mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 1461921 - Block storage access for third-parties on the tracking protection list - part 5 - Cookies, r=ehsan
This commit is contained in:
parent
61e21dc2dc
commit
5b9437cad2
@ -8854,6 +8854,36 @@ nsContentUtils::GetCookieBehaviorForPrincipal(nsIPrincipal* aPrincipal,
|
||||
}
|
||||
}
|
||||
|
||||
// static public
|
||||
bool
|
||||
nsContentUtils::StorageDisabledByAntiTracking(nsPIDOMWindowInner* aWindow,
|
||||
nsIChannel* aChannel,
|
||||
nsIURI* aURI)
|
||||
{
|
||||
if (!StaticPrefs::privacy_trackingprotection_storagerestriction_enabled()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Let's check if this is a 3rd party context.
|
||||
if (!IsThirdPartyWindowOrChannel(aWindow, aChannel, aURI)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
|
||||
// aChannel and aWindow are mutually exclusive.
|
||||
channel = aChannel;
|
||||
if (aWindow) {
|
||||
nsIDocument* document = aWindow->GetExtantDoc();
|
||||
if (document) {
|
||||
channel = document->GetChannel();
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(channel);
|
||||
return httpChannel && httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
// static, private
|
||||
nsContentUtils::StorageAccess
|
||||
nsContentUtils::InternalStorageAllowedForPrincipal(nsIPrincipal* aPrincipal,
|
||||
@ -8871,27 +8901,8 @@ nsContentUtils::InternalStorageAllowedForPrincipal(nsIPrincipal* aPrincipal,
|
||||
return StorageAccess::eDeny;
|
||||
}
|
||||
|
||||
// Let's check if this is a 3rd party context.
|
||||
bool thirdParty = IsThirdPartyWindowOrChannel(aWindow, aChannel, aURI);
|
||||
|
||||
// Pref disabled.
|
||||
if (thirdParty &&
|
||||
StaticPrefs::privacy_trackingprotection_storagerestriction_enabled()) {
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
|
||||
// aChannel and aWindow are mutually exclusive.
|
||||
channel = aChannel;
|
||||
if (aWindow) {
|
||||
nsIDocument* document = aWindow->GetExtantDoc();
|
||||
if (document) {
|
||||
channel = document->GetChannel();
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(channel);
|
||||
if (httpChannel && httpChannel->GetIsTrackingResource()) {
|
||||
return StorageAccess::eDeny;
|
||||
}
|
||||
if (StorageDisabledByAntiTracking(aWindow, aChannel, aURI)) {
|
||||
return StorageAccess::eDeny;
|
||||
}
|
||||
|
||||
if (aWindow) {
|
||||
@ -8970,7 +8981,8 @@ nsContentUtils::InternalStorageAllowedForPrincipal(nsIPrincipal* aPrincipal,
|
||||
}
|
||||
|
||||
if ((behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
|
||||
behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) && thirdParty) {
|
||||
behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) &&
|
||||
IsThirdPartyWindowOrChannel(aWindow, aChannel, aURI)) {
|
||||
// XXX For non-cookie forms of storage, we handle BEHAVIOR_LIMIT_FOREIGN by
|
||||
// simply rejecting the request to use the storage. In the future, if we
|
||||
// change the meaning of BEHAVIOR_LIMIT_FOREIGN to be one which makes sense
|
||||
|
@ -2954,6 +2954,14 @@ public:
|
||||
*/
|
||||
static StorageAccess StorageAllowedForPrincipal(nsIPrincipal* aPrincipal);
|
||||
|
||||
/*
|
||||
* Returns true if this window/channel should disable storages because of the
|
||||
* anti-tracking feature.
|
||||
*/
|
||||
static bool StorageDisabledByAntiTracking(nsPIDOMWindowInner* aWindow,
|
||||
nsIChannel* aChannel,
|
||||
nsIURI* aURI);
|
||||
|
||||
/*
|
||||
* Serializes a HTML nsINode into its markup representation.
