mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 13 - Cookies, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D21696 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
8e20bbbc9a
commit
a78d942c6b
@ -27,6 +27,7 @@
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/TimeStamp.h"
|
||||
#include "ThirdPartyUtil.h"
|
||||
|
||||
using namespace mozilla::ipc;
|
||||
using mozilla::OriginAttributes;
|
||||
@ -35,7 +36,6 @@ namespace mozilla {
|
||||
namespace net {
|
||||
|
||||
// Pref string constants
|
||||
static const char kPrefCookieBehavior[] = "network.cookie.cookieBehavior";
|
||||
static const char kPrefThirdPartySession[] =
|
||||
"network.cookie.thirdparty.sessionOnly";
|
||||
static const char kPrefThirdPartyNonsecureSession[] =
|
||||
@ -59,8 +59,7 @@ NS_IMPL_ISUPPORTS(CookieServiceChild, nsICookieService, nsIObserver,
|
||||
nsITimerCallback, nsISupportsWeakReference)
|
||||
|
||||
CookieServiceChild::CookieServiceChild()
|
||||
: mCookieBehavior(nsICookieService::BEHAVIOR_ACCEPT),
|
||||
mThirdPartySession(false),
|
||||
: mThirdPartySession(false),
|
||||
mThirdPartyNonsecureSession(false),
|
||||
mIPCOpen(false) {
|
||||
NS_ASSERTION(IsNeckoChild(), "not a child process");
|
||||
@ -81,6 +80,9 @@ CookieServiceChild::CookieServiceChild()
|
||||
|
||||
mIPCOpen = true;
|
||||
|
||||
mThirdPartyUtil = ThirdPartyUtil::GetInstance();
|
||||
NS_ASSERTION(mThirdPartyUtil, "couldn't get ThirdPartyUtil service");
|
||||
|
||||
mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
|
||||
NS_ASSERTION(mTLDService, "couldn't get TLDService");
|
||||
|
||||
@ -88,7 +90,6 @@ CookieServiceChild::CookieServiceChild()
|
||||
nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
|
||||
NS_WARNING_ASSERTION(prefBranch, "no prefservice");
|
||||
if (prefBranch) {
|
||||
prefBranch->AddObserver(kPrefCookieBehavior, this, true);
|
||||
prefBranch->AddObserver(kPrefThirdPartySession, this, true);
|
||||
prefBranch->AddObserver(kPrefThirdPartyNonsecureSession, this, true);
|
||||
prefBranch->AddObserver(kCookieMoveIntervalSecs, this, true);
|
||||
@ -148,7 +149,8 @@ void CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel) {
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aChannel->GetURI(getter_AddRefs(uri));
|
||||
if (RequireThirdPartyCheck()) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
if (RequireThirdPartyCheck(loadInfo)) {
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
|
||||
}
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
@ -172,7 +174,6 @@ void CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel) {
|
||||
rejectedReason);
|
||||
}
|
||||
}
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
mozilla::OriginAttributes attrs = loadInfo->GetOriginAttributes();
|
||||
URIParams uriParams;
|
||||
SerializeURI(uri, uriParams);
|
||||
@ -252,13 +253,6 @@ mozilla::ipc::IPCResult CookieServiceChild::RecvTrackCookiesLoad(
|
||||
}
|
||||
|
||||
void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
|
||||
int32_t val;
|
||||
if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookieBehavior, &val)))
|
||||
mCookieBehavior = val >= nsICookieService::BEHAVIOR_ACCEPT &&
|
||||
val <= nsICookieService::BEHAVIOR_LAST
|
||||
? val
|
||||
: nsICookieService::BEHAVIOR_ACCEPT;
|
||||
|
||||
bool boolval;
|
||||
if (NS_SUCCEEDED(aPrefBranch->GetBoolPref(kPrefThirdPartySession, &boolval)))
|
||||
mThirdPartySession = !!boolval;
|
||||
@ -267,11 +261,7 @@ void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
|
||||
aPrefBranch->GetBoolPref(kPrefThirdPartyNonsecureSession, &boolval)))
|
||||
mThirdPartyNonsecureSession = boolval;
|
||||
|
||||
if (!mThirdPartyUtil && RequireThirdPartyCheck()) {
|
||||
mThirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID);
|
||||
NS_ASSERTION(mThirdPartyUtil, "require ThirdPartyUtil service");
|
||||
}
|
||||
|
||||
int32_t val;
|
||||
if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kCookieMoveIntervalSecs, &val))) {
|
||||
gMoveCookiesIntervalSeconds = clamped<uint32_t>(val, 0, 3600);
|
||||
if (gMoveCookiesIntervalSeconds && !mCookieTimer) {
|
||||
@ -292,16 +282,23 @@ void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
|
||||
void CookieServiceChild::GetCookieStringFromCookieHashTable(
