зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1399590 - Modify the argument of nsICookiePermission::CanAccess for changing nsIURI to nsIPrincipal. r=jdm
This commit is contained in:
Родитель
8c18d9409a
Коммит
3eec3617b1
|
@ -57,6 +57,7 @@ LOCAL_INCLUDES += [
|
|||
'/dom/base',
|
||||
'/js/xpconnect/src',
|
||||
'/netwerk/base',
|
||||
'/netwerk/cookie',
|
||||
]
|
||||
|
||||
if CONFIG['ENABLE_TESTS']:
|
||||
|
|
|
@ -618,7 +618,7 @@ Navigator::CookieEnabled()
|
|||
|
||||
// Pass null for the channel, just like the cookie service does.
|
||||
nsCookieAccess access;
|
||||
nsresult rv = permMgr->CanAccess(codebaseURI, nullptr, &access);
|
||||
nsresult rv = permMgr->CanAccess(doc->NodePrincipal(), &access);
|
||||
NS_ENSURE_SUCCESS(rv, cookieEnabled);
|
||||
|
||||
if (access != nsICookiePermission::ACCESS_DEFAULT) {
|
||||
|
|
|
@ -47,6 +47,5 @@ function runTest() {
|
|||
|
||||
// Disable third-party cookies for this test.
|
||||
addEventListener('testready', function() {
|
||||
SpecialPowers.pushPrefEnv({'set': [['network.cookie.cookieBehavior', 1],
|
||||
['network.cookie.ipc.sync', true]]}, runTest);
|
||||
SpecialPowers.pushPrefEnv({'set': [['network.cookie.cookieBehavior', 1]]}, runTest);
|
||||
});
|
||||
|
|
|
@ -139,14 +139,15 @@ nsCookiePermission::SetAccess(nsIURI *aURI,
|
|||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCookiePermission::CanAccess(nsIURI *aURI,
|
||||
nsIChannel *aChannel,
|
||||
nsCookiePermission::CanAccess(nsIPrincipal *aPrincipal,
|
||||
nsCookieAccess *aResult)
|
||||
{
|
||||
// Check this protocol doesn't allow cookies
|
||||
bool hasFlags;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aPrincipal->GetURI(getter_AddRefs(uri));
|
||||
nsresult rv =
|
||||
NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_FORBIDS_COOKIE_ACCESS,
|
||||
NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_FORBIDS_COOKIE_ACCESS,
|
||||
&hasFlags);
|
||||
if (NS_FAILED(rv) || hasFlags) {
|
||||
*aResult = ACCESS_DENY;
|
||||
|
@ -158,7 +159,7 @@ nsCookiePermission::CanAccess(nsIURI *aURI,
|
|||
return NS_ERROR_UNEXPECTED;
|
||||
|
||||
// finally, check with permission manager...
|
||||
rv = mPermMgr->TestPermission(aURI, kPermissionType, (uint32_t *) aResult);
|
||||
rv = mPermMgr->TestPermissionFromPrincipal(aPrincipal, kPermissionType, (uint32_t *) aResult);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
if (*aResult == nsICookiePermission::ACCESS_SESSION) {
|
||||
*aResult = nsICookiePermission::ACCESS_ALLOW;
|
||||
|
|
|
@ -279,7 +279,8 @@ CookieServiceChild::GetCookieStringFromCookieHashTable(nsIURI *a
|
|||
nsCookieService::CheckPrefs(permissionService, mCookieBehavior,
|
||||
mThirdPartySession, aHostURI,
|
||||
aIsForeign, nullptr,
|
||||
CountCookiesFromHashTable(baseDomain, aOriginAttrs));
|
||||
CountCookiesFromHashTable(baseDomain, aOriginAttrs),
|
||||
aOriginAttrs);
|
||||
|
||||
if (cookieStatus != STATUS_ACCEPTED && cookieStatus != STATUS_ACCEPT_SESSION) {
|
||||
return;
|
||||
|
@ -526,7 +527,8 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
|
|||
nsCookieService::CheckPrefs(permissionService, mCookieBehavior,
|
||||
mThirdPartySession, aHostURI,
|
||||
!!isForeign, aCookieString,
|
||||
CountCookiesFromHashTable(baseDomain, attrs));
|
||||
CountCookiesFromHashTable(baseDomain, attrs),
|
||||
attrs);
|
||||
|
||||
if (cookieStatus != STATUS_ACCEPTED && cookieStatus != STATUS_ACCEPT_SESSION) {
|
||||
return NS_OK;
|
||||
|
|
|
@ -2150,7 +2150,7 @@ nsCookieService::SetCookieStringInternal(nsIURI *aHostURI,
|
|||
CountCookiesFromHost(hostFromURI, &priorCookieCount);
|
||||
CookieStatus cookieStatus = CheckPrefs(mPermissionService, mCookieBehavior,
|
||||
mThirdPartySession, aHostURI, aIsForeign,
|
||||
aCookieHeader.get(), priorCookieCount);
|
||||
aCookieHeader.get(), priorCookieCount, aOriginAttrs);
|
||||
|
||||
// fire a notification if third party or if cookie was rejected
|
||||
// (but not if there was an error)
|
||||
|
@ -3308,7 +3308,7 @@ nsCookieService::GetCookiesForURI(nsIURI *aHostURI,
|
|||
CountCookiesFromHost(hostFromURI, &priorCookieCount);
|
||||
CookieStatus cookieStatus = CheckPrefs(mPermissionService, mCookieBehavior,
|
||||
mThirdPartySession, aHostURI, aIsForeign,
|
||||
nullptr, priorCookieCount);
|
||||
nullptr, priorCookieCount, aOriginAttrs);
|
||||
|
||||
// for GetCookie(), we don't fire rejection notifications.