|
||||
*/
|
||||
|
@ -1106,6 +1106,11 @@ nsHTMLDocument::GetCookie(nsAString& aCookie, ErrorResult& rv)
|
||||
return;
|
||||
}
|
||||
|
||||
if (nsContentUtils::StorageDisabledByAntiTracking(GetInnerWindow(), nullptr,
|
||||
nullptr)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// If the document is a cookie-averse Document... return the empty string.
|
||||
if (IsCookieAverse()) {
|
||||
return;
|
||||
|
@ -172,11 +172,16 @@ CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel)
|
||||
}
|
||||
|
||||
bool isForeign = false;
|
||||
bool isTrackingResource = false;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aChannel->GetURI(getter_AddRefs(uri));
|
||||
if (RequireThirdPartyCheck()) {
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
|
||||
}
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (httpChannel) {
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
||||
mozilla::OriginAttributes attrs;
|
||||
if (loadInfo) {
|
||||
@ -186,8 +191,8 @@ CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel)
|
||||
SerializeURI(uri, uriParams);
|
||||
bool isSafeTopLevelNav = NS_IsSafeTopLevelNav(aChannel);
|
||||
bool isSameSiteForeign = NS_IsSameSiteForeign(aChannel, uri);
|
||||
SendPrepareCookieList(uriParams, isForeign, isSafeTopLevelNav,
|
||||
isSameSiteForeign, attrs);
|
||||
SendPrepareCookieList(uriParams, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign, attrs);
|
||||
}
|
||||
|
||||
mozilla::ipc::IPCResult
|
||||
@ -328,6 +333,7 @@ CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch)
|
||||
void
|
||||
CookieServiceChild::GetCookieStringFromCookieHashTable(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aOriginAttrs,
|
||||
@ -361,7 +367,7 @@ CookieServiceChild::GetCookieStringFromCookieHashTable(nsIURI *a
|
||||
nsCookieService::CheckPrefs(permissionService, mCookieBehavior,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, nullptr,
|
||||
aIsForeign, aIsTrackingResource, nullptr,
|
||||
CountCookiesFromHashTable(baseDomain, aOriginAttrs),
|
||||
aOriginAttrs);
|
||||
|
||||
@ -422,6 +428,7 @@ CookieServiceChild::GetCookieStringFromCookieHashTable(nsIURI *a
|
||||
void
|
||||
CookieServiceChild::GetCookieStringSyncIPC(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
@ -430,7 +437,7 @@ CookieServiceChild::GetCookieStringSyncIPC(nsIURI *aHostURI,
|
||||
URIParams uriParams;
|
||||
SerializeURI(aHostURI, uriParams);
|
||||
|
||||
SendGetCookieString(uriParams, aIsForeign, aIsSafeTopLevelNav, aIsSameSiteForeign, aAttrs, &aCookieString);
|
||||
SendGetCookieString(uriParams, aIsForeign, aIsTrackingResource, aIsSafeTopLevelNav, aIsSameSiteForeign, aAttrs, &aCookieString);
|
||||
}
|
||||
|
||||
uint32_t
|
||||
@ -554,19 +561,26 @@ CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
if (RequireThirdPartyCheck())
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
|
||||
|
||||
bool isTrackingResource = false;
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (httpChannel) {
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
bool isSafeTopLevelNav = NS_IsSafeTopLevelNav(aChannel);
|
||||
bool isSameSiteForeign = NS_IsSameSiteForeign(aChannel, aHostURI);
|
||||
|
||||
nsAutoCString result;
|
||||
if (!mIPCSync) {
|
||||
GetCookieStringFromCookieHashTable(aHostURI, !!isForeign, isSafeTopLevelNav,
|
||||
isSameSiteForeign, attrs, result);
|
||||
GetCookieStringFromCookieHashTable(aHostURI, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign,
|
||||
attrs, result);
|
||||
} else {
|
||||
if (!mIPCOpen) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
GetCookieStringSyncIPC(aHostURI, !!isForeign, isSafeTopLevelNav,
|
||||
isSameSiteForeign, attrs, result);
|
||||
GetCookieStringSyncIPC(aHostURI, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign, attrs, result);
|
||||
}
|
||||
|
||||
if (!result.IsEmpty())
|
||||
@ -597,6 +611,12 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
if (RequireThirdPartyCheck())
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
|
||||
|
||||
bool isTrackingResource = false;
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (httpChannel) {
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
nsDependentCString cookieString(aCookieString);
|
||||
nsDependentCString stringServerTime;
|
||||
if (aServerTime)
|
||||
@ -621,7 +641,7 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
// Asynchronously call the parent.