|
||||
nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign, const OriginAttributes &aOriginAttrs,
|
||||
nsCString &aCookieString) {
|
||||
bool aIsSameSiteForeign, nsIChannel *aChannel, nsCString &aCookieString) {
|
||||
nsCOMPtr<nsIEffectiveTLDService> TLDService =
|
||||
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
|
||||
NS_ASSERTION(TLDService, "Can't get TLDService");
|
||||
bool requireHostMatch;
|
||||
nsAutoCString baseDomain;
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo;
|
||||
mozilla::OriginAttributes attrs;
|
||||
if (aChannel) {
|
||||
loadInfo = aChannel->LoadInfo();
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
}
|
||||
|
||||
nsCookieService::GetBaseDomain(TLDService, aHostURI, baseDomain,
|
||||
requireHostMatch);
|
||||
nsCookieKey key(baseDomain, aOriginAttrs);
|
||||
nsCookieKey key(baseDomain, attrs);
|
||||
CookiesList *cookiesList = nullptr;
|
||||
mCookiesMap.Get(key, &cookiesList);
|
||||
|
||||
@ -317,14 +314,13 @@ void CookieServiceChild::GetCookieStringFromCookieHashTable(
|
||||
int64_t currentTimeInUsec = PR_Now();
|
||||
int64_t currentTime = currentTimeInUsec / PR_USEC_PER_SEC;
|
||||
|
||||
nsCOMPtr<nsICookiePermission> permissionService =
|
||||
nsCookiePermission::GetOrCreate();
|
||||
nsCOMPtr<nsICookieSettings> cookieSettings =
|
||||
nsCookieService::GetCookieSettings(aChannel);
|
||||
|
||||
CookieStatus cookieStatus = nsCookieService::CheckPrefs(
|
||||
permissionService, mCookieBehavior, mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI, aIsForeign, aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted, nullptr,
|
||||
CountCookiesFromHashTable(baseDomain, aOriginAttrs), aOriginAttrs,
|
||||
nullptr);
|
||||
cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
|
||||
CountCookiesFromHashTable(baseDomain, attrs), attrs, nullptr);
|
||||
|
||||
if (cookieStatus != STATUS_ACCEPTED &&
|
||||
cookieStatus != STATUS_ACCEPT_SESSION) {
|
||||
@ -409,10 +405,17 @@ void CookieServiceChild::SetCookieInternal(
|
||||
RecordDocumentCookie(cookie, aAttrs);
|
||||
}
|
||||
|
||||
bool CookieServiceChild::RequireThirdPartyCheck() {
|
||||
return mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
|
||||
mCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN ||
|
||||
mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
|
||||
bool CookieServiceChild::RequireThirdPartyCheck(nsILoadInfo *aLoadInfo) {
|
||||
nsCOMPtr<nsICookieSettings> cookieSettings;
|
||||
nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
uint32_t cookieBehavior = cookieSettings->GetCookieBehavior();
|
||||
return cookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
|
||||
cookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN ||
|
||||
cookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
|
||||
mThirdPartySession || mThirdPartyNonsecureSession;
|
||||
}
|
||||
|
||||
@ -470,17 +473,12 @@ nsresult CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
aHostURI->GetScheme(scheme);
|
||||
if (scheme.EqualsLiteral("moz-nullprincipal")) return NS_OK;
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo;
|
||||
mozilla::OriginAttributes attrs;
|
||||
if (aChannel) {
|
||||
loadInfo = aChannel->LoadInfo();
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
}
|
||||
|
||||
// Asynchronously call the parent.
|
||||
bool isForeign = true;
|
||||
if (RequireThirdPartyCheck())
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
|
||||
if (RequireThirdPartyCheck(loadInfo)) {
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
|
||||
}
|
||||
|
||||
bool isTrackingResource = false;
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
@ -502,7 +500,7 @@ nsresult CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
|
||||
nsAutoCString result;
|
||||
GetCookieStringFromCookieHashTable(
|
||||
aHostURI, isForeign, isTrackingResource, firstPartyStorageAccessGranted,
|
||||
isSafeTopLevelNav, isSameSiteForeign, attrs, result);
|
||||
isSafeTopLevelNav, isSameSiteForeign, aChannel, result);
|
||||
|
||||
if (!result.IsEmpty()) *aCookieString = ToNewCString(result);
|
||||
|
||||
@ -525,8 +523,10 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
|
||||
// Determine whether the request is foreign. Failure is acceptable.
