diff --git a/browser/base/content/test/sanitize/head.js b/browser/base/content/test/sanitize/head.js index ace6ec5599ba..df564a5ea6c4 100644 --- a/browser/base/content/test/sanitize/head.js +++ b/browser/base/content/test/sanitize/head.js @@ -49,7 +49,8 @@ function createHostCookie(host, originAttributes) { false, Date.now() + 24000 * 60 * 60, originAttributes, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); } @@ -64,7 +65,8 @@ function createDomainCookie(host, originAttributes) { false, Date.now() + 24000 * 60 * 60, originAttributes, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); } diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js b/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js index a4622cbf5813..571ae95a1be8 100644 --- a/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js @@ -17,7 +17,8 @@ add_task(async function setup() { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Services.cookies.add( HOSTNAME_DOMAIN, @@ -29,7 +30,8 @@ add_task(async function setup() { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); Services.cookies.add( ORIGIN_DOMAIN, @@ -41,7 +43,8 @@ add_task(async function setup() { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Services.cookies.add( ORIGIN_DOMAIN, @@ -53,7 +56,8 @@ add_task(async function setup() { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); Services.cookies.add( "example.net", @@ -65,7 +69,8 @@ add_task(async function setup() { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); await setupPolicyEngineWithJson({ policies: { diff --git a/browser/components/extensions/test/xpcshell/test_ext_browsingData_cookies_cache.js b/browser/components/extensions/test/xpcshell/test_ext_browsingData_cookies_cache.js index 06e536756424..65a196f46206 100644 --- a/browser/components/extensions/test/xpcshell/test_ext_browsingData_cookies_cache.js +++ b/browser/components/extensions/test/xpcshell/test_ext_browsingData_cookies_cache.js @@ -41,7 +41,8 @@ function addCookie(cookie) { false, Date.now() / 1000 + 10000, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); ok( Services.cookies.cookieExists(cookie.host, cookie.path, cookie.name, {}), diff --git a/browser/components/migration/ChromeProfileMigrator.jsm b/browser/components/migration/ChromeProfileMigrator.jsm index 7d6366a24532..24ce4c95e98c 100644 --- a/browser/components/migration/ChromeProfileMigrator.jsm +++ b/browser/components/migration/ChromeProfileMigrator.jsm @@ -381,17 +381,22 @@ async function GetCookiesResource(aProfileFolder) { : "httponly"; let isSecure = columns.includes("is_secure") ? "is_secure" : "secure"; + let source_scheme = columns.includes("source_scheme") + ? "source_scheme" + : `"${Ci.nsICookie.SCHEME_UNSET}" as source_scheme`; + // We don't support decrypting cookies yet so only import plaintext ones. let rows = await MigrationUtils.getRowsFromDBWithoutLocks( cookiesPath, "Chrome cookies", - `SELECT host_key, name, value, path, expires_utc, ${isSecure}, ${isHttponly}, encrypted_value + `SELECT host_key, name, value, path, expires_utc, ${isSecure}, ${isHttponly}, encrypted_value, ${source_scheme} FROM cookies WHERE length(encrypted_value) = 0` ).catch(ex => { Cu.reportError(ex); aCallback(false); }); + // If the promise was rejected we will have already called aCallback, // so we can just return here. if (!rows) { @@ -406,6 +411,16 @@ async function GetCookiesResource(aProfileFolder) { host_key = host_key.substr(1); } + let schemeType = Ci.nsICookie.SCHEME_UNSET; + switch (row.getResultByName("source_scheme")) { + case 1: + schemeType = Ci.nsICookie.SCHEME_HTTP; + break; + case 2: + schemeType = Ci.nsICookie.SCHEME_HTTPS; + break; + } + try { let expiresUtc = ChromeMigrationUtils.chromeTimeToDate( @@ -416,6 +431,7 @@ async function GetCookiesResource(aProfileFolder) { if (!expiresUtc) { continue; } + Services.cookies.add( host_key, row.getResultByName("path"), @@ -426,7 +442,8 @@ async function GetCookiesResource(aProfileFolder) { false, parseInt(expiresUtc), {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + schemeType ); } catch (e) { Cu.reportError(e); diff --git a/browser/components/migration/MSMigrationUtils.jsm b/browser/components/migration/MSMigrationUtils.jsm index a822ed75763d..872ed5ce89ac 100644 --- a/browser/components/migration/MSMigrationUtils.jsm +++ b/browser/components/migration/MSMigrationUtils.jsm @@ -727,7 +727,8 @@ Cookies.prototype = { false, // session expireTime, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_UNSET ); } }, diff --git a/browser/components/migration/tests/marionette/test_refresh_firefox.py b/browser/components/migration/tests/marionette/test_refresh_firefox.py index d365342f458c..743f981a02d6 100644 --- a/browser/components/migration/tests/marionette/test_refresh_firefox.py +++ b/browser/components/migration/tests/marionette/test_refresh_firefox.py @@ -152,7 +152,8 @@ class TestFirefoxRefresh(MarionetteTestCase): // Expire in 15 minutes: let expireTime = Math.floor(Date.now() / 1000) + 15 * 60; Services.cookies.add(arguments[0], arguments[1], arguments[2], arguments[3], - true, false, false, expireTime, {}, Ci.nsICookie.SAMESITE_NONE); + true, false, false, expireTime, {}, + Ci.nsICookie.SAMESITE_NONE, Ci.nsICookie.SCHEME_UNSET); """, script_args=(self._cookieHost, self._cookiePath, self._cookieName, self._cookieValue)) def createSession(self): diff --git a/browser/components/preferences/tests/siteData/browser_siteData.js b/browser/components/preferences/tests/siteData/browser_siteData.js index 7f27acc33ba5..ac41a380d3b0 100644 --- a/browser/components/preferences/tests/siteData/browser_siteData.js +++ b/browser/components/preferences/tests/siteData/browser_siteData.js @@ -205,7 +205,8 @@ add_task(async function() { false, Date.now() + 1000 * 60 * 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Services.cookies.add( uri.host, @@ -217,7 +218,8 @@ add_task(async function() { false, Date.now() + 1000 * 60 * 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Services.cookies.add( uri2.host, @@ -229,7 +231,8 @@ add_task(async function() { false, Date.now() + 1000 * 60 * 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); // Ensure that private browsing cookies are ignored. @@ -243,7 +246,8 @@ add_task(async function() { false, Date.now() + 1000 * 60 * 60, { privateBrowsingId: 1 }, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); // Get the exact creation date from the cookies (to avoid intermittents diff --git a/browser/components/search/test/unit/test_urlTelemetry.js b/browser/components/search/test/unit/test_urlTelemetry.js index efcfe109212a..64d6f269ada0 100644 --- a/browser/components/search/test/unit/test_urlTelemetry.js +++ b/browser/components/search/test/unit/test_urlTelemetry.js @@ -90,7 +90,8 @@ const TESTS = [ false, Date.now() + 1000 * 60 * 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); }, tearDown() { diff --git a/browser/components/sessionstore/SessionCookies.jsm b/browser/components/sessionstore/SessionCookies.jsm index 488797b85fc5..fd5f95325946 100644 --- a/browser/components/sessionstore/SessionCookies.jsm +++ b/browser/components/sessionstore/SessionCookies.jsm @@ -79,7 +79,8 @@ var SessionCookiesInternal = { /* isSession = */ true, expiry, cookie.originAttributes || {}, - cookie.sameSite || Ci.nsICookie.SAMESITE_NONE + cookie.sameSite || Ci.nsICookie.SAMESITE_NONE, + cookie.schemeMap || Ci.nsICookie.SCHEME_HTTPS ); } catch (ex) { Cu.reportError( @@ -247,6 +248,10 @@ var CookieStore = { jscookie.sameSite = cookie.sameSite; } + if (cookie.schemeMap) { + jscookie.schemeMap = cookie.schemeMap; + } + this._entries.set(this._getKeyForCookie(cookie), jscookie); }, diff --git a/browser/components/sessionstore/test/browser_cookies_privacy.js b/browser/components/sessionstore/test/browser_cookies_privacy.js index c363040ae7a4..2c588c8a4931 100644 --- a/browser/components/sessionstore/test/browser_cookies_privacy.js +++ b/browser/components/sessionstore/test/browser_cookies_privacy.js @@ -15,7 +15,8 @@ function addCookie(scheme, secure = false) { /* isSession = */ true, MAX_EXPIRY, /* originAttributes = */ {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); return cookie; } diff --git a/browser/components/sessionstore/test/browser_cookies_sameSite.js b/browser/components/sessionstore/test/browser_cookies_sameSite.js index 13293628f00b..bc680dac25f0 100644 --- a/browser/components/sessionstore/test/browser_cookies_sameSite.js +++ b/browser/components/sessionstore/test/browser_cookies_sameSite.js @@ -1,6 +1,7 @@ "use strict"; -const TEST_URL = "http://example.com"; +const TEST_HTTP_URL = "http://example.com"; +const TEST_HTTPS_URL = "https://example.com"; const MAX_EXPIRY = Math.pow(2, 62); function getSingleCookie() { @@ -9,7 +10,7 @@ function getSingleCookie() { return cookies[0]; } -async function verifyRestore(sameSiteSetting) { +async function verifyRestore(url, sameSiteSetting) { Services.cookies.removeAll(); // Make sure that sessionstore.js can be forced to be created by setting @@ -18,13 +19,13 @@ async function verifyRestore(sameSiteSetting) { set: [["browser.sessionstore.interval", 0]], }); - let tab = BrowserTestUtils.addTab(gBrowser, TEST_URL); + let tab = BrowserTestUtils.addTab(gBrowser, url); await BrowserTestUtils.browserLoaded(tab.linkedBrowser); // Add a cookie with specific same-site setting. let r = Math.floor(Math.random() * MAX_EXPIRY); Services.cookies.add( - TEST_URL, + url, "/", "name" + r, "value" + r, @@ -33,7 +34,10 @@ async function verifyRestore(sameSiteSetting) { true, MAX_EXPIRY, {}, - sameSiteSetting + sameSiteSetting, + url.startsWith("https:") + ? Ci.nsICookie.SCHEME_HTTPS + : Ci.nsICookie.SCHEME_HTTP ); await TabStateFlusher.flush(tab.linkedBrowser); @@ -58,6 +62,12 @@ async function verifyRestore(sameSiteSetting) { "cookie same-site flag successfully restored" ); + is( + cookie2.schemeMap, + cookie.schemeMap, + "cookie schemeMap flag successfully restored" + ); + // Clean up. Services.cookies.removeAll(); BrowserTestUtils.removeTab(gBrowser.tabs[1]); @@ -68,8 +78,12 @@ async function verifyRestore(sameSiteSetting) { * sessionstore. */ add_task(async function() { - // Test for various possible values of cookie.sameSite. - await verifyRestore(Ci.nsICookie.SAMESITE_NONE); - await verifyRestore(Ci.nsICookie.SAMESITE_LAX); - await verifyRestore(Ci.nsICookie.SAMESITE_STRICT); + // Test for various possible values of cookie.sameSite and schemeMap. + await verifyRestore(TEST_HTTP_URL, Ci.nsICookie.SAMESITE_NONE); + await verifyRestore(TEST_HTTP_URL, Ci.nsICookie.SAMESITE_LAX); + await verifyRestore(TEST_HTTP_URL, Ci.nsICookie.SAMESITE_STRICT); + + await verifyRestore(TEST_HTTPS_URL, Ci.nsICookie.SAMESITE_NONE); + await verifyRestore(TEST_HTTPS_URL, Ci.nsICookie.SAMESITE_LAX); + await verifyRestore(TEST_HTTPS_URL, Ci.nsICookie.SAMESITE_STRICT); }); diff --git a/browser/modules/Discovery.jsm b/browser/modules/Discovery.jsm index 06fd4b5a5642..86c3896bbd08 100644 --- a/browser/modules/Discovery.jsm +++ b/browser/modules/Discovery.jsm @@ -148,7 +148,8 @@ const DiscoveryInternal = { true, // session Date.now(), originAttributes, - Ci.nsICookie.SAMESITE_LAX + Ci.nsICookie.SAMESITE_LAX, + Ci.nsICookie.SCHEME_HTTPS ); } } diff --git