|
||||
switch (cookieStatus) {
|
||||
|
@ -4213,7 +4213,8 @@ nsCookieService::CheckPrefs(nsICookiePermission *aPermissionService,
|
|||
nsIURI *aHostURI,
|
||||
bool aIsForeign,
|
||||
const char *aCookieHeader,
|
||||
const int aNumOfCookies)
|
||||
const int aNumOfCookies,
|
||||
const OriginAttributes &aOriginAttrs)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
|
@ -4224,13 +4225,21 @@ nsCookieService::CheckPrefs(nsICookiePermission *aPermissionService,
|
|||
return STATUS_REJECTED_WITH_ERROR;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> principal =
|
||||
BasePrincipal::CreateCodebasePrincipal(aHostURI, aOriginAttrs);
|
||||
|
||||
if (!principal) {
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "non-codebase principals cannot get/set cookies");
|
||||
return STATUS_REJECTED_WITH_ERROR;
|
||||
}
|
||||
|
||||
// check the permission list first; if we find an entry, it overrides
|
||||
// default prefs. see bug 184059.
|
||||
if (aPermissionService) {
|
||||
nsCookieAccess access;
|
||||
// Not passing an nsIChannel here is probably OK; our implementation
|
||||
// doesn't do anything with it anyway.
|
||||
rv = aPermissionService->CanAccess(aHostURI, nullptr, &access);
|
||||
rv = aPermissionService->CanAccess(principal, &access);
|
||||
|
||||
// if we found an entry, use it
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
|
|
|
@ -232,7 +232,7 @@ class nsCookieService final : public nsICookieService
|
|||
static bool DomainMatches(nsCookie* aCookie, const nsACString& aHost);
|
||||
static bool PathMatches(nsCookie* aCookie, const nsACString& aPath);
|
||||
static bool CanSetCookie(nsIURI *aHostURI, const nsCookieKey& aKey, nsCookieAttributes &aCookieAttributes, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel, bool aLeaveSercureAlone, bool &aSetCookie);
|
||||
static CookieStatus CheckPrefs(nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior, bool aThirdPartyUtil, nsIURI *aHostURI, bool aIsForeign, const char *aCookieHeader, const int aNumOfCookies);
|
||||
static CookieStatus CheckPrefs(nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior, bool aThirdPartyUtil, nsIURI *aHostURI, bool aIsForeign, const char *aCookieHeader, const int aNumOfCookies, const OriginAttributes& aOriginAttrs);
|
||||
static int64_t ParseServerTime(const nsCString &aServerTime);
|
||||
void GetCookiesForURI(nsIURI *aHostURI, bool aIsForeign, bool aHttpBound, const OriginAttributes& aOriginAttrs, nsTArray<nsCookie*>& aCookieList);
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
interface nsICookie2;
|
||||
interface nsIURI;
|
||||
interface nsIChannel;
|
||||
interface nsIPrincipal;
|
||||
|
||||
typedef long nsCookieAccess;
|
||||
|
||||
|
@ -54,17 +55,14 @@ interface nsICookiePermission : nsISupports
|
|||
* this method is called to test whether or not the given URI/channel may
|
||||
* access the cookie database, either to set or get cookies.
|
||||
*
|
||||
* @param aURI
|
||||
* the URI trying to access cookies
|
||||
* @param aChannel
|
||||
* the channel corresponding to aURI
|
||||
* @param aPrincipal
|
||||
* the principal trying to access cookies.
|
||||
*
|
||||
* @return one of the following nsCookieAccess values:
|
||||
* ACCESS_DEFAULT, ACCESS_ALLOW, ACCESS_DENY, or
|
||||
* ACCESS_ALLOW_FIRST_PARTY_ONLY
|
||||
*/
|
||||
nsCookieAccess canAccess(in nsIURI aURI,
|
||||
in nsIChannel aChannel);
|
||||
nsCookieAccess canAccess(in nsIPrincipal aPrincipal);
|
||||
|
||||
/**
|
||||
* canSetCookie
|
||||
|
|
Загрузка…
Ссылка в новой задаче