|
||||
bool isForeign = true;
|
||||
if (RequireThirdPartyCheck())
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
|
||||
if (RequireThirdPartyCheck(loadInfo)) {
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
|
||||
}
|
||||
|
||||
bool isTrackingResource = false;
|
||||
bool firstPartyStorageAccessGranted = false;
|
||||
@ -556,17 +556,21 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
aChannel->GetURI(getter_AddRefs(channelURI));
|
||||
SerializeURI(channelURI, channelURIParams);
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
MOZ_ASSERT(loadInfo);
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
} else {
|
||||
SerializeURI(nullptr, channelURIParams);
|
||||
}
|
||||
|
||||
Maybe<LoadInfoArgs> optionalLoadInfoArgs;
|
||||
LoadInfoToLoadInfoArgs(loadInfo, &optionalLoadInfoArgs);
|
||||
|
||||
// Asynchronously call the parent.
|
||||
if (mIPCOpen) {
|
||||
SendSetCookieString(hostURIParams, channelURIParams, isForeign,
|
||||
isTrackingResource, firstPartyStorageAccessGranted,
|
||||
cookieString, stringServerTime, attrs, aFromHttp);
|
||||
SendSetCookieString(hostURIParams, channelURIParams, optionalLoadInfoArgs,
|
||||
isForeign, isTrackingResource,
|
||||
firstPartyStorageAccessGranted, cookieString,
|
||||
stringServerTime, aFromHttp);
|
||||
}
|
||||
|
||||
bool requireHostMatch;
|
||||
@ -574,14 +578,14 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
nsCookieService::GetBaseDomain(mTLDService, aHostURI, baseDomain,
|
||||
requireHostMatch);
|
||||
|
||||
nsCOMPtr<nsICookiePermission> permissionService =
|
||||
nsCookiePermission::GetOrCreate();
|
||||
nsCOMPtr<nsICookieSettings> cookieSettings =
|
||||
nsCookieService::GetCookieSettings(aChannel);
|
||||
|
||||
CookieStatus cookieStatus = nsCookieService::CheckPrefs(
|
||||
permissionService, mCookieBehavior, mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI, isForeign, isTrackingResource,
|
||||
firstPartyStorageAccessGranted, aCookieString,
|
||||
CountCookiesFromHashTable(baseDomain, attrs), attrs, nullptr);
|
||||
cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
|
||||
isForeign, isTrackingResource, firstPartyStorageAccessGranted,
|
||||
aCookieString, CountCookiesFromHashTable(baseDomain, attrs), attrs,
|
||||
nullptr);
|
||||
|
||||
if (cookieStatus != STATUS_ACCEPTED &&
|
||||
cookieStatus != STATUS_ACCEPT_SESSION) {
|
||||
@ -620,6 +624,8 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
||||
}
|
||||
|
||||
if (canSetCookie) {
|
||||
nsCOMPtr<nsICookiePermission> permissionService =
|
||||
nsCookiePermission::GetOrCreate();
|
||||
SetCookieInternal(cookieAttributes, attrs, aChannel, aFromHttp,
|
||||
permissionService);
|
||||
}
|
||||
|
@ -19,6 +19,7 @@
|
||||
class nsCookie;
|
||||
class nsICookiePermission;
|
||||
class nsIEffectiveTLDService;
|
||||
class nsILoadInfo;
|
||||
|
||||
struct nsCookieAttributes;
|
||||
|
||||
@ -60,13 +61,10 @@ class CookieServiceChild : public PCookieServiceChild,
|
||||
nsresult GetCookieStringInternal(nsIURI *aHostURI, nsIChannel *aChannel,
|
||||
char **aCookieString);
|
||||
|
||||
void GetCookieStringFromCookieHashTable(nsIURI *aHostURI, bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign,
|
||||
const OriginAttributes &aAttrs,
|
||||
nsCString &aCookieString);
|
||||
void GetCookieStringFromCookieHashTable(
|
||||
nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav,
|
||||
bool aIsSameSiteForeign, nsIChannel *aChannel, nsCString &aCookieString);
|
||||
|
||||
nsresult SetCookieStringInternal(nsIURI *aHostURI, nsIChannel *aChannel,
|
||||
const char *aCookieString,
|
||||
@ -84,7 +82,7 @@ class CookieServiceChild : public PCookieServiceChild,
