Bug 1165162 - Add nsIPrincipal::cookieJar. r=sicking

caps/BasePrincipal.cpp

@@ -160,6 +160,15 @@ BasePrincipal::GetOriginSuffix(nsACString& aOriginAttributes)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+BasePrincipal::GetCookieJar(nsACString& aCookieJar)
+{
+  // We just forward to .jarPrefix for now, which is a nice compact
+  // stringification of the (appId, inBrowser) tuple. This will eventaully be
+  // swapped out for an origin attribute - see the comment in nsIPrincipal.idl.
+  return GetJarPrefix(aCookieJar);
+}
+
 NS_IMETHODIMP
 BasePrincipal::GetAppStatus(uint16_t* aAppStatus)
 {

caps/BasePrincipal.h

@@ -74,6 +74,7 @@ public:
   NS_IMETHOD GetJarPrefix(nsACString& aJarPrefix) final;
   NS_IMETHOD GetOriginAttributes(JSContext* aCx, JS::MutableHandle<JS::Value> aVal) final;
   NS_IMETHOD GetOriginSuffix(nsACString& aOriginSuffix) final;
+  NS_IMETHOD GetCookieJar(nsACString& aCookieJar) final;
   NS_IMETHOD GetAppStatus(uint16_t* aAppStatus) final;
   NS_IMETHOD GetAppId(uint32_t* aAppStatus) final;
   NS_IMETHOD GetIsInBrowserElement(bool* aIsInBrowserElement) final;

caps/nsIPrincipal.idl

@@ -20,7 +20,7 @@ interface nsIContentSecurityPolicy;
 [ptr] native JSPrincipals(JSPrincipals);
 [ptr] native PrincipalArray(nsTArray<nsCOMPtr<nsIPrincipal> >);
 
-[scriptable, builtinclass, uuid(147839d5-e799-4280-831a-dd45946385f9)]
+[scriptable, builtinclass, uuid(749f21f5-8ade-4d0b-a590-2b1d18e890d5)]
 interface nsIPrincipal : nsISerializable
 {
     /**
@@ -197,6 +197,30 @@ interface nsIPrincipal : nsISerializable
      */
     readonly attribute AUTF8String originSuffix;
 
+    /**
+     * Opaque string token representing the "cookie jar" associated with this
+     * principal. Cookie jars are intended to be a tag associated with persistent
+     * data (like cookies, localStorage data, etc) such that all data associated
+     * with a given cookie jar can be quickly located and (for example) deleted.
+     * Code from many origins may share a given cookie jar, so callers still need
+     * to consult .origin (or equivalent) to compartmentalize data - the cookie
+     * jar should _only_ be used as a tag in the manner described above.
+     *
+     * If two principals are in different cookie jars, they must be cross-origin.
+     * As such, the information making up the cookie jar token must be contained
+     * in the originAttributes (i.e. cookieJar must be a function of / derivable
+     * from originAttributes). Long term, the intention is for the cookie jar
+     * identifier to simply be an origin attribute. But we don't have that
+     * attribute yet, and we also need to concatenate the appId and inBrowser
+     * attributes until those go away.
+     *
+     * This getter is designed to hide these details from consumers so that they
+     * don't need to be updated when we swap out the implementation. For that
+     * reason, callers should treat the string as opaque and not rely on the
+     * current format.
+     */
+    readonly attribute ACString cookieJar;
+
     /**
      * The base domain of the codebase URI to which this principal pertains
      * (generally the document URI), handling null principals and

caps/tests/unit/test_origin.js

@@ -13,6 +13,9 @@ function checkCrossOrigin(a, b) {
   do_check_false(a.subsumesConsideringDomain(b));
   do_check_false(b.subsumes(a));
   do_check_false(b.subsumesConsideringDomain(a));
+  do_check_eq(a.cookieJar === b.cookieJar,
+              a.originAttributes.appId == b.originAttributes.appId &&
+              a.originAttributes.inBrowser == b.originAttributes.inBrowser);
 }
 
 function checkOriginAttributes(prin, appId, inBrowser, suffix) {