diff --git a/services/common/rest.js b/services/common/rest.js index 988a7cb7a807..3fee0ca0e597 100644 --- a/services/common/rest.js +++ b/services/common/rest.js @@ -117,9 +117,10 @@ RESTRequest.prototype = { response: null, /** - * nsIRequest load flags. Don't do any caching by default. + * nsIRequest load flags. Don't do any caching by default. Don't send user + * cookies and such over the wire (Bug 644734). */ - loadFlags: Ci.nsIRequest.LOAD_BYPASS_CACHE | Ci.nsIRequest.INHIBIT_CACHING, + loadFlags: Ci.nsIRequest.LOAD_BYPASS_CACHE | Ci.nsIRequest.INHIBIT_CACHING | Ci.nsIRequest.LOAD_ANONYMOUS, /** * nsIHttpChannel diff --git a/services/common/tests/unit/test_restrequest.js b/services/common/tests/unit/test_restrequest.js index abeedb700d33..b394cd7533d7 100644 --- a/services/common/tests/unit/test_restrequest.js +++ b/services/common/tests/unit/test_restrequest.js @@ -41,7 +41,8 @@ add_test(function test_attributes() { do_check_eq(request.response, null); do_check_eq(request.status, request.NOT_SENT); let expectedLoadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE | - Ci.nsIRequest.INHIBIT_CACHING; + Ci.nsIRequest.INHIBIT_CACHING | + Ci.nsIRequest.LOAD_ANONYMOUS; do_check_eq(request.loadFlags, expectedLoadFlags); run_next_test(); @@ -766,3 +767,26 @@ add_test(function test_new_channel() { advance(); }); }); + +add_test(function test_not_sending_cookie() { + function handler(metadata, response) { + let body = "COOKIE!"; + response.setStatusLine(metadata.httpVersion, 200, "OK"); + response.bodyOutputStream.write(body, body.length); + do_check_false(metadata.hasHeader("Cookie")); + } + let server = httpd_setup({"/test": handler}); + + let cookieSer = Cc["@mozilla.org/cookieService;1"] + .getService(Ci.nsICookieService); + let uri = CommonUtils.makeURI("http://localhost:8080"); + cookieSer.setCookieString(uri, null, "test=test; path=/;", null); + + let res = new RESTRequest("http://localhost:8080/test"); + res.get(function (error) { + do_check_null(error); + do_check_true(this.response.success); + do_check_eq("COOKIE!", this.response.body); + server.stop(run_next_test); + }); +}); diff --git a/services/sync/modules/resource.js b/services/sync/modules/resource.js index 72d51db77fad..df72760e86d8 100644 --- a/services/sync/modules/resource.js +++ b/services/sync/modules/resource.js @@ -143,6 +143,8 @@ AsyncResource.prototype = { // Always validate the cache: channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING; + // Don't send user cookies & such over the wire (Bug 644734) + channel.loadFlags |= Ci.nsIRequest.LOAD_ANONYMOUS; // Setup a callback to handle channel notifications. channel.notificationCallbacks = new ChannelNotificationListener(); diff --git a/services/sync/tests/unit/test_resource_async.js b/services/sync/tests/unit/test_resource_async.js index fcc1f0921e65..116e9cebe46e 100644 --- a/services/sync/tests/unit/test_resource_async.js +++ b/services/sync/tests/unit/test_resource_async.js @@ -700,6 +700,27 @@ add_test(function test_uri_construction() { run_next_test(); }); +add_test(function test_not_sending_cookie() { + function handler(metadata, response) { + let body = "COOKIE!"; + response.setStatusLine(metadata.httpVersion, 200, "OK"); + response.bodyOutputStream.write(body, body.length); + do_check_false(metadata.hasHeader("Cookie")); + } + let cookieSer = Cc["@mozilla.org/cookieService;1"] + .getService(Ci.nsICookieService); + let uri = CommonUtils.makeURI("http://localhost:8080"); + cookieSer.setCookieString(uri, null, "test=test; path=/;", null); + + let res = new AsyncResource("http://localhost:8080/test"); + res.get(function (error) { + do_check_null(error); + do_check_true(this.response.success); + do_check_eq("COOKIE!", this.response.body); + server.stop(run_next_test); + }); +}); + /** * End of tests that rely on a single HTTP server. * All tests after this point must begin and end their own.