|
||||
|
||||
void PrefChanged(nsIPrefBranch *aPrefBranch);
|
||||
|
||||
bool RequireThirdPartyCheck();
|
||||
bool RequireThirdPartyCheck(nsILoadInfo *aLoadInfo);
|
||||
|
||||
mozilla::ipc::IPCResult RecvTrackCookiesLoad(
|
||||
nsTArray<CookieStruct> &&aCookiesList, const OriginAttributes &aAttrs);
|
||||
@ -107,7 +105,6 @@ class CookieServiceChild : public PCookieServiceChild,
|
||||
nsCOMPtr<nsITimer> mCookieTimer;
|
||||
nsCOMPtr<mozIThirdPartyUtil> mThirdPartyUtil;
|
||||
nsCOMPtr<nsIEffectiveTLDService> mTLDService;
|
||||
uint8_t mCookieBehavior;
|
||||
bool mThirdPartySession;
|
||||
bool mThirdPartyNonsecureSession;
|
||||
bool mIPCOpen;
|
||||
|
@ -28,28 +28,17 @@ namespace {
|
||||
|
||||
// Ignore failures from this function, as they only affect whether we do or
|
||||
// don't show a dialog box in private browsing mode if the user sets a pref.
|
||||
void CreateDummyChannel(nsIURI *aHostURI, nsIURI *aChannelURI,
|
||||
OriginAttributes &aAttrs, nsIChannel **aChannel) {
|
||||
nsCOMPtr<nsIPrincipal> principal =
|
||||
BasePrincipal::CreateCodebasePrincipal(aHostURI, aAttrs);
|
||||
if (!principal) {
|
||||
return;
|
||||
}
|
||||
|
||||
// The following channel is never openend, so it does not matter what
|
||||
// securityFlags we pass; let's follow the principle of least privilege.
|
||||
nsresult CreateDummyChannel(nsIURI *aHostURI, nsILoadInfo *aLoadInfo,
|
||||
nsIChannel **aChannel) {
|
||||
nsCOMPtr<nsIChannel> dummyChannel;
|
||||
NS_NewChannel(getter_AddRefs(dummyChannel), aChannelURI, principal,
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
|
||||
nsIContentPolicy::TYPE_INVALID);
|
||||
nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel =
|
||||
do_QueryInterface(dummyChannel);
|
||||
if (!pbChannel) {
|
||||
return;
|
||||
nsresult rv =
|
||||
NS_NewChannelInternal(getter_AddRefs(dummyChannel), aHostURI, aLoadInfo);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
pbChannel->SetPrivate(aAttrs.mPrivateBrowsingId > 0);
|
||||
dummyChannel.forget(aChannel);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
} // namespace
|
||||
@ -216,10 +205,10 @@ void CookieServiceParent::ActorDestroy(ActorDestroyReason aWhy) {
|
||||
|
||||
mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
|
||||
const URIParams &aHost, const Maybe<URIParams> &aChannelURI,
|
||||
const bool &aIsForeign, const bool &aIsTrackingResource,
|
||||
const Maybe<LoadInfoArgs> &aLoadInfoArgs, const bool &aIsForeign,
|
||||
const bool &aIsTrackingResource,
|
||||
const bool &aFirstPartyStorageAccessGranted, const nsCString &aCookieString,
|
||||
const nsCString &aServerTime, const OriginAttributes &aAttrs,
|
||||
const bool &aFromHttp) {
|
||||
const nsCString &aServerTime, const bool &aFromHttp) {
|
||||
if (!mCookieService) return IPC_OK();
|
||||
|
||||
// Deserialize URI. Having a host URI is mandatory and should always be
|
||||
@ -229,6 +218,10 @@ mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
|
||||
|
||||
nsCOMPtr<nsIURI> channelURI = DeserializeURI(aChannelURI);
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo;
|
||||
Unused << NS_WARN_IF(NS_FAILED(
|
||||
LoadInfoArgsToLoadInfo(aLoadInfoArgs, getter_AddRefs(loadInfo))));
|
||||
|
||||
// This is a gross hack. We've already computed everything we need to know
|
||||
// for whether to set this cookie or not, but we need to communicate all of
|
||||
// this information through to nsICookiePermission, which indirectly
|
||||
@ -237,19 +230,27 @@ mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
|
||||
// with aIsForeign before we have to worry about nsCookiePermission trying
|
||||
// to use the channel to inspect it.