|
||||
if (mIPCOpen) {
|
||||
SendSetCookieString(hostURIParams, channelURIParams,
|
||||
!!isForeign, cookieString,
|
||||
isForeign, isTrackingResource, cookieString,
|
||||
stringServerTime, attrs, aFromHttp);
|
||||
}
|
||||
|
||||
@ -640,7 +660,7 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
nsCookieService::CheckPrefs(permissionService, mCookieBehavior,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
isForeign, aCookieString,
|
||||
isForeign, isTrackingResource, aCookieString,
|
||||
CountCookiesFromHashTable(baseDomain, attrs),
|
||||
attrs);
|
||||
|
||||
|
@ -65,6 +65,7 @@ protected:
|
||||
|
||||
void GetCookieStringFromCookieHashTable(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
@ -73,6 +74,7 @@ protected:
|
||||
void
|
||||
GetCookieStringSyncIPC(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
|
@ -155,8 +155,16 @@ CookieServiceParent::TrackCookieLoad(nsIChannel *aChannel)
|
||||
thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID);
|
||||
bool isForeign = true;
|
||||
thirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
|
||||
|
||||
bool isTrackingResource = false;
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (httpChannel) {
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
nsTArray<nsCookie*> foundCookieList;
|
||||
mCookieService->GetCookiesForURI(uri, isForeign, isSafeTopLevelNav, aIsSameSiteForeign,
|
||||
mCookieService->GetCookiesForURI(uri, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, aIsSameSiteForeign,
|
||||
false, attrs, foundCookieList);
|
||||
nsTArray<CookieStruct> matchingCookiesList;
|
||||
SerialializeCookieList(foundCookieList, matchingCookiesList, uri);
|
||||
@ -187,6 +195,7 @@ CookieServiceParent::SerialializeCookieList(const nsTArray<nsCookie*> &aFoundCoo
|
||||
mozilla::ipc::IPCResult
|
||||
CookieServiceParent::RecvPrepareCookieList(const URIParams &aHost,
|
||||
const bool &aIsForeign,
|
||||
const bool &aIsTrackingResource,
|
||||
const bool &aIsSafeTopLevelNav,
|
||||
const bool &aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs)
|
||||
@ -195,7 +204,8 @@ CookieServiceParent::RecvPrepareCookieList(const URIParams &aHost,
|
||||
|
||||
// Send matching cookies to Child.
