Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-21 09:15:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1641459 - Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 1 - implementation, r=smaug

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D77244
This commit is contained in:
Andrea Marchesini 2020-05-28 13:25:49 +00:00
parent 297ce6d27a
commit 9706a3ab32
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
netwerk/cookie/CookieService.cpp
View File

@ -455,6 +455,17 @@ CookieService::SetCookieStringFromDocument(Document* aDocument,
return NS_OK;
}
nsPIDOMWindowInner* innerWindow = aDocument->GetInnerWindow();
if (NS_WARN_IF(!innerWindow)) {
return NS_OK;
}
if (nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow, nullptr,
nullptr) &&
!CookieCommons::ShouldIncludeCrossSiteCookieForDocument(cookie)) {
return NS_OK;
}
// add the cookie to the list. AddCookie() takes care of logging.
PickStorage(attrs)->AddCookie(baseDomain, attrs, cookie, currentTimeInUsec,
documentURI, aCookieString, false);

11
netwerk/cookie/CookieServiceChild.cpp
View File

@ -444,6 +444,17 @@ CookieServiceChild::SetCookieStringFromDocument(
return NS_OK;
}
nsPIDOMWindowInner* innerWindow = aDocument->GetInnerWindow();
if (NS_WARN_IF(!innerWindow)) {
return NS_OK;
}
if (nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow, nullptr,
nullptr) &&
!CookieCommons::ShouldIncludeCrossSiteCookieForDocument(cookie)) {
return NS_OK;
}
CookieKey key(baseDomain, attrs);
CookiesList* cookies = mCookiesMap.Get(key);