|
||||
nsCOMPtr<nsIChannel> dummyChannel;
|
||||
CreateDummyChannel(hostURI, channelURI,
|
||||
const_cast<OriginAttributes &>(aAttrs),
|
||||
getter_AddRefs(dummyChannel));
|
||||
nsresult rv =
|
||||
CreateDummyChannel(channelURI, loadInfo, getter_AddRefs(dummyChannel));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
// No reason to kill the content process.
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
// NB: dummyChannel could be null if something failed in CreateDummyChannel.
|
||||
nsDependentCString cookieString(aCookieString, 0);
|
||||
|
||||
OriginAttributes attrs;
|
||||
if (loadInfo) {
|
||||
attrs = loadInfo->GetOriginAttributes();
|
||||
}
|
||||
|
||||
// We set this to true while processing this cookie update, to make sure
|
||||
// we don't send it back to the same content process.
|
||||
mProcessingCookie = true;
|
||||
mCookieService->SetCookieStringInternal(
|
||||
hostURI, aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted,
|
||||
cookieString, aServerTime, aFromHttp, aAttrs, dummyChannel);
|
||||
cookieString, aServerTime, aFromHttp, attrs, dummyChannel);
|
||||
mProcessingCookie = false;
|
||||
return IPC_OK();
|
||||
}
|
||||
|
@ -46,10 +46,12 @@ class CookieServiceParent : public PCookieServiceParent {
|
||||
|
||||
mozilla::ipc::IPCResult RecvSetCookieString(
|
||||
const URIParams &aHost, const Maybe<URIParams> &aChannelURI,
|
||||
const bool &aIsForeign, const bool &aIsTrackingResource,
|
||||
const Maybe<LoadInfoArgs> &aLoadInfoArgs, const bool &aIsForeign,
|
||||
const bool &aIsTrackingResource,
|
||||
const bool &aFirstPartyStorageAccessGranted,
|
||||
const nsCString &aCookieString, const nsCString &aServerTime,
|
||||
const OriginAttributes &aAttrs, const bool &aFromHttp);
|
||||
const bool &aFromHttp);
|
||||
|
||||
mozilla::ipc::IPCResult RecvPrepareCookieList(
|
||||
const URIParams &aHost, const bool &aIsForeign,
|
||||
const bool &aIsTackingResource,
|
||||
|
@ -40,6 +40,8 @@ parent:
|
||||
* Same as the 'aURI' argument to nsICookieService.setCookieString.
|
||||
* @param channelURI
|
||||
* The URI of the request.
|
||||
* @param loadInfoArgs
|
||||
* The optional serialization of nsILoadInfo.
|
||||
* @param isForeign
|
||||
* True if the the request is third party, for purposes of allowing
|
||||
* access to cookies. This should be obtained from
|
||||
@ -62,9 +64,6 @@ parent:
|
||||
* Whether the result is for an HTTP request header. This should be
|
||||
* true for nsICookieService.setCookieStringFromHttp calls, false
|
||||
* otherwise.
|
||||
* @param attrs
|
||||
* The origin attributes from the HTTP channel or document that the
|
||||
* cookie is being set on.