|
||||
nsTArray<nsCookie*> foundCookieList;
|
||||
mCookieService->GetCookiesForURI(hostURI, aIsForeign, aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
mCookieService->GetCookiesForURI(hostURI, aIsForeign, aIsTrackingResource,
|
||||
aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
false, aAttrs, foundCookieList);
|
||||
nsTArray<CookieStruct> matchingCookiesList;
|
||||
SerialializeCookieList(foundCookieList, matchingCookiesList, hostURI);
|
||||
@ -213,6 +223,7 @@ CookieServiceParent::ActorDestroy(ActorDestroyReason aWhy)
|
||||
mozilla::ipc::IPCResult
|
||||
CookieServiceParent::RecvGetCookieString(const URIParams& aHost,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const bool& aIsSafeTopLevelNav,
|
||||
const bool& aIsSameSiteForeign,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -226,7 +237,8 @@ CookieServiceParent::RecvGetCookieString(const URIParams& aHost,
|
||||
nsCOMPtr<nsIURI> hostURI = DeserializeURI(aHost);
|
||||
if (!hostURI)
|
||||
return IPC_FAIL_NO_REASON(this);
|
||||
mCookieService->GetCookieStringInternal(hostURI, aIsForeign, aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
mCookieService->GetCookieStringInternal(hostURI, aIsForeign, aIsTrackingResource,
|
||||
aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
false, aAttrs, *aResult);
|
||||
return IPC_OK();
|
||||
}
|
||||
@ -235,6 +247,7 @@ mozilla::ipc::IPCResult
|
||||
CookieServiceParent::RecvSetCookieString(const URIParams& aHost,
|
||||
const URIParams& aChannelURI,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const nsCString& aCookieString,
|
||||
const nsCString& aServerTime,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -271,7 +284,8 @@ CookieServiceParent::RecvSetCookieString(const URIParams& aHost,
|
||||
// We set this to true while processing this cookie update, to make sure
|
||||
// we don't send it back to the same content process.
|
||||
mProcessingCookie = true;
|
||||
mCookieService->SetCookieStringInternal(hostURI, aIsForeign, cookieString,
|
||||
mCookieService->SetCookieStringInternal(hostURI, aIsForeign,
|
||||
aIsTrackingResource, cookieString,
|
||||
aServerTime, aFromHttp, aAttrs,
|
||||
dummyChannel);
|
||||
mProcessingCookie = false;
|
||||
|
@ -42,6 +42,7 @@ protected:
|
||||
|
||||
virtual mozilla::ipc::IPCResult RecvGetCookieString(const URIParams& aHost,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const bool& aIsSafeTopLevelNav,
|
||||
const bool& aIsSameSiteForeign,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -50,6 +51,7 @@ protected:
|
||||
virtual mozilla::ipc::IPCResult RecvSetCookieString(const URIParams& aHost,
|
||||
const URIParams& aChannelURI,
|
||||
const bool& aIsForeign,
|
||||
const bool& aIsTrackingResource,
|
||||
const nsCString& aCookieString,
|
||||
const nsCString& aServerTime,
|
||||
const OriginAttributes& aAttrs,
|
||||
@ -57,6 +59,7 @@ protected:
|
||||
virtual
|
||||
mozilla::ipc::IPCResult RecvPrepareCookieList(const URIParams &aHost,
|
||||
const bool &aIsForeign,
|
||||
const bool &aIsTackingResource,
|
||||
const bool &aIsSafeTopLevelNav,
|
||||
const bool &aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs) override;
|
||||
|
@ -46,6 +46,8 @@ parent:
|
||||
* mozIThirdPartyUtil.isThirdPartyChannel. Third party requests may be
|
||||
* rejected depending on user preferences; if those checks are
|
||||
* disabled, this parameter is ignored.
|
||||
* @param isTrackingResource
|
||||
* True if the the request has been marked as tracking.
|
||||
* @param isSafeTopLevelNav
|
||||
* True for safe methods like e.g. GET.
|
||||
* @param isSameSiteForeign
|
||||
@ -66,6 +68,7 @@ parent:
|
||||
*/
|
||||
nested(inside_cpow) sync GetCookieString(URIParams host,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
bool isSafeTopLevelNav,
|
||||
bool isSameSiteForeign,
|
||||
OriginAttributes attrs)
|
||||
@ -84,6 +87,8 @@ parent:
|
||||
* mozIThirdPartyUtil.isThirdPartyChannel. Third party requests may be
|
||||
* rejected depending on user preferences; if those checks are
|
||||
* disabled, this parameter is ignored.
|
||||
* @param isTrackingResource
|
||||
* True if the the request has been marked as tracking.
|
||||
* @param cookieString
|
||||
* Same as the 'aCookie' argument to nsICookieService.setCookieString.
