mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-25 19:25:43 +00:00
Bug 1224579: [webext] Fix the handling of domain cookies. r=evilpie
--HG-- extra : commitid : 90fX4lH7xMk extra : rebase_source : a553deb3f3f8863d8aa0712ba0b7e286f22fa619
This commit is contained in:
parent
a31ad54f9b
commit
fbbdff2da8
@ -71,10 +71,19 @@ function checkSetCookiePermissions(extension, uri, cookie) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// The cookie service ignores any leading '.' passed in, but adds one if the
|
||||
// proposed domain is not the exact domain of the URL. So start by stripping
|
||||
// it off.
|
||||
cookie.host = cookie.host.replace(/^\./, "");
|
||||
if (!cookie.host) {
|
||||
// If no explicit host is specified, this becomes a host-only cookie.
|
||||
cookie.host = uri.host;
|
||||
return true;
|
||||
}
|
||||
|
||||
// A leading "." is not expected, but is tolerated if it's not the only
|
||||
// character in the host. If there is one, start by stripping it off. We'll
|
||||
// add a new one on success.
|
||||
if (cookie.host.length > 1) {
|
||||
cookie.host = cookie.host.replace(/^\./, "");
|
||||
}
|
||||
cookie.host = cookie.host.toLowerCase();
|
||||
|
||||
if (cookie.host != uri.host) {
|
||||
// Not an exact match, so check for a valid subdomain.
|
||||
@ -104,11 +113,12 @@ function checkSetCookiePermissions(extension, uri, cookie) {
|
||||
|
||||
// RFC2109 suggests that we may only add cookies for sub-domains 1-level
|
||||
// below us, but enforcing that would break the web, so we don't.
|
||||
|
||||
// This is a valid sub-domain cookie, so add (or re-add) a leading dot.
|
||||
cookie.host = "." + cookie.host;
|
||||
}
|
||||
|
||||
// An explicit domain was passed, so add a leading "." to make this a
|
||||
// domain cookie.
|
||||
cookie.host = "." + cookie.host;
|
||||
|
||||
// We don't do any significant checking of path permissions. RFC2109
|
||||
// suggests we only allow sites to add cookies for sub-paths, similar to
|
||||
// same origin policy enforcement, but no-one implements this.
|
||||
@ -252,13 +262,6 @@ extensions.registerSchemaAPI("cookies", "cookies", (extension, context) => {
|
||||
set: function(details, callback) {
|
||||
let uri = NetUtil.newURI(details.url).QueryInterface(Ci.nsIURL);
|
||||
|
||||
let domain;
|
||||
if (details.domain !== null) {
|
||||
domain = details.domain.toLowerCase();
|
||||
} else {
|
||||
domain = uri.host; // "If omitted, the cookie becomes a host-only cookie."
|
||||
}
|
||||
|
||||
let path;
|
||||
if (details.path !== null) {
|
||||
path = details.path;
|
||||
@ -278,7 +281,7 @@ extensions.registerSchemaAPI("cookies", "cookies", (extension, context) => {
|
||||
let expiry = isSession ? 0 : details.expirationDate;
|
||||
// Ignore storeID.
|
||||
|
||||
let cookieAttrs = { host: domain, path: path, isSecure: secure };
|
||||
let cookieAttrs = { host: details.domain, path: path, isSecure: secure };
|
||||
if (checkSetCookiePermissions(extension, uri, cookieAttrs)) {
|
||||
// TODO: Set |lastError| when false.
|
||||
//
|
||||
|
@ -113,20 +113,22 @@ function* testCookies(options) {
|
||||
|
||||
let cookieSvc = SpecialPowers.Services.cookies;
|
||||
|
||||
let domain = options.domain.replace(/^\.?/, ".");
|
||||
|
||||
// This will be evicted after we add a fourth cookie.
|
||||
cookieSvc.add(options.domain, "/", "evicted", "bar", options.secure, false, false, options.expiry);
|
||||
cookieSvc.add(domain, "/", "evicted", "bar", options.secure, false, false, options.expiry);
|
||||
// This will be modified by the background script.
|
||||
cookieSvc.add(options.domain, "/", "foo", "bar", options.secure, false, false, options.expiry);
|
||||
cookieSvc.add(domain, "/", "foo", "bar", options.secure, false, false, options.expiry);
|
||||
// This will be deleted by the background script.
|
||||
cookieSvc.add(options.domain, "/", "deleted", "bar", options.secure, false, false, options.expiry);
|
||||
cookieSvc.add(domain, "/", "deleted", "bar", options.secure, false, false, options.expiry);
|
||||
|
||||
|
||||
yield extension.startup();
|
||||
|
||||
yield extension.awaitMessage("change-cookies");
|
||||
cookieSvc.add(options.domain, "/", "x", "y", options.secure, false, false, options.expiry);
|
||||
cookieSvc.add(options.domain, "/", "x", "z", options.secure, false, false, options.expiry);
|
||||
cookieSvc.remove(options.domain, "x", "/", false);
|
||||
cookieSvc.add(domain, "/", "x", "y", options.secure, false, false, options.expiry);
|
||||
cookieSvc.add(domain, "/", "x", "z", options.secure, false, false, options.expiry);
|
||||
cookieSvc.remove(domain, "x", "/", false);
|
||||
extension.sendMessage("cookies-changed");
|
||||
|
||||
yield extension.awaitFinish("cookie-permissions");
|
||||
@ -177,7 +179,7 @@ function* testCookies(options) {
|
||||
}
|
||||
|
||||
for (let cookie of cookies) {
|
||||
cookieSvc.remove(options.domain, cookie.name, "/", false);
|
||||
cookieSvc.remove(cookie.host, cookie.name, "/", false);
|
||||
}
|
||||
// Make sure we don't silently poison subsequent tests if something goes wrong.
|
||||
is(getCookies(options.domain).length, 0, "cookies cleared");
|
||||
|
Loading…
Reference in New Issue
Block a user