|
||||
*
|
||||
* @see nsICookieService.setCookieString
|
||||
* @see nsICookieService.setCookieStringFromHttp
|
||||
@ -72,12 +71,12 @@ parent:
|
||||
*/
|
||||
nested(inside_cpow) async SetCookieString(URIParams host,
|
||||
URIParams? channelURI,
|
||||
LoadInfoArgs? loadInfoArgs,
|
||||
bool isForeign,
|
||||
bool isTrackingResource,
|
||||
bool firstPartyStorageAccessGranted,
|
||||
nsCString cookieString,
|
||||
nsCString serverTime,
|
||||
OriginAttributes attrs,
|
||||
bool aFromHttp);
|
||||
|
||||
async PrepareCookieList(URIParams host,
|
||||
|
@ -37,6 +37,7 @@ if CONFIG['NECKO_COOKIES']:
|
||||
'nsCookieService.cpp',
|
||||
]
|
||||
LOCAL_INCLUDES += [
|
||||
'/dom/base',
|
||||
'/extensions/cookie',
|
||||
'/intl/uconv',
|
||||
]
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "mozilla/Printf.h"
|
||||
#include "mozilla/Unused.h"
|
||||
|
||||
#include "mozilla/net/CookieSettings.h"
|
||||
#include "mozilla/net/CookieServiceChild.h"
|
||||
#include "mozilla/net/NeckoCommon.h"
|
||||
|
||||
@ -125,7 +126,6 @@ static const uint32_t kMaxBytesPerCookie = 4096;
|
||||
static const uint32_t kMaxBytesPerPath = 1024;
|
||||
|
||||
// pref string constants
|
||||
static const char kPrefCookieBehavior[] = "network.cookie.cookieBehavior";
|
||||
static const char kPrefMaxNumberOfCookies[] = "network.cookie.maxNumber";
|
||||
static const char kPrefMaxCookiesPerHost[] = "network.cookie.maxPerHost";
|
||||
static const char kPrefCookieQuotaPerHost[] = "network.cookie.quotaPerHost";
|
||||
@ -586,7 +586,6 @@ NS_IMPL_ISUPPORTS(nsCookieService, nsICookieService, nsICookieManager,
|
||||
|
||||
nsCookieService::nsCookieService()
|
||||
: mDBState(nullptr),
|
||||
mCookieBehavior(nsICookieService::BEHAVIOR_ACCEPT),
|
||||
mThirdPartySession(false),
|
||||
mThirdPartyNonsecureSession(false),
|
||||
mMaxNumberOfCookies(kMaxNumberOfCookies),
|
||||
@ -612,7 +611,6 @@ nsresult nsCookieService::Init() {
|
||||
// init our pref and observer
|
||||
nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
|
||||
if (prefBranch) {
|
||||
prefBranch->AddObserver(kPrefCookieBehavior, this, true);
|
||||
prefBranch->AddObserver(kPrefMaxNumberOfCookies, this, true);
|
||||
prefBranch->AddObserver(kPrefMaxCookiesPerHost, this, true);
|
||||
prefBranch->AddObserver(kPrefCookiePurgeAge, this, true);
|
||||
@ -2005,6 +2003,24 @@ nsresult nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// static
|
||||
already_AddRefed<nsICookieSettings> nsCookieService::GetCookieSettings(
|
||||
nsIChannel *aChannel) {
|
||||
nsCOMPtr<nsICookieSettings> cookieSettings;
|
||||
if (aChannel) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
nsresult rv = loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
cookieSettings = CookieSettings::CreateBlockingAll();
|
||||
}
|
||||
} else {
|
||||
cookieSettings = CookieSettings::Create();
|
||||
}
|
||||
|
||||
MOZ_ASSERT(cookieSettings);
|
||||
return cookieSettings.forget();
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCookieService::SetCookieString(nsIURI *aHostURI, nsIPrompt *aPrompt,
|
||||
const char *aCookieHeader,
|
||||
@ -2138,6 +2154,7 @@ void nsCookieService::SetCookieStringInternal(
|
||||
}
|
||||
|
||||
nsCookieKey key(baseDomain, aOriginAttrs);
|
||||
nsCOMPtr<nsICookieSettings> cookieSettings = GetCookieSettings(aChannel);
|
||||
|
||||
// check default prefs
|
||||
uint32_t priorCookieCount = 0;
|
||||
@ -2146,10 +2163,9 @@ void nsCookieService::SetCookieStringInternal(
|
||||
aHostURI->GetHost(hostFromURI);
|
||||
CountCookiesFromHost(hostFromURI, &priorCookieCount);
|
||||
CookieStatus cookieStatus = CheckPrefs(
|
||||
mPermissionService, mCookieBehavior, mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI, aIsForeign, aIsTrackingResource,
|
||||
aFirstPartyStorageAccessGranted, aCookieHeader.get(), priorCookieCount,
|
||||
aOriginAttrs, &rejectedReason);
|
||||
cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted,
|
||||
aCookieHeader.get(), priorCookieCount, aOriginAttrs, &rejectedReason);
|
||||
|
||||
MOZ_ASSERT_IF(rejectedReason, cookieStatus == STATUS_REJECTED);
|
||||
|
||||
@ -2360,10 +2376,6 @@ nsCookieService::RunInTransaction(nsICookieTransactionCallback *aCallback) {
