diff --git a/netwerk/cookie/CookieCommons.cpp b/netwerk/cookie/CookieCommons.cpp index 2447b177c8ea..675f97a41854 100644 --- a/netwerk/cookie/CookieCommons.cpp +++ b/netwerk/cookie/CookieCommons.cpp @@ -545,38 +545,6 @@ bool CookieCommons::ShouldIncludeCrossSiteCookie(int32_t aSameSiteAttr, return aSameSiteAttr == nsICookie::SAMESITE_NONE; } -// static -bool CookieCommons::IsFirstPartyPartitionedCookieWithoutCHIPS( - Cookie* aCookie, const nsACString& aBaseDomain, - const OriginAttributes& aOriginAttributes) { - MOZ_ASSERT(aCookie); - - // The cookie is set with partitioned attribute. This is a CHIPS cookies. - if (aCookie->RawIsPartitioned()) { - return false; - } - - // The originAttributes is not partitioned. This is not a partitioned cookie. - if (aOriginAttributes.mPartitionKey.IsEmpty()) { - return false; - } - - nsAutoString scheme; - nsAutoString baseDomain; - int32_t port; - bool foreignByAncestorContext; - // Bail out early if the partition key is not valid. - if (!OriginAttributes::ParsePartitionKey(aOriginAttributes.mPartitionKey, - scheme, baseDomain, port, - foreignByAncestorContext)) { - return false; - } - - // Check whether the base domain of the cookie match the base domain in the - // partitionKey. - return aBaseDomain.Equals(NS_ConvertUTF16toUTF8(baseDomain)); -} - bool CookieCommons::IsSafeTopLevelNav(nsIChannel* aChannel) { if (!aChannel) { return false; diff --git a/netwerk/cookie/CookieCommons.h b/netwerk/cookie/CookieCommons.h index 8d52730872b7..ef7e57745a13 100644 --- a/netwerk/cookie/CookieCommons.h +++ b/netwerk/cookie/CookieCommons.h @@ -126,10 +126,6 @@ class CookieCommons final { bool aInPrivateBrowsing, bool aUsingStorageAccess); - static bool IsFirstPartyPartitionedCookieWithoutCHIPS( - Cookie* aCookie, const nsACString& aBaseDomain, - const OriginAttributes& aOriginAttributes); - static bool IsSchemeSupported(nsIPrincipal* aPrincipal); static bool IsSchemeSupported(nsIURI* aURI); static bool IsSchemeSupported(const nsACString& aScheme); diff --git a/netwerk/cookie/CookiePersistentStorage.cpp b/netwerk/cookie/CookiePersistentStorage.cpp index 303a69601cb7..ffabb5b31669 100644 --- a/netwerk/cookie/CookiePersistentStorage.cpp +++ b/netwerk/cookie/CookiePersistentStorage.cpp @@ -1826,23 +1826,6 @@ void CookiePersistentStorage::InitDBConn() { // evicted. RefPtr cookie = Cookie::CreateValidated(*tuple.cookie, tuple.originAttributes); - - // Clean up the invalid first-party partitioned cookies that don't have - // the 'partitioned' cookie attribution. This will also ensure that we don't - // read the cookie into memory. - if (CookieCommons::IsFirstPartyPartitionedCookieWithoutCHIPS( - cookie, tuple.key.mBaseDomain, tuple.key.mOriginAttributes)) { - // We cannot directly use the cookie after validation because the - // timestamps could be different from the cookies in DB. So, we need to - // create one from the cookie struct. - RefPtr invalidCookie = - Cookie::Create(*tuple.cookie, tuple.originAttributes); - cleanupCookies.AppendElement(invalidCookie); - mozilla::glean::networking:: - cookie_count_invalid_first_party_partitioned_in_db.Add(1); - continue; - } - AddCookieToList(tuple.key.mBaseDomain, tuple.key.mOriginAttributes, cookie); } diff --git a/netwerk/cookie/CookieServiceChild.cpp b/netwerk/cookie/CookieServiceChild.cpp index 2d59fe564f37..d4aeb7be6660 100644 --- a/netwerk/cookie/CookieServiceChild.cpp +++ b/netwerk/cookie/CookieServiceChild.cpp @@ -308,17 +308,6 @@ CookieServiceChild::RecordDocumentCookie(Cookie* aCookie, CookieCommons::GetBaseDomainFromHost(mTLDService, aCookie->Host(), baseDomain); - if (CookieCommons::IsFirstPartyPartitionedCookieWithoutCHIPS( - aCookie, baseDomain, aAttrs)) { - COOKIE_LOGSTRING(LogLevel::Error, - ("Invalid first-party partitioned cookie without " - "partitioned cookie attribution from the document.")); - mozilla::glean::networking::set_invalid_first_party_partitioned_cookie.Add( - 