime(aServerTime ? aServerTime : "");
|
||||
SetCookieStringInternal(aHostURI, isForeign, isTrackingResource, cookieString,
|
||||
SetCookieStringInternal(aHostURI, isForeign, isTrackingResource,
|
||||
firstPartyStorageAccessGranted, cookieString,
|
||||
serverTime, aFromHttp, attrs, aChannel);
|
||||
return NS_OK;
|
||||
}
|
||||
@ -2163,6 +2173,7 @@ void
|
||||
nsCookieService::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
nsDependentCString &aCookieHeader,
|
||||
const nsCString &aServerTime,
|
||||
bool aFromHttp,
|
||||
@ -2206,6 +2217,7 @@ nsCookieService::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted,
|
||||
aCookieHeader.get(), priorCookieCount,
|
||||
aOriginAttrs);
|
||||
|
||||
@ -3139,6 +3151,7 @@ void
|
||||
nsCookieService::GetCookiesForURI(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
bool aHttpBound,
|
||||
@ -3181,6 +3194,7 @@ nsCookieService::GetCookiesForURI(nsIURI *aHostURI,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted,
|
||||
nullptr, priorCookieCount,
|
||||
aOriginAttrs);
|
||||
|
||||
@ -3314,6 +3328,7 @@ void
|
||||
nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
bool aHttpBound,
|
||||
@ -3322,8 +3337,9 @@ nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
{
|
||||
AutoTArray<nsCookie*, 8> foundCookieList;
|
||||
GetCookiesForURI(aHostURI, aIsForeign, aIsTrackingResource,
|
||||
aIsSafeTopLevelNav, aIsSameSiteForeign, aHttpBound,
|
||||
aOriginAttrs, foundCookieList);
|
||||
aFirstPartyStorageAccessGranted, aIsSafeTopLevelNav,
|
||||
aIsSameSiteForeign, aHttpBound, aOriginAttrs,
|
||||
foundCookieList);
|
||||
|
||||
nsCookie* cookie;
|
||||
for (uint32_t i = 0; i < foundCookieList.Length(); ++i) {
|
||||
@ -4162,6 +4178,7 @@ nsCookieService::CheckPrefs(nsICookiePermission *aPermissionService,
|
||||
nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
const char *aCookieHeader,
|
||||
const int aNumOfCookies,
|
||||
const OriginAttributes &aOriginAttrs)
|
||||
@ -4184,8 +4201,9 @@ nsCookieService::CheckPrefs(nsICookiePermission *aPermissionService,
|
||||
}
|
||||
|
||||
// No cookies allowed if this request comes from a tracker, in a 3rd party
|
||||
// context, when anti-tracking protection is enabled.
|
||||
if (aIsForeign && aIsTrackingResource &&
|
||||
// context, when anti-tracking protection is enabled and when we don't have
|
||||
// access to the first-party cookie jar.
|
||||
if (aIsForeign && aIsTrackingResource && !aFirstPartyStorageAccessGranted &&
|
||||
StaticPrefs::privacy_restrict3rdpartystorage_enabled()) {
|
||||
return STATUS_REJECTED;
|
||||
}
|
||||
|
@ -270,9 +270,9 @@ class nsCookieService final : public nsICookieService
|
||||
static bool IsSameSiteEnabled();
|
||||
static bool PathMatches(nsCookie* aCookie, const nsACString& aPath);
|
||||
static bool CanSetCookie(nsIURI *aHostURI, const nsCookieKey& aKey, nsCookieAttributes &aCookieAttributes, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel, bool aLeaveSercureAlone, bool &aSetCookie, mozIThirdPartyUtil* aThirdPartyUtil);
|
||||
static CookieStatus CheckPrefs(nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior, bool aThirdPartySession, bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, const char *aCookieHeader, const int aNumOfCookies, const OriginAttributes& aOriginAttrs);
|
||||
static CookieStatus CheckPrefs(nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior, bool aThirdPartySession, bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aIsFirstPartyStorageAccessGranted, const char *aCookieHeader, const int aNumOfCookies, const OriginAttributes& aOriginAttrs);
|
||||
static int64_t ParseServerTime(const nsCString &aServerTime);
|
||||
void GetCookiesForURI(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsTArray<nsCookie*>& aCookieList);
|
||||
void GetCookiesForURI(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsTArray<nsCookie*>& aCookieList);
|
||||
|
||||
protected:
|
||||
virtual ~nsCookieService();
|
||||
@ -298,9 +298,9 @@ class nsCookieService final : public nsICookieService
|
||||
void EnsureReadComplete(bool aInitDBConn);
|
||||
nsresult NormalizeHost(nsCString &aHost);
|
||||
nsresult GetCookieStringCommon(nsIURI *aHostURI, nsIChannel *aChannel, bool aHttpBound, char** aCookie);
|
||||
void GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsCString &aCookie);
|
||||
void GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsCString &aCookie);
|
||||
nsresult SetCookieStringCommon(nsIURI *aHostURI, const char *aCookieHeader, const char *aServerTime, nsIChannel *aChannel, bool aFromHttp);
|
||||
void SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const OriginAttributes &aOriginAttrs, nsIChannel* aChannel);
|
||||
void SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aFirstPartyStorageAccessGranted, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const OriginAttributes &aOriginAttrs, nsIChannel* aChannel);
|
||||
bool SetCookieInternal(nsIURI *aHostURI, const nsCookieKey& aKey, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel);
|
||||
void AddInternal(const nsCookieKey& aKey, nsCookie *aCookie, int64_t aCurrentTimeInUsec, nsIURI *aHostURI, const char *aCookieHeader, bool aFromHttp);
|
||||
void RemoveCookieFromList(const nsListIter &aIter, mozIStorageBindingParamsArray *aParamsArray = nullptr);
|
||||
|
Loading…
Reference in New Issue
Block a user