|
||||
* @param serverTime
|
||||
@ -105,6 +110,7 @@ parent:
|
||||
nested(inside_cpow) async SetCookieString(URIParams host,
|
||||
URIParams channelURI,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
nsCString cookieString,
|
||||
nsCString serverTime,
|
||||
OriginAttributes attrs,
|
||||
@ -112,6 +118,7 @@ parent:
|
||||
|
||||
async PrepareCookieList(URIParams host,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
bool isSafeTopLevelNav,
|
||||
bool isSameSiteForeign,
|
||||
OriginAttributes attrs);
|
||||
|
@ -56,6 +56,7 @@
|
||||
#include "mozilla/AutoRestore.h"
|
||||
#include "mozilla/FileUtils.h"
|
||||
#include "mozilla/ScopeExit.h"
|
||||
#include "mozilla/StaticPrefs.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "nsIConsoleService.h"
|
||||
#include "nsVariant.h"
|
||||
@ -2035,6 +2036,12 @@ nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
|
||||
bool isForeign = true;
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
|
||||
|
||||
bool isTrackingResource = false;
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (httpChannel) {
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
// Get originAttributes.
|
||||
OriginAttributes attrs;
|
||||
if (aChannel) {
|
||||
@ -2044,7 +2051,8 @@ nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
|
||||
bool isSafeTopLevelNav = NS_IsSafeTopLevelNav(aChannel);
|
||||
bool isSameSiteForeign = NS_IsSameSiteForeign(aChannel, aHostURI);
|
||||
nsAutoCString result;
|
||||
GetCookieStringInternal(aHostURI, isForeign, isSafeTopLevelNav, isSameSiteForeign,
|
||||
GetCookieStringInternal(aHostURI, isForeign, isTrackingResource,
|
||||
isSafeTopLevelNav, isSameSiteForeign,
|
||||
aHttpBound, attrs, result);
|
||||
*aCookie = result.IsEmpty() ? nullptr : ToNewCString(result);
|
||||
return NS_OK;
|
||||
@ -2129,6 +2137,12 @@ nsCookieService::SetCookieStringCommon(nsIURI *aHostURI,
|
||||
bool isForeign = true;
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
|
||||
|
||||
bool isTrackingResource = false;
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (httpChannel) {
|
||||
isTrackingResource = httpChannel->GetIsTrackingResource();
|
||||
}
|
||||
|
||||
// Get originAttributes.
|
||||
OriginAttributes attrs;
|
||||
if (aChannel) {
|
||||
@ -2137,7 +2151,7 @@ nsCookieService::SetCookieStringCommon(nsIURI *aHostURI,
|
||||
|
||||
nsDependentCString cookieString(aCookieHeader);
|
||||
nsDependentCString serverTime(aServerTime ? aServerTime : "");
|
||||
SetCookieStringInternal(aHostURI, isForeign, cookieString,
|
||||
SetCookieStringInternal(aHostURI, isForeign, isTrackingResource, cookieString,
|
||||
serverTime, aFromHttp, attrs, aChannel);
|
||||
return NS_OK;
|
||||
}
|
||||
@ -2145,6 +2159,7 @@ nsCookieService::SetCookieStringCommon(nsIURI *aHostURI,
|
||||
void
|
||||
nsCookieService::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
nsDependentCString &aCookieHeader,
|
||||
const nsCString &aServerTime,
|
||||
bool aFromHttp,
|
||||
@ -2187,8 +2202,9 @@ nsCookieService::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
CookieStatus cookieStatus = CheckPrefs(mPermissionService, mCookieBehavior,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aCookieHeader.get(),
|
||||
priorCookieCount, aOriginAttrs);
|
||||
aIsForeign, aIsTrackingResource,
|
||||
aCookieHeader.get(), priorCookieCount,
|
||||
aOriginAttrs);
|
||||
|
||||
// fire a notification if third party or if cookie was rejected
|
||||
// (but not if there was an error)
|
||||
@ -3119,6 +3135,7 @@ nsCookieService::PathMatches(nsCookie* aCookie,
|
||||
void
|
||||
nsCookieService::GetCookiesForURI(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
bool aHttpBound,
|
||||
@ -3160,8 +3177,9 @@ nsCookieService::GetCookiesForURI(nsIURI *aHostURI,
|
||||
CookieStatus cookieStatus = CheckPrefs(mPermissionService, mCookieBehavior,
|
||||
mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, nullptr,
|
||||
priorCookieCount, aOriginAttrs);
|
||||
aIsForeign, aIsTrackingResource,
|
||||
nullptr, priorCookieCount,
|
||||
aOriginAttrs);
|
||||
|
||||
// for GetCookie(), we don't fire rejection notifications.