|
||||
|
||||
void nsCookieService::PrefChanged(nsIPrefBranch *aPrefBranch) {
|
||||
int32_t val;
|
||||
if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookieBehavior, &val)))
|
||||
mCookieBehavior =
|
||||
(uint8_t)LIMIT(val, 0, nsICookieService::BEHAVIOR_LAST, 0);
|
||||
|
||||
if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefMaxNumberOfCookies, &val)))
|
||||
mMaxNumberOfCookies = (uint16_t)LIMIT(val, 1, 0xFFFF, kMaxNumberOfCookies);
|
||||
|
||||
@ -3038,15 +3050,16 @@ void nsCookieService::GetCookiesForURI(
|
||||
return;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsICookieSettings> cookieSettings = GetCookieSettings(aChannel);
|
||||
|
||||
// check default prefs
|
||||
uint32_t rejectedReason = 0;
|
||||
uint32_t priorCookieCount = 0;
|
||||
CountCookiesFromHost(hostFromURI, &priorCookieCount);
|
||||
CookieStatus cookieStatus =
|
||||
CheckPrefs(mPermissionService, mCookieBehavior, mThirdPartySession,
|
||||
mThirdPartyNonsecureSession, aHostURI, aIsForeign,
|
||||
aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
|
||||
priorCookieCount, aOriginAttrs, &rejectedReason);
|
||||
CookieStatus cookieStatus = CheckPrefs(
|
||||
cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
|
||||
aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
|
||||
priorCookieCount, aOriginAttrs, &rejectedReason);
|
||||
|
||||
MOZ_ASSERT_IF(rejectedReason, cookieStatus == STATUS_REJECTED);
|
||||
|
||||
@ -3969,12 +3982,11 @@ static inline bool IsSubdomainOf(const nsCString &a, const nsCString &b) {
|
||||
}
|
||||
|
||||
CookieStatus nsCookieService::CheckPrefs(
|
||||
nsICookiePermission *aPermissionService, uint8_t aCookieBehavior,
|
||||
bool aThirdPartySession, bool aThirdPartyNonsecureSession, nsIURI *aHostURI,
|
||||
bool aIsForeign, bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted, const char *aCookieHeader,
|
||||
const int aNumOfCookies, const OriginAttributes &aOriginAttrs,
|
||||
uint32_t *aRejectedReason) {
|
||||
nsICookieSettings *aCookieSettings, bool aThirdPartySession,
|
||||
bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign,
|
||||
bool aIsTrackingResource, bool aFirstPartyStorageAccessGranted,
|
||||
const char *aCookieHeader, const int aNumOfCookies,
|
||||
const OriginAttributes &aOriginAttrs, uint32_t *aRejectedReason) {
|
||||
nsresult rv;
|
||||
|
||||
// Let's use a internal value in order to avoid a null check on
|
||||
@ -4006,25 +4018,19 @@ CookieStatus nsCookieService::CheckPrefs(
|
||||
|
||||
// check the permission list first; if we find an entry, it overrides
|
||||
// default prefs. see bug 184059.
|
||||
if (aPermissionService) {
|
||||
nsCookieAccess access;
|
||||
// Not passing an nsIChannel here is probably OK; our implementation
|
||||
// doesn't do anything with it anyway.
|
||||
rv = aPermissionService->CanAccess(principal, &access);
|
||||
uint32_t cookiePermission = nsICookiePermission::ACCESS_DEFAULT;
|
||||
rv = aCookieSettings->CookiePermission(principal, &cookiePermission);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
switch (cookiePermission) {
|
||||
case nsICookiePermission::ACCESS_DENY:
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader, "cookies are blocked for this site");
|
||||
*aRejectedReason =
|
||||
nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
|
||||
return STATUS_REJECTED;
|
||||
|
||||
// if we found an entry, use it
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
switch (access) {
|
||||
case nsICookiePermission::ACCESS_DENY:
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader, "cookies are blocked for this site");
|
||||
*aRejectedReason =
|
||||
nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
|
||||
return STATUS_REJECTED;
|
||||
|
||||
case nsICookiePermission::ACCESS_ALLOW:
|
||||
return STATUS_ACCEPTED;
|
||||
}
|
||||
case nsICookiePermission::ACCESS_ALLOW:
|
||||
return STATUS_ACCEPTED;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4032,7 +4038,8 @@ CookieStatus nsCookieService::CheckPrefs(
|
||||
// context, when anti-tracking protection is enabled and when we don't have
|
||||
// access to the first-party cookie jar.