a/devtools/server/actors/storage.js b/devtools/server/actors/storage.js index 99607fd9d9a5..fb64071ceff0 100644 --- a/devtools/server/actors/storage.js +++ b/devtools/server/actors/storage.js @@ -932,6 +932,7 @@ var cookieHelpers = { isSession: nsiCookie.isSession, expires: nsiCookie.expires, originAttributes: nsiCookie.originAttributes, + schemeMap: nsiCookie.schemeMap, }; break; } @@ -995,7 +996,8 @@ var cookieHelpers = { cookie.isSession, cookie.isSession ? MAX_COOKIE_EXPIRY : cookie.expires, cookie.originAttributes, - cookie.sameSite + cookie.sameSite, + cookie.schemeMap ); }, diff --git a/netwerk/cookie/CookieService.cpp b/netwerk/cookie/CookieService.cpp index cdb1bd54e4e7..463d940d5624 100644 --- a/netwerk/cookie/CookieService.cpp +++ b/netwerk/cookie/CookieService.cpp @@ -689,7 +689,8 @@ CookieService::Add(const nsACString& aHost, const nsACString& aPath, const nsACString& aName, const nsACString& aValue, bool aIsSecure, bool aIsHttpOnly, bool aIsSession, int64_t aExpiry, JS::HandleValue aOriginAttributes, - int32_t aSameSite, JSContext* aCx) { + int32_t aSameSite, nsICookie::schemeType aSchemeMap, + JSContext* aCx) { OriginAttributes attrs; if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) { @@ -697,7 +698,7 @@ CookieService::Add(const nsACString& aHost, const nsACString& aPath, } return AddNative(aHost, aPath, aName, aValue, aIsSecure, aIsHttpOnly, - aIsSession, aExpiry, &attrs, aSameSite); + aIsSession, aExpiry, &attrs, aSameSite, aSchemeMap); } NS_IMETHODIMP_(nsresult) @@ -705,7 +706,7 @@ CookieService::AddNative(const nsACString& aHost, const nsACString& aPath, const nsACString& aName, const nsACString& aValue, bool aIsSecure, bool aIsHttpOnly, bool aIsSession, int64_t aExpiry, OriginAttributes* aOriginAttributes, - int32_t aSameSite) { + int32_t aSameSite, nsICookie::schemeType aSchemeMap) { if (NS_WARN_IF(!aOriginAttributes)) { return NS_ERROR_FAILURE; } @@ -732,7 +733,7 @@ CookieService::AddNative(const nsACString& aHost, const nsACString& aPath, nsCString(aPath), aExpiry, currentTimeInUsec, Cookie::GenerateUniqueCreationTime(currentTimeInUsec), aIsHttpOnly, aIsSession, aIsSecure, aSameSite, - aSameSite, nsICookie::SCHEME_UNSET); + aSameSite, aSchemeMap); RefPtr cookie = Cookie::Create(cookieData, key.mOriginAttributes); MOZ_ASSERT(cookie); diff --git a/netwerk/cookie/nsICookieManager.idl b/netwerk/cookie/nsICookieManager.idl index 9e72221504f8..3d815846a556 100644 --- a/netwerk/cookie/nsICookieManager.idl +++ b/netwerk/cookie/nsICookieManager.idl @@ -4,6 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISupports.idl" +#include "nsICookie.idl" %{ C++ namespace mozilla { @@ -13,9 +14,6 @@ class OriginAttributes; [ptr] native OriginAttributesPtr(mozilla::OriginAttributes); -interface nsICookie; -interface nsIFile; - /** * An optional interface for accessing or removing the cookies * that are in the cookie list @@ -127,7 +125,8 @@ interface nsICookieManager : nsISupports in boolean aIsSession, in int64_t aExpiry, in jsval aOriginAttributes, - in int32_t aSameSite); + in int32_t aSameSite, + in nsICookie_schemeType aSchemeMap); [notxpcom] nsresult addNative(in AUTF8String aHost, @@ -139,7 +138,8 @@ interface nsICookieManager : nsISupports in boolean aIsSession, in int64_t aExpiry, in OriginAttributesPtr aOriginAttributes, - in int32_t aSameSite); + in int32_t aSameSite, + in nsICookie_schemeType aSchemeMap); /** * Find whether a given cookie already exists. diff --git a/netwerk/test/TestCookie.cpp b/netwerk/test/TestCookie.cpp index aac9ba57c78e..74ab95f8e2a3 100644 --- a/netwerk/test/TestCookie.cpp +++ b/netwerk/test/TestCookie.cpp @@ -748,39 +748,39 @@ TEST(TestCookie, TestCookieMain) // first, ensure a clean slate EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll())); // add