mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 01:05:45 +00:00
Bug 1641459 - Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 1 - implementation, r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D77244
This commit is contained in:
parent
297ce6d27a
commit
9706a3ab32
@ -455,6 +455,17 @@ CookieService::SetCookieStringFromDocument(Document* aDocument,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsPIDOMWindowInner* innerWindow = aDocument->GetInnerWindow();
|
||||
if (NS_WARN_IF(!innerWindow)) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow, nullptr,
|
||||
nullptr) &&
|
||||
!CookieCommons::ShouldIncludeCrossSiteCookieForDocument(cookie)) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// add the cookie to the list. AddCookie() takes care of logging.
|
||||
PickStorage(attrs)->AddCookie(baseDomain, attrs, cookie, currentTimeInUsec,
|
||||
documentURI, aCookieString, false);
|
||||
|
@ -444,6 +444,17 @@ CookieServiceChild::SetCookieStringFromDocument(
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsPIDOMWindowInner* innerWindow = aDocument->GetInnerWindow();
|
||||
if (NS_WARN_IF(!innerWindow)) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow, nullptr,
|
||||
nullptr) &&
|
||||
!CookieCommons::ShouldIncludeCrossSiteCookieForDocument(cookie)) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
CookieKey key(baseDomain, attrs);
|
||||
CookiesList* cookies = mCookiesMap.Get(key);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user