Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-27 23:02:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1748693 - remove MaybeCompareSchemes(Logging), disable samesite-schemeful for release r=dveditz,dragana

Browse Source 
This removes a part of the erroneous scheme-comparison and the logging
that was implemented in those functions. The tests for that logging were
also removed.

Differential Revision: https://phabricator.services.mozilla.com/D136229
This commit is contained in:
Frederik Braun 2022-03-02 14:58:02 +00:00
parent 474f23b35d
commit bdfe418051
3 changed files with 37 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
netwerk/cookie/CookieService.cpp
View File

@ -325,9 +325,6 @@ CookieService::GetCookieStringFromDocument(Document* aDocument,
return NS_OK;
}
nsICookie::schemeType schemeType =
CookieCommons::PrincipalToSchemeType(principal);
CookieStorage* storage = PickStorage(principal->OriginAttributesRef());
nsAutoCString baseDomain;
@ -400,10 +397,6 @@ CookieService::GetCookieStringFromDocument(Document* aDocument,
continue;
}
if (!CookieCommons::MaybeCompareScheme(cookie, schemeType)) {
continue;
}
// if the nsIURI path doesn't match the cookie path, don't send it back
if (!CookieCommons::PathMatches(cookie, pathFromURI)) {
continue;
@ -925,8 +918,6 @@ void CookieService::GetCookiesForURI(
baseDomainFromURI);
NS_ENSURE_SUCCESS_VOID(rv);
nsICookie::schemeType schemeType = CookieCommons::URIToSchemeType(aHostURI);
// check default prefs
uint32_t rejectedReason = aRejectedReason;
uint32_t priorCookieCount = storage->CountCookiesFromHost(
@ -993,12 +984,6 @@ void CookieService::GetCookiesForURI(
continue;
}
// The scheme doesn't match.
if (!CookieCommons::MaybeCompareSchemeWithLogging(crc, aHostURI, cookie,
schemeType)) {
continue;
}
if (aHttpBound && aIsSameSiteForeign &&
!ProcessSameSiteCookieForForeignRequest(
aChannel, cookie, aIsSafeTopLevelNav, laxByDefault)) {

7
netwerk/cookie/CookieServiceChild.cpp
View File

@ -344,9 +344,6 @@ CookieServiceChild::GetCookieStringFromDocument(dom::Document* aDocument,
return NS_OK;
}
nsICookie::schemeType schemeType =
CookieCommons::PrincipalToSchemeType(principal);
nsAutoCString baseDomain;
nsresult rv = CookieCommons::GetBaseDomain(principal, baseDomain);
if (NS_WARN_IF(NS_FAILED(rv))) {
@ -411,10 +408,6 @@ CookieServiceChild::GetCookieStringFromDocument(dom::Document* aDocument,
continue;
}
if (!CookieCommons::MaybeCompareScheme(cookie, schemeType)) {
continue;
}
// if the nsIURI path doesn't match the cookie path, don't send it back
if (!CookieCommons::PathMatches(cookie, pathFromURI)) {
continue;