some cookies - EXPECT_TRUE(NS_SUCCEEDED( - cookieMgr2->AddNative(NS_LITERAL_CSTRING("cookiemgr.test"), // domain - NS_LITERAL_CSTRING("/foo"), // path - NS_LITERAL_CSTRING("test1"), // name - NS_LITERAL_CSTRING("yes"), // value - false, // is secure - false, // is httponly - true, // is session - INT64_MAX, // expiry time - &attrs, // originAttributes - nsICookie::SAMESITE_NONE))); - EXPECT_TRUE(NS_SUCCEEDED( - cookieMgr2->AddNative(NS_LITERAL_CSTRING("cookiemgr.test"), // domain - NS_LITERAL_CSTRING("/foo"), // path - NS_LITERAL_CSTRING("test2"), // name - NS_LITERAL_CSTRING("yes"), // value - false, // is secure - true, // is httponly - true, // is session - PR_Now() / PR_USEC_PER_SEC + 2, // expiry time - &attrs, // originAttributes - nsICookie::SAMESITE_NONE))); - EXPECT_TRUE(NS_SUCCEEDED( - cookieMgr2->AddNative(NS_LITERAL_CSTRING("new.domain"), // domain - NS_LITERAL_CSTRING("/rabbit"), // path - NS_LITERAL_CSTRING("test3"), // name - NS_LITERAL_CSTRING("yes"), // value - false, // is secure - false, // is httponly - true, // is session - INT64_MAX, // expiry time - &attrs, // originAttributes - nsICookie::SAMESITE_NONE))); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative( + NS_LITERAL_CSTRING("cookiemgr.test"), // domain + NS_LITERAL_CSTRING("/foo"), // path + NS_LITERAL_CSTRING("test1"), // name + NS_LITERAL_CSTRING("yes"), // value + false, // is secure + false, // is httponly + true, // is session + INT64_MAX, // expiry time + &attrs, // originAttributes + nsICookie::SAMESITE_NONE, nsICookie::SCHEME_HTTPS))); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative( + NS_LITERAL_CSTRING("cookiemgr.test"), // domain + NS_LITERAL_CSTRING("/foo"), // path + NS_LITERAL_CSTRING("test2"), // name + NS_LITERAL_CSTRING("yes"), // value + false, // is secure + true, // is httponly + true, // is session + PR_Now() / PR_USEC_PER_SEC + 2, // expiry time + &attrs, // originAttributes + nsICookie::SAMESITE_NONE, nsICookie::SCHEME_HTTPS))); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative( + NS_LITERAL_CSTRING("new.domain"), // domain + NS_LITERAL_CSTRING("/rabbit"), // path + NS_LITERAL_CSTRING("test3"), // name + NS_LITERAL_CSTRING("yes"), // value + false, // is secure + false, // is httponly + true, // is session + INT64_MAX, // expiry time + &attrs, // originAttributes + nsICookie::SAMESITE_NONE, nsICookie::SCHEME_HTTPS))); // confirm using enumerator nsTArray> cookies; EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies))); diff --git a/netwerk/test/mochitests/file_testloadflags_chromescript.js b/netwerk/test/mochitests/file_testloadflags_chromescript.js index 5ec5db9f3b73..8bab7649b319 100644 --- a/netwerk/test/mochitests/file_testloadflags_chromescript.js +++ b/netwerk/test/mochitests/file_testloadflags_chromescript.js @@ -113,7 +113,8 @@ addMessageListener("init", ({ domain }) => { true, Math.pow(2, 62), {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); is( cs.countCookiesFromHost(domain), diff --git a/netwerk/test/unit/test_bug411952.js b/netwerk/test/unit/test_bug411952.js index b10499055d21..a7bdfb178f60 100644 --- a/netwerk/test/unit/test_bug411952.js +++ b/netwerk/test/unit/test_bug411952.js @@ -16,7 +16,8 @@ function run_test() { false, time, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); const now = Math.floor(new Date().getTime() / 1000); diff --git a/netwerk/test/unit/test_bug526789.js b/netwerk/test/unit/test_bug526789.js index 4fa694e5403f..1c9272126ff0 100644 --- a/netwerk/test/unit/test_bug526789.js +++ b/netwerk/test/unit/test_bug526789.js @@ -25,7 +25,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(cm.countCookiesFromHost("baz.com"), 1); Assert.equal(cm.countCookiesFromHost("BAZ.com"), 1); @@ -57,7 +58,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(cm.countCookiesFromHost("baz.com"), 0); Assert.equal(cm.countCookiesFromHost("BAZ.com"), 0); @@ -81,7 +83,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(cm.countCookiesFromHost("192.168.0.1"), 1); Assert.equal(cm.countCookiesFromHost("192.168.0.1."), 0); @@ -102,7 +105,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(cm.countCookiesFromHost("localhost"), 1); Assert.equal(cm.countCookiesFromHost("localhost."), 0); @@ -123,7 +127,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(cm.countCookiesFromHost("co.uk"), 1); Assert.equal(cm.countCookiesFromHost("co.uk."), 0); @@ -197,7 +202,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(getCookieCount(), 1); do_check_throws(function() { @@ -211,7 +217,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); }, Cr.NS_ERROR_ILLEGAL_VALUE); Assert.equal(getCookieCount(), 1); diff --git a/netwerk/test/unit/test_bug650522.js b/netwerk/test/unit/test_bug650522.js index bd59412ecbeb..a304d6adc4bb 100644 --- a/netwerk/test/unit/test_bug650522.js +++ b/netwerk/test/unit/test_bug650522.js @@ -22,7 +22,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); Assert.equal(cm.countCookiesFromHost("e.com"), 1); diff --git a/netwerk/test/unit/test_bug667087.js b/netwerk/test/unit/test_bug667087.js index 2f98e04e45e4..132df6248f76 100644 --- a/netwerk/test/unit/test_bug667087.js +++ b/netwerk/test/unit/test_bug667087.js @@ -20,7 +20,8 @@ add_task(async () => { true, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); Assert.equal(cm.countCookiesFromHost("a"), 1); diff --git a/netwerk/test/unit/test_cookies_async_failure.js b/netwerk/test/unit/test_cookies_async_failure.js index df20e034eef7..17808feb33b7 100644 --- a/netwerk/test/unit/test_cookies_async_failure.js +++ b/netwerk/test/unit/test_cookies_async_failure.js @@ -144,7 +144,8 @@ async function run_test_1() { cookie.isSession, cookie.expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); // Check that the cookie service accepted the new cookie. diff --git a/netwerk/test/unit/test_cookies_profile_close.js b/netwerk/test/unit/test_cookies_profile_close.js index 1cb5cf9d9163..47e557c7a6ab 100644 --- a/netwerk/test/unit/test_cookies_profile_close.js +++ b/netwerk/test/unit/test_cookies_profile_close.js @@ -83,7 +83,8 @@ add_task(async () => { false, 0, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); }, Cr.NS_ERROR_NOT_AVAILABLE); diff --git a/netwerk/test/unit/test_domain_eviction.js b/netwerk/test/unit/test_domain_eviction.js index f8cb3e1e2fd3..232fc89d9985 100644 --- a/netwerk/test/unit/test_domain_eviction.js +++ b/netwerk/test/unit/test_domain_eviction.js @@ -77,7 +77,8 @@ function* do_run_test() { false, shortExpiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); do_timeout(2100, continue_test); yield; @@ -93,7 +94,8 @@ function* do_run_test() { false, futureExpiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(countCookies("captchart.com", "captchart.com"), 50); @@ -120,7 +122,8 @@ function setCookies(aHost, aNumber, aExpiry) { false, aExpiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); } } diff --git a/netwerk/test/unit/test_eviction.js b/netwerk/test/unit/test_eviction.js index a656c13d8370..23c4c49a56e7 100644 --- a/netwerk/test/unit/test_eviction.js +++ b/netwerk/test/unit/test_eviction.js @@ -201,7 +201,8 @@ function set_cookies(begin, end, expiry) { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); if (i == begin) { diff --git a/netwerk/test/unit_ipc/test_cookie_header_stripped.js b/netwerk/test/unit_ipc/test_cookie_header_stripped.js index 998493c11dff..9838614bd5c9 100644 --- a/netwerk/test/unit_ipc/test_cookie_header_stripped.js +++ b/netwerk/test/unit_ipc/test_cookie_header_stripped.js @@ -82,7 +82,8 @@ function run_test() { false, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); do_send_remote_message("set-cookie-done"); }); diff --git a/remote/domains/parent/Network.jsm b/remote/domains/parent/Network.jsm index 0773461e96c7..5d9a1ee52b15 100644 --- a/remote/domains/parent/Network.jsm +++ b/remote/domains/parent/Network.jsm @@ -269,6 +269,7 @@ class Network extends Domain { // Retrieve host. Check domain first because it has precedence. let hostname = cookie.domain || ""; let cookieURL; + let schemeType = Ci.nsICookie.SCHEME_UNSET; if (hostname.length == 0) { try { cookieURL = new URL(cookie.url); @@ -282,6 +283,9 @@ class Network extends Domain { if (cookieURL.protocol == "https:") { cookie.secure = true; + schemeType = Ci.nsICookie.SCHEME_HTTPS; + } else { + schemeType = Ci.nsICookie.SCHEME_HTTP; } hostname = cookieURL.hostname; @@ -315,7 +319,8 @@ class Network extends Domain { isSession, cookie.expires, {} /* originAttributes */, - sameSiteMap.get(cookie.sameSite) + sameSiteMap.get(cookie.sameSite), + schemeType ); } catch (e) { success = false; diff --git a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js index 6527dfb357e0..77dc204ffdd6 100644 --- a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js +++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js @@ -109,7 +109,8 @@ function run_test() { false, Date.now() + 24000 * 60 * 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); registerCleanupFunction(() => { diff --git a/testing/marionette/cookie.js b/testing/marionette/cookie.js index 74428d207a2b..982bd6cefb0d 100644 --- a/testing/marionette/cookie.js +++ b/testing/marionette/cookie.js @@ -94,6 +94,8 @@ cookie.fromJSON = function(json) { * Cookie to add. * @param {string=} restrictToHost * Perform test that ``newCookie``'s domain matches this. + * @param {string=} protocol + * The protocol of the caller. It can be `ftp:`, `http:` or `https:`. * * @throws {TypeError} * If ``name``, ``value``, or ``domain`` are not present and @@ -104,7 +106,10 @@ cookie.fromJSON = function(json) { * @throws {UnableToSetCookieError} * If an error occurred while trying to save the cookie. */ -cookie.add = function(newCookie, { restrictToHost = null } = {}) { +cookie.add = function( + newCookie, + { restrictToHost = null, protocol = null } = {} +) { assert.string(newCookie.name, "Cookie name must be string"); assert.string(newCookie.value, "Cookie value must be string"); @@ -168,6 +173,19 @@ cookie.add = function(newCookie, { restrictToHost = null } = {}) { } } + let schemeType = Ci.nsICookie.SCHEME_UNSET; + switch (protocol) { + case "http:": + schemeType = Ci.nsICookie.SCHEME_HTTP; + break; + case "https:": + schemeType = Ci.nsICookie.SCHEME_HTTPS; + break; + default: + // ftp: or any other protocol is supported by the cookie service. + break; + } + // remove port from domain, if present. // unfortunately this catches IPv6 addresses by mistake // TODO: Bug 814416 @@ -184,7 +202,8 @@ cookie.add = function(newCookie, { restrictToHost = null } = {}) { newCookie.session, newCookie.expiry, {} /* origin attributes */, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + schemeType ); } catch (e) { throw new UnableToSetCookieError(e); diff --git a/testing/marionette/driver.js b/testing/marionette/driver.js index d4e62e9a9cf0..f381bb51b7e0 100644 --- a/testing/marionette/driver.js +++ b/testing/marionette/driver.js @@ -2727,7 +2727,7 @@ GeckoDriver.prototype.addCookie = async function(cmd) { let newCookie = cookie.fromJSON(cmd.parameters.cookie); - cookie.add(newCookie, { restrictToHost: hostname }); + cookie.add(newCookie, { restrictToHost: hostname, protocol }); }; /** diff --git a/toolkit/components/cleardata/SiteDataTestUtils.jsm