1); - MOZ_DIAGNOSTIC_ASSERT(false); - return CookieNotificationAction::NoActionNeeded; - } - CookieKey key(baseDomain, aAttrs); CookiesList* cookiesList = nullptr; mCookiesMap.Get(key, &cookiesList); diff --git a/netwerk/cookie/CookieStorage.cpp b/netwerk/cookie/CookieStorage.cpp index 17885fc69486..096f1ff96587 100644 --- a/netwerk/cookie/CookieStorage.cpp +++ b/netwerk/cookie/CookieStorage.cpp @@ -602,17 +602,6 @@ void CookieStorage::AddCookie(CookieParser* aCookieParser, bool aFromHttp, bool aIsThirdParty, dom::BrowsingContext* aBrowsingContext, const nsID* aOperationID) { - if (CookieCommons::IsFirstPartyPartitionedCookieWithoutCHIPS( - aCookie, aBaseDomain, aOriginAttributes)) { - COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, - "Invalid first-party partitioned cookie without " - "partitioned cookie attribution."); - mozilla::glean::networking::set_invalid_first_party_partitioned_cookie.Add( - 1); - MOZ_DIAGNOSTIC_ASSERT(false); - return; - } - int64_t currentTime = aCurrentTimeInUsec / PR_USEC_PER_SEC; CookieListIter exactIter{}; diff --git a/netwerk/metrics.yaml b/netwerk/metrics.yaml index db5644ffcea8..8c24ae47f905 100644 --- a/netwerk/metrics.yaml +++ b/netwerk/metrics.yaml @@ -215,36 +215,6 @@ networking: - edgul@mozilla.com expires: 146 - cookie_count_invalid_first_party_partitioned_in_db: - type: counter - description: > - This counts the number of invalid first-party partitioned cookies that - don't have the partitioned cookie attribution(CHIPS). - bugs: - - https://bugzilla.mozilla.org/1922193 - data_reviews: - - https://bugzilla.mozilla.org/1922193 - notification_emails: - - bvandersloot@mozilla.com - - tihuang@mozilla.com - - edgul@mozilla.com - expires: 146 - - set_invalid_first_party_partitioned_cookie: - type: counter - description: > - This counts the number of times we set an invalid first-party partitioned - cookie. - bugs: - - https://bugzilla.mozilla.org/1922193 - data_reviews: - - https://bugzilla.mozilla.org/1922193 - notification_emails: - - bvandersloot@mozilla.com - - tihuang@mozilla.com - - edgul@mozilla.com - expires: 146 - cookie_purge_max: type: custom_distribution description: > diff --git a/netwerk/test/unit/test_remove_invalid_first_party_partitioned_cookie.js b/netwerk/test/unit/test_remove_invalid_first_party_partitioned_cookie.js deleted file mode 100644 index 177300feb29d..000000000000 --- a/netwerk/test/unit/test_remove_invalid_first_party_partitioned_cookie.js +++ /dev/null @@ -1,201 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - http://creativecommons.org/publicdomain/zero/1.0/ */ - -// The test ensure we remove first-party partitioned cookies that don't have -// partitioned attribute. - -add_task(async function run_test() { - // Set up a profile. - let profile = do_get_profile(); - - // Start the cookieservice, to force creation of a database. - Services.cookies.sessionCookies; - - // Close the profile. - await promise_close_profile(); - - // Create a schema 14 database. - let schema14db = new CookieDatabaseConnection( - do_get_cookie_file(profile), - 14 - ); - - let now = Math.round(Date.now() / 1000); - - // Create an invalid first-party partitioned cookie. - let invalidFPCookie = new Cookie( - "invalid", - "bad", - "example.com", - "/", - now + 34560000, - now, - now, - false, // isSession - true, // isSecure - false, // isHttpOnly - false, // isBrowserElement - { partitionKey: "(https,example.com)" }, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SCHEME_UNSET, - false // isPartitioned - ); - schema14db.insertCookie(invalidFPCookie); - - // Create a valid first-party partitioned cookie(CHIPS). - let valid1stCHIPS = new Cookie( - "valid1stCHIPS", - "good", - "example.com", - "/", - now + 34560000, - now, - now, - false, // isSession - true, // isSecure - false, // isHttpOnly - false, // isBrowserElement - { partitionKey: "(https,example.com)" }, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SCHEME_UNSET, - true // isPartitioned - ); - schema14db.insertCookie(valid1stCHIPS); - - // Create a valid unpartitioned cookie. - let unpartitionedCookie = new Cookie( - "valid", - "good", - "example.com", - "/", - now + 34560000, - now, - now, - false, // isSession - true, // isSecure - false, // isHttpOnly - false, // isBrowserElement - {}, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SCHEME_UNSET, - false // isPartitioned - ); - schema14db.insertCookie(unpartitionedCookie); - - // Create valid third-party partitioned TCP cookie. - let valid3rdTCPCookie = new Cookie( - "valid3rdTCP", - "good", - "example.com", - "/", - now + 34560000, - now, - now, - false, // isSession - true, // isSecure - false, // isHttpOnly - false, // isBrowserElement - { partitionKey: "(https,example.org)" }, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SCHEME_UNSET, - false // isPartitioned - ); - schema14db.insertCookie(valid3rdTCPCookie); - - // Create valid third-party partitioned CHIPS cookie. - let valid3rdCHIPSCookie = new Cookie( - "valid3rdCHIPS", - "good", - "example.com", - "/", - now + 34560000, - now, - now, - false, // isSession - true, // isSecure - false, // isHttpOnly - false, // isBrowserElement - { partitionKey: "(https,example.org)" }, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SAMESITE_NONE, - Ci.nsICookie.SCHEME_UNSET, - true // isPartitioned - ); - schema14db.insertCookie(valid3rdCHIPSCookie); - - schema14db.close(); - schema14db = null; - - // Check if we have the right testing entries - { - const dbConnection = Services.storage.openDatabase( - do_get_cookie_file(profile) - ); - const stmt = dbConnection.createStatement( - "SELECT count(name) FROM moz_cookies WHERE host = 'example.com';" - ); - const success = stmt.executeStep(); - Assert.ok(success); - - const count = stmt.getInt32(0); - Assert.equal(count, 5); - stmt.finalize(); - dbConnection.close(); - } - - // Reload profile. - await promise_load_profile(); - - // Check the number of unpartitioned cookies is correct, and we only have - // good cookies. - let cookies = Services.cookies.getCookiesFromHost("example.com", {}); - Assert.equal(cookies.length, 1); - for (const cookie of cookies) { - Assert.equal(cookie.value, "good"); - } - - // Check the number of first-party partitioned cookies is correct, and we only - // have good cookies. - cookies = Services.cookies.getCookiesFromHost("example.com", { - partitionKey: "(https,example.com)", - }); - Assert.equal(cookies.length, 1); - for (const cookie of cookies) { - Assert.equal(cookie.value, "good"); - } - - // Check the number of third-party partitioned cookies is correct, and we only - // have good cookies. - cookies = Services.cookies.getCookiesFromHost("example.com", { - partitionKey: "(https,example.org)", - }); - Assert.equal(cookies.length, 2); - for (const cookie of cookies) { - Assert.equal(cookie.value, "good"); - } - - // Ensure the invalid cookies is gone in the DB. - { - const dbConnection = Services.storage.openDatabase( - do_get_cookie_file(profile) - ); - const stmt = dbConnection.createStatement( - "SELECT count(name) FROM moz_cookies WHERE value = 'bad';" - ); - const success = stmt.executeStep(); - Assert.ok(success); - - const count = stmt.getInt32(0); - Assert.equal(count, 0); - stmt.finalize(); - dbConnection.close(); - } - - // Cleanup - Services.cookies.removeAll(); - do_close_profile(); -}); diff --git a/netwerk/test/unit/xpcshell.toml b/netwerk/test/unit/xpcshell.toml index cc30554231bf..8816849a92c6 100644 --- a/netwerk/test/unit/xpcshell.toml +++ b/netwerk/test/unit/xpcshell.toml @@ -1070,8 +1070,6 @@ skip-if = [ ["test_referrer_policy.js"] -["test_remove_invalid_first_party_partitioned_cookie.js"] - ["test_reopen.js"] ["test_reply_without_content_type.js"]