diff options
Diffstat (limited to 'netwerk/cookie/CookieCommons.cpp')
| -rw-r--r-- | netwerk/cookie/CookieCommons.cpp | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/netwerk/cookie/CookieCommons.cpp b/netwerk/cookie/CookieCommons.cpp index 9b26fc4a6e..4c4ae0c848 100644 --- a/netwerk/cookie/CookieCommons.cpp +++ b/netwerk/cookie/CookieCommons.cpp @@ -349,10 +349,6 @@ already_AddRefed<Cookie> CookieCommons::CreateCookieFromDocument( std::function<bool(const nsACString&, const OriginAttributes&)>&& aHasExistingCookiesLambda, nsIURI** aDocumentURI, nsACString& aBaseDomain, OriginAttributes& aAttrs) { - nsCOMPtr<nsIPrincipal> storagePrincipal = - aDocument->EffectiveCookiePrincipal(); - MOZ_ASSERT(storagePrincipal); - nsCOMPtr<nsIURI> principalURI; auto* basePrincipal = BasePrincipal::Cast(aDocument->NodePrincipal()); basePrincipal->GetURI(getter_AddRefs(principalURI)); @@ -379,15 +375,6 @@ already_AddRefed<Cookie> CookieCommons::CreateCookieFromDocument( return nullptr; } - // Check if limit-foreign is required. - uint32_t dummyRejectedReason = 0; - if (aDocument->CookieJarSettings()->GetLimitForeignContexts() && - !aHasExistingCookiesLambda(baseDomain, - storagePrincipal->OriginAttributesRef()) && - !ShouldAllowAccessFor(innerWindow, principalURI, &dummyRejectedReason)) { - return nullptr; - } - bool isForeignAndNotAddon = false; if (!BasePrincipal::Cast(aDocument->NodePrincipal())->AddonPolicy()) { rv = aThirdPartyUtil->IsThirdPartyWindow( @@ -439,8 +426,29 @@ already_AddRefed<Cookie> CookieCommons::CreateCookieFromDocument( return nullptr; } + // CHIPS - If the partitioned attribute is set, store cookie in partitioned + // cookie jar independent of context. If the cookies are stored in the + // partitioned cookie jar anyway no special treatment of CHIPS cookies + // necessary. + bool needPartitioned = + StaticPrefs::network_cookie_cookieBehavior_optInPartitioning() && + cookieData.isPartitioned(); + nsCOMPtr<nsIPrincipal> cookiePrincipal = + needPartitioned ? aDocument->PartitionedPrincipal() + : aDocument->EffectiveCookiePrincipal(); + MOZ_ASSERT(cookiePrincipal); + + // Check if limit-foreign is required. + uint32_t dummyRejectedReason = 0; + if (aDocument->CookieJarSettings()->GetLimitForeignContexts() && + !aHasExistingCookiesLambda(baseDomain, + cookiePrincipal->OriginAttributesRef()) && + !ShouldAllowAccessFor(innerWindow, principalURI, &dummyRejectedReason)) { + return nullptr; + } + RefPtr<Cookie> cookie = - Cookie::Create(cookieData, storagePrincipal->OriginAttributesRef()); + Cookie::Create(cookieData, cookiePrincipal->OriginAttributesRef()); MOZ_ASSERT(cookie); cookie->SetLastAccessed(currentTimeInUsec); @@ -448,7 +456,7 @@ already_AddRefed<Cookie> CookieCommons::CreateCookieFromDocument( Cookie::GenerateUniqueCreationTime(currentTimeInUsec)); aBaseDomain = baseDomain; - aAttrs = storagePrincipal->OriginAttributesRef(); + aAttrs = cookiePrincipal->OriginAttributesRef(); principalURI.forget(aDocumentURI); return cookie.forget(); @@ -486,9 +494,11 @@ bool CookieCommons::ShouldIncludeCrossSiteCookieForDocument( int32_t sameSiteAttr = 0; aCookie->GetSameSite(&sameSiteAttr); + // CHIPS - If a third-party has storage access it can access both it's + // partitioned and unpartitioned cookie jars, else its cookies are blocked. if (aDocument->CookieJarSettings()->GetPartitionForeign() && StaticPrefs::network_cookie_cookieBehavior_optInPartitioning() && - !aCookie->IsPartitioned()) { + !aCookie->IsPartitioned() && !aDocument->UsingStorageAccess()) { return false; } |