|
||||
if (aIsForeign && aIsTrackingResource && !aFirstPartyStorageAccessGranted &&
|
||||
aCookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER) {
|
||||
aCookieSettings->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER) {
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader, "cookies are disabled in trackers");
|
||||
*aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER;
|
||||
@ -4043,7 +4050,8 @@ CookieStatus nsCookieService::CheckPrefs(
|
||||
// Check aFirstPartyStorageAccessGranted when checking aCookieBehavior
|
||||
// so that we take things such as the content blocking allow list into
|
||||
// account.
|
||||
if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT &&
|
||||
if (aCookieSettings->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT &&
|
||||
!aFirstPartyStorageAccessGranted) {
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader, "cookies are disabled");
|
||||
@ -4053,7 +4061,8 @@ CookieStatus nsCookieService::CheckPrefs(
|
||||
|
||||
// check if cookie is foreign
|
||||
if (aIsForeign) {
|
||||
if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN &&
|
||||
if (aCookieSettings->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_FOREIGN &&
|
||||
!aFirstPartyStorageAccessGranted) {
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader, "context is third party");
|
||||
@ -4061,7 +4070,8 @@ CookieStatus nsCookieService::CheckPrefs(
|
||||
return STATUS_REJECTED;
|
||||
}
|
||||
|
||||
if (aCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN &&
|
||||
if (aCookieSettings->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_LIMIT_FOREIGN &&
|
||||
!aFirstPartyStorageAccessGranted && aNumOfCookies == 0) {
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader, "context is third party");
|
||||
|
@ -8,6 +8,7 @@
|
||||
|
||||
#include "nsICookieService.h"
|
||||
#include "nsICookieManager.h"
|
||||
#include "nsICookiePermission.h"
|
||||
#include "nsIObserver.h"
|
||||
#include "nsWeakReference.h"
|
||||
|
||||
@ -38,6 +39,7 @@
|
||||
using mozilla::OriginAttributes;
|
||||
|
||||
class nsICookiePermission;
|
||||
class nsICookieSettings;
|
||||
class nsIEffectiveTLDService;
|
||||
class nsIIDNService;
|
||||
class nsIPrefBranch;
|
||||
@ -258,13 +260,16 @@ class nsCookieService final : public nsICookieService,
|
||||
nsIChannel *aChannel, bool &aSetCookie,
|
||||
mozIThirdPartyUtil *aThirdPartyUtil);
|
||||
static CookieStatus CheckPrefs(
|
||||
nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior,
|
||||
bool aThirdPartySession, bool aThirdPartyNonsecureSession,
|
||||
nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
|
||||
bool aIsFirstPartyStorageAccessGranted, const char *aCookieHeader,
|
||||
const int aNumOfCookies, const OriginAttributes &aOriginAttrs,
|
||||
uint32_t *aRejectedReason);
|
||||
nsICookieSettings *aCookieSettings, bool aThirdPartySession,
|
||||
bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign,
|
||||
bool aIsTrackingResource, bool aIsFirstPartyStorageAccessGranted,
|
||||
const char *aCookieHeader, const int aNumOfCookies,
|
||||
const OriginAttributes &aOriginAttrs, uint32_t *aRejectedReason);
|
||||
static int64_t ParseServerTime(const nsCString &aServerTime);
|
||||
|
||||
static already_AddRefed<nsICookieSettings> GetCookieSettings(
|
||||
nsIChannel *aChannel);
|
||||
|
||||
void GetCookiesForURI(nsIURI *aHostURI, nsIChannel *aChannel, bool aIsForeign,
|
||||
bool aIsTrackingResource,
|
||||
bool aFirstPartyStorageAccessGranted,
|
||||
@ -398,9 +403,6 @@ class nsCookieService final : public nsICookieService,
|
||||
RefPtr<DBState> mDefaultDBState;
|
||||
RefPtr<DBState> mPrivateDBState;
|
||||
|
||||
// cached prefs
|
||||
uint8_t mCookieBehavior; // BEHAVIOR_{ACCEPT, REJECTFOREIGN, REJECT,
|
||||
// LIMITFOREIGN}
|
||||
bool mThirdPartySession;
|
||||
bool mThirdPartyNonsecureSession;
|
||||
uint16_t mMaxNumberOfCookies;
|
||||
|
Loading…
Reference in New Issue
Block a user