|
||||
switch (cookieStatus) {
|
||||
@ -3292,6 +3310,7 @@ nsCookieService::GetCookiesForURI(nsIURI *aHostURI,
|
||||
void
|
||||
nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
bool aHttpBound,
|
||||
@ -3299,8 +3318,9 @@ nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
nsCString &aCookieString)
|
||||
{
|
||||
AutoTArray<nsCookie*, 8> foundCookieList;
|
||||
GetCookiesForURI(aHostURI, aIsForeign, aIsSafeTopLevelNav, aIsSameSiteForeign,
|
||||
aHttpBound, aOriginAttrs, foundCookieList);
|
||||
GetCookiesForURI(aHostURI, aIsForeign, aIsTrackingResource,
|
||||
aIsSafeTopLevelNav, aIsSameSiteForeign, aHttpBound,
|
||||
aOriginAttrs, foundCookieList);
|
||||
|
||||
nsCookie* cookie;
|
||||
for (uint32_t i = 0; i < foundCookieList.Length(); ++i) {
|
||||
@ -4137,6 +4157,7 @@ nsCookieService::CheckPrefs(nsICookiePermission *aPermissionService,
|
||||
bool aThirdPartyNonsecureSession,
|
||||
nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
const char *aCookieHeader,
|
||||
const int aNumOfCookies,
|
||||
const OriginAttributes &aOriginAttrs)
|
||||
@ -4158,6 +4179,13 @@ nsCookieService::CheckPrefs(nsICookiePermission *aPermissionService,
|
||||
return STATUS_REJECTED_WITH_ERROR;
|
||||
}
|
||||
|
||||
// No cookies allowed if this request comes from a tracker, in a 3rd party
|
||||
// context, when anti-tracking protection is enabled.
|
||||
if (aIsForeign && aIsTrackingResource &&
|
||||
StaticPrefs::privacy_trackingprotection_storagerestriction_enabled()) {
|
||||
return STATUS_REJECTED;
|
||||
}
|
||||
|
||||
// check the permission list first; if we find an entry, it overrides
|
||||
// default prefs. see bug 184059.
|
||||
if (aPermissionService) {
|
||||
|
@ -270,9 +270,9 @@ class nsCookieService final : public nsICookieService
|
||||
static bool IsSameSiteEnabled();
|
||||
static bool PathMatches(nsCookie* aCookie, const nsACString& aPath);
|
||||
static bool CanSetCookie(nsIURI *aHostURI, const nsCookieKey& aKey, nsCookieAttributes &aCookieAttributes, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel, bool aLeaveSercureAlone, bool &aSetCookie, mozIThirdPartyUtil* aThirdPartyUtil);
|
||||
static CookieStatus CheckPrefs(nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior, bool aThirdPartySession, bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign, const char *aCookieHeader, const int aNumOfCookies, const OriginAttributes& aOriginAttrs);
|
||||
static CookieStatus CheckPrefs(nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior, bool aThirdPartySession, bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, const char *aCookieHeader, const int aNumOfCookies, const OriginAttributes& aOriginAttrs);
|
||||
static int64_t ParseServerTime(const nsCString &aServerTime);
|
||||
void GetCookiesForURI(nsIURI *aHostURI, bool aIsForeign, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsTArray<nsCookie*>& aCookieList);
|
||||
void GetCookiesForURI(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsTArray<nsCookie*>& aCookieList);
|
||||
|
||||
protected:
|
||||
virtual ~nsCookieService();
|
||||
@ -298,9 +298,9 @@ class nsCookieService final : public nsICookieService
|
||||
void EnsureReadComplete(bool aInitDBConn);
|
||||
