diff --git a/netwerk/cookie/CookieStorage.cpp b/netwerk/cookie/CookieStorage.cpp index 8642a906de58..b4882a9a5286 100644 --- a/netwerk/cookie/CookieStorage.cpp +++ b/netwerk/cookie/CookieStorage.cpp @@ -7,7 +7,7 @@ #include "CookieCommons.h" #include "CookieLogging.h" #include "CookieStorage.h" - +#include "mozilla/dom/nsMixedContentBlocker.h" #include "nsIMutableArray.h" #include "nsTPriorityQueue.h" #include "prprf.h" @@ -407,9 +407,10 @@ void CookieStorage::AddCookie(const nsACString& aBaseDomain, foundCookie = FindCookie(aBaseDomain, aOriginAttributes, aCookie->Host(), aCookie->Name(), aCookie->Path(), exactIter); bool foundSecureExact = foundCookie && exactIter.Cookie()->IsSecure(); - bool isSecure = true; + bool potentiallyTrustworthy = true; if (aHostURI) { - isSecure = aHostURI->SchemeIs("https"); + potentiallyTrustworthy = + nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(aHostURI); } bool oldCookieIsSession = false; // Step1, call FindSecureCookie(). FindSecureCookie() would @@ -425,7 +426,7 @@ void CookieStorage::AddCookie(const nsACString& aBaseDomain, if (!aCookie->IsSecure() && (foundSecureExact || FindSecureCookie(aBaseDomain, aOriginAttributes, aCookie)) && - !isSecure) { + !potentiallyTrustworthy) { COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "cookie can't save because older cookie is secure " "cookie but newer cookie is non-secure cookie"); diff --git a/netwerk/test/TestCookie.cpp b/netwerk/test/TestCookie.cpp index a72da2549433..bde614426f7b 100644 --- a/netwerk/test/TestCookie.cpp +++ b/netwerk/test/TestCookie.cpp @@ -196,6 +196,7 @@ void InitPrefs(nsIPrefBranch* aPrefBranch) { // default" Preferences::SetBool("network.cookie.sameSite.laxByDefault", false); Preferences::SetBool("network.cookieJarSettings.unblocked_for_testing", true); + Preferences::SetBool("dom.securecontext.whitelist_onions", false); } TEST(TestCookie, TestCookieMain) @@ -1009,6 +1010,9 @@ TEST(TestCookie, TestCookieMain) SetACookie(cookieService, secureURIs[i], "test=basic; secure"); GetACookie(cookieService, secureURIs[i], cookie); EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic")); + SetACookie(cookieService, secureURIs[i], "test=basic1"); + GetACookie(cookieService, secureURIs[i], cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic1")); } // XXX the following are placeholders: add these tests please! @@ -1062,3 +1066,33 @@ TEST(TestCookie, SameSiteLax) EXPECT_EQ(cookie->RawSameSite(), nsICookie::SAMESITE_NONE); EXPECT_EQ(cookie->SameSite(), nsICookie::SAMESITE_NONE); } + +TEST(TestCookie, OnionSite) +{ + Preferences::SetBool("dom.securecontext.whitelist_onions", true); + + nsresult rv; + nsCString cookie; + + nsCOMPtr cookieService = + do_GetService(kCookieServiceCID, &rv); + ASSERT_TRUE(NS_SUCCEEDED(rv)); + + // .onion secure cookie tests + SetACookie(cookieService, "http://123456789abcdef.onion/", + "test=onion-security; secure"); + GetACookieNoHttp(cookieService, "https://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security")); + SetACookie(cookieService, "http://123456789abcdef.onion/", + "test=onion-security2; secure"); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security2")); + SetACookie(cookieService, "https://123456789abcdef.onion/", + "test=onion-security3; secure"); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security3")); + SetACookie(cookieService, "http://123456789abcdef.onion/", + "test=onion-security4"); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security4")); +}