137
netwerk/cookie/test/unit/test_schemeMap.js
View File

@ -108,47 +108,61 @@ add_task(async _ => {
let cs = Cc["@mozilla.org/cookieService;1"].getService(Ci.nsICookieService);
info("Let's set a cookie from HTTP example.org");
info(
`Testing schemefulSameSite=${schemefulComparison}. Let's set a cookie from HTTPS example.org`
);
let uri = NetUtil.newURI("https://example.org/");
let principal = Services.scriptSecurityManager.createContentPrincipal(
uri,
let https_uri = NetUtil.newURI("https://example.org/");
let https_principal = Services.scriptSecurityManager.createContentPrincipal(
https_uri,
{}
);
let channel = NetUtil.newChannel({
uri,
loadingPrincipal: principal,
let same_site_channel = NetUtil.newChannel({
uri: https_uri,
loadingPrincipal: https_principal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
});
cs.setCookieStringFromHttp(uri, "a=b; sameSite=lax", channel);
cs.setCookieStringFromHttp(
https_uri,
"a=b; sameSite=lax",
same_site_channel
);
let cookies = Services.cookies.getCookieStringFromHttp(uri, channel);
let cookies = Services.cookies.getCookieStringFromHttp(
https_uri,
same_site_channel
);
Assert.equal(cookies, "a=b", "Cookies match");
uri = NetUtil.newURI("http://example.org/");
principal = Services.scriptSecurityManager.createContentPrincipal(uri, {});
channel = NetUtil.newChannel({
uri,
loadingPrincipal: principal,
let http_uri = NetUtil.newURI("http://example.org/");
let http_principal = Services.scriptSecurityManager.createContentPrincipal(
http_uri,
{}
);
let cross_site_channel = NetUtil.newChannel({
uri: https_uri,
loadingPrincipal: http_principal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
});
cookies = Services.cookies.getCookieStringFromHttp(uri, channel);
cookies = Services.cookies.getCookieStringFromHttp(
http_uri,
cross_site_channel
);
if (schemefulComparison) {
Assert.equal(cookies, "", "No cookie for different scheme!");
Assert.equal(cookies, "", "No http(s) cookie for different scheme!");
} else {
Assert.equal(cookies, "a=b", "Cookie even for different scheme!");
Assert.equal(cookies, "a=b", "http(s) Cookie even for differentscheme!");
}
cookies = await CookieXPCShellUtils.getCookieStringFromDocument(uri.spec);
if (schemefulComparison) {
Assert.equal(cookies, "", "No cookie for different scheme!");
} else {
Assert.equal(cookies, "a=b", "Cookie even for different scheme!");
}
// SameSite cookies are included via document.domain
cookies = await CookieXPCShellUtils.getCookieStringFromDocument(
http_uri.spec
);
Assert.equal(cookies, "a=b", "document.cookie even for different scheme!");
Services.cookies.removeAll();
Services.prefs.clearUserPref("dom.security.https_first");
@ -207,80 +221,3 @@ add_task(async _ => {
Services.cookies.removeAll();
Services.prefs.clearUserPref("dom.security.https_first");
});
[
{
prefValue: true,
consoleMessage: `Cookie “a” has been treated as cross-site against “http://example.org/” because the scheme does not match.`,
},
{
prefValue: false,
consoleMessage: `Cookie “a” will be soon treated as cross-site cookie against “http://example.org/” because the scheme does not match.`,
},
].forEach(test => {
add_task(async () => {
do_get_profile();
Services.prefs.setBoolPref("dom.security.https_first", false);
maybeInitializeCookieXPCShellUtils();
// Allow all cookies if the pref service is available in this process.
if (!inChildProcess()) {
Services.prefs.setBoolPref(
"network.cookie.sameSite.schemeful",
test.prefValue
);
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
Services.prefs.setBoolPref(
"network.cookieJarSettings.unblocked_for_testing",
true
);
}
let cs = Cc["@mozilla.org/cookieService;1"].getService(Ci.nsICookieService);
info("Let's set a cookie from HTTPS example.org");
let uri = NetUtil.newURI("https://example.org/");
let principal = Services.scriptSecurityManager.createContentPrincipal(
uri,
{}
);
let channel = NetUtil.newChannel({
uri,
loadingPrincipal: principal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
});
cs.setCookieStringFromHttp(uri, "a=b; sameSite=lax", channel);
// Create a console listener.
let consolePromise = new Promise(resolve => {
let listener = {
observe(message) {
// Ignore unexpected messages.
if (!(message instanceof Ci.nsIConsoleMessage)) {
return;
}
if (message.message.includes(test.consoleMessage)) {
Services.console.unregisterListener(listener);
resolve();
}
},
};
Services.console.registerListener(listener);
});
const contentPage = await CookieXPCShellUtils.loadContentPage(
"http://example.org/"
);
await contentPage.close();
await consolePromise;
Services.cookies.removeAll();
Services.prefs.clearUserPref("dom.security.https_first");
});
});