nsresult NormalizeHost(nsCString &aHost);
|
||||
nsresult GetCookieStringCommon(nsIURI *aHostURI, nsIChannel *aChannel, bool aHttpBound, char** aCookie);
|
||||
void GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsCString &aCookie);
|
||||
void GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, bool aIsSafeTopLevelNav, bool aIsTopLevelForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsCString &aCookie);
|
||||
nsresult SetCookieStringCommon(nsIURI *aHostURI, const char *aCookieHeader, const char *aServerTime, nsIChannel *aChannel, bool aFromHttp);
|
||||
void SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const OriginAttributes &aOriginAttrs, nsIChannel* aChannel);
|
||||
void SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const OriginAttributes &aOriginAttrs, nsIChannel* aChannel);
|
||||
bool SetCookieInternal(nsIURI *aHostURI, const nsCookieKey& aKey, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel);
|
||||
void AddInternal(const nsCookieKey& aKey, nsCookie *aCookie, int64_t aCurrentTimeInUsec, nsIURI *aHostURI, const char *aCookieHeader, bool aFromHttp);
|
||||
void RemoveCookieFromList(const nsListIter &aIter, mozIStorageBindingParamsArray *aParamsArray = nullptr);
|
||||
|
@ -6,4 +6,6 @@ support-files =
|
||||
empty.js
|
||||
|
||||
[browser_blockingResources.js]
|
||||
[browser_blockingCookies.js]
|
||||
support-files = server.sjs
|
||||
[browser_blockingMessaging.js]
|
||||
|
@ -0,0 +1,35 @@
|
||||
ChromeUtils.import("resource://gre/modules/Services.jsm");
|
||||
|
||||
AntiTracking.runTest("Set/Get Cookies",
|
||||
async _ => {
|
||||
is(document.cookie, "", "No cookies for me");
|
||||
|
||||
await fetch("server.sjs").then(r => r.text()).then(text => {
|
||||
is(text, "cookie-not-present", "We should not have cookies");
|
||||
});
|
||||
// Let's do it twice.
|
||||
await fetch("server.sjs").then(r => r.text()).then(text => {
|
||||
is(text, "cookie-not-present", "We should not have cookies");
|
||||
});
|
||||
|
||||
is(document.cookie, "", "Still no cookies for me");
|
||||
},
|
||||
async _ => {
|
||||
is(document.cookie, "", "No cookies for me");
|
||||
|
||||
await fetch("server.sjs").then(r => r.text()).then(text => {
|
||||
is(text, "cookie-not-present", "We should not have cookies");
|
||||
});
|
||||
await fetch("server.sjs").then(r => r.text()).then(text => {
|
||||
is(text, "cookie-present", "We should have cookies");
|
||||
});
|
||||
|
||||
ok(document.cookie.length, "Some Cookies for me");
|
||||
});
|
||||
|
||||
registerCleanupFunction(async _ => {
|
||||
// cache removed.
|
||||
await new Promise(resolve => {
|
||||
Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => resolve());
|
||||
});
|
||||
});
|
9
toolkit/components/antitracking/test/browser/server.sjs
Normal file
9
toolkit/components/antitracking/test/browser/server.sjs
Normal file
@ -0,0 +1,9 @@
|
||||
function handleRequest(aRequest, aResponse) {
|
||||
aResponse.setStatusLine(aRequest.httpVersion, 200);
|
||||
if (aRequest.hasHeader('Cookie')) {
|
||||
aResponse.write("cookie-present");
|
||||
} else {
|
||||
aResponse.setHeader("Set-Cookie", "foopy=1");
|
||||
aResponse.write("cookie-not-present");
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user