corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1475599 - part 2 - CookieStore API - IPDL, r=edgul,webidl,smaug

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D215145
This commit is contained in:
Andrea Marchesini
2024-09-11 16:26:55 +00:00
parent 318811c5f4
commit 97580f39c2
26 changed files with 1666 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
dom/base/Document.cpp
View File

@@ -6551,43 +6551,28 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
aCookie.Truncate(); // clear current cookie in case service fails;
// no cookie isn't an error condition.
if (mDisableCookieAccess) {
return;
}
nsCOMPtr<nsIPrincipal> cookiePrincipal;
nsCOMPtr<nsIPrincipal> cookiePartitionedPrincipal;
// If the document's sandboxed origin flag is set, then reading cookies
// is prohibited.
if (mSandboxFlags & SANDBOXED_ORIGIN) {
aRv.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return;
}
// GTests do not create an inner window and because of these a few security
// checks will block this method.
if (!StaticPrefs::dom_cookie_testing_enabled()) {
StorageAccess storageAccess = CookieAllowedForDocument(this);
if (storageAccess == StorageAccess::eDeny) {
CookieCommons::SecurityChecksResult checkResult =
CookieCommons::CheckGlobalAndRetrieveCookiePrincipals(
this, getter_AddRefs(cookiePrincipal),
getter_AddRefs(cookiePartitionedPrincipal));
switch (checkResult) {
case CookieCommons::SecurityChecksResult::eSandboxedError:
aRv.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return;
}
if (ShouldPartitionStorage(storageAccess) &&
!StoragePartitioningEnabled(storageAccess, CookieJarSettings())) {
case CookieCommons::SecurityChecksResult::eSecurityError:
[[fallthrough]];
case CookieCommons::SecurityChecksResult::eDoNotContinue:
return;
}
// If the document is a cookie-averse Document... return the empty string.
if (IsCookieAverse()) {
return;
}
}
// not having a cookie service isn't an error
nsCOMPtr<nsICookieService> service =
do_GetService(NS_COOKIESERVICE_CONTRACTID);
if (!service) {
return;
case CookieCommons::SecurityChecksResult::eContinue:
break;
}
bool thirdParty = true;
@@ -6603,35 +6588,13 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
}
}
nsCOMPtr<nsIPrincipal> cookiePrincipal = EffectiveCookiePrincipal();
nsTArray<nsCOMPtr<nsIPrincipal>> principals;
MOZ_ASSERT(cookiePrincipal);
principals.AppendElement(cookiePrincipal);
// CHIPS - If CHIPS is enabled the partitioned cookie jar is always available
// (and therefore the partitioned principal), the unpartitioned cookie jar is
// only available in first-party or third-party with storageAccess contexts.
// In both cases, the document will have storage access.
bool isCHIPS = StaticPrefs::network_cookie_CHIPS_enabled() &&
CookieJarSettings()->GetPartitionForeign();
bool documentHasStorageAccess = false;
nsresult rv = HasStorageAccessSync(documentHasStorageAccess);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
if (isCHIPS && documentHasStorageAccess) {
// Assert that the cookie principal is unpartitioned.
MOZ_ASSERT(cookiePrincipal->OriginAttributesRef().mPartitionKey.IsEmpty());
// Only append the partitioned originAttributes if the partitionKey is set.
// The partitionKey could be empty for partitionKey in partitioned
// originAttributes if the document is for privilege context, such as the
// extension's background page.
if (!PartitionedPrincipal()
->OriginAttributesRef()
.mPartitionKey.IsEmpty()) {
principals.AppendElement(PartitionedPrincipal());
}
if (cookiePartitionedPrincipal) {
principals.AppendElement(cookiePartitionedPrincipal);
}
nsTArray<RefPtr<Cookie>> cookieList;
@@ -6639,13 +6602,16 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
int64_t currentTimeInUsec = PR_Now();
int64_t currentTime = currentTimeInUsec / PR_USEC_PER_SEC;
for (auto& principal : principals) {
if (!CookieCommons::IsSchemeSupported(principal)) {
return;
}
// not having a cookie service isn't an error
nsCOMPtr<nsICookieService> service =
do_GetService(NS_COOKIESERVICE_CONTRACTID);
if (!service) {
return;
}
for (auto& principal : principals) {
nsAutoCString baseDomain;
rv = CookieCommons::GetBaseDomain(principal, baseDomain);
nsresult rv = CookieCommons::GetBaseDomain(principal, baseDomain);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
@@ -6740,32 +6706,26 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
}
void Document::SetCookie(const nsAString& aCookieString, ErrorResult& aRv) {
if (mDisableCookieAccess) {
return;
}
nsCOMPtr<nsIPrincipal> cookiePrincipal;
// If the document's sandboxed origin flag is set, then setting cookies
// is prohibited.
if (mSandboxFlags & SANDBOXED_ORIGIN) {
aRv.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return;
}
CookieCommons::SecurityChecksResult checkResult =
CookieCommons::CheckGlobalAndRetrieveCookiePrincipals(
this, getter_AddRefs(cookiePrincipal), nullptr);
switch (checkResult) {
case CookieCommons::SecurityChecksResult::eSandboxedError:
aRv.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return;
StorageAccess storageAccess = CookieAllowedForDocument(this);
if (storageAccess == StorageAccess::eDeny) {
return;
}
case CookieCommons::SecurityChecksResult::eSecurityError:
[[fallthrough]];
if (ShouldPartitionStorage(storageAccess) &&
!StoragePartitioningEnabled(storageAccess, CookieJarSettings())) {
return;
}
case CookieCommons::SecurityChecksResult::eDoNotContinue:
return;
// If the document is a cookie-averse Document... do nothing.
if (IsCookieAverse()) {
return;
case CookieCommons::SecurityChecksResult::eContinue:
break;
}
if (!mDocumentURI) {