b/toolkit/components/cleardata/SiteDataTestUtils.jsm index 63ff47a6669d..57075ae435b2 100644 --- a/toolkit/components/cleardata/SiteDataTestUtils.jsm +++ b/toolkit/components/cleardata/SiteDataTestUtils.jsm @@ -100,7 +100,8 @@ var SiteDataTestUtils = { false, Date.now() + 24000 * 60 * 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_UNSET ); }, diff --git a/toolkit/components/cleardata/tests/unit/test_cookies.js b/toolkit/components/cleardata/tests/unit/test_cookies.js index 615bd7777ba5..773f2275c990 100644 --- a/toolkit/components/cleardata/tests/unit/test_cookies.js +++ b/toolkit/components/cleardata/tests/unit/test_cookies.js @@ -19,7 +19,8 @@ add_task(async function test_all_cookies() { false /* session */, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); @@ -48,7 +49,8 @@ add_task(async function test_range_cookies() { false /* session */, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); @@ -99,7 +101,8 @@ add_task(async function test_principal_cookies() { false /* session */, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); @@ -152,7 +155,8 @@ add_task(async function test_localfile_cookies() { false /* session */, expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); Assert.notEqual(Services.cookies.countCookiesFromHost(""), 0); diff --git a/toolkit/components/contextualidentity/tests/unit/test_corruptedFile.js b/toolkit/components/contextualidentity/tests/unit/test_corruptedFile.js index a8b646832583..99a3c341598b 100644 --- a/toolkit/components/contextualidentity/tests/unit/test_corruptedFile.js +++ b/toolkit/components/contextualidentity/tests/unit/test_corruptedFile.js @@ -37,7 +37,8 @@ function createCookie(userContextId) { COOKIE.isSession, COOKIE.expiry, { userContextId }, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); } diff --git a/toolkit/components/extensions/parent/ext-cookies.js b/toolkit/components/extensions/parent/ext-cookies.js index 51519720770c..6d513861947c 100644 --- a/toolkit/components/extensions/parent/ext-cookies.js +++ b/toolkit/components/extensions/parent/ext-cookies.js @@ -466,6 +466,15 @@ this.cookies = class extends ExtensionAPI { let sameSite = SAME_SITE_STATUSES.indexOf(details.sameSite); + let schemeType = Ci.nsICookie.SCHEME_UNSET; + if (uri.scheme === "https") { + schemeType = Ci.nsICookie.SCHEME_HTTPS; + } else if (uri.scheme === "http") { + schemeType = Ci.nsICookie.SCHEME_HTTP; + } else if (uri.scheme === "file") { + schemeType = Ci.nsICookie.SCHEME_FILE; + } + // The permission check may have modified the domain, so use // the new value instead. Services.cookies.add( @@ -478,7 +487,8 @@ this.cookies = class extends ExtensionAPI { isSession, expiry, originAttributes, - sameSite + sameSite, + schemeType ); return self.cookies.get(details); diff --git a/toolkit/components/extensions/test/mochitest/head_cookies.js b/toolkit/components/extensions/test/mochitest/head_cookies.js index 0859d79bc6b6..610c800c9436 100644 --- a/toolkit/components/extensions/test/mochitest/head_cookies.js +++ b/toolkit/components/extensions/test/mochitest/head_cookies.js @@ -131,7 +131,10 @@ async function testCookies(options) { false, options.expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + options.url.startsWith("https") + ? Ci.nsICookie.SCHEME_HTTPS + : Ci.nsICookie.SCHEME_HTTP ); // This will be modified by the background script. Services.cookies.add( @@ -144,7 +147,10 @@ async function testCookies(options) { false, options.expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + options.url.startsWith("https") + ? Ci.nsICookie.SCHEME_HTTPS + : Ci.nsICookie.SCHEME_HTTP ); // This will be deleted by the background script. Services.cookies.add( @@ -157,7 +163,10 @@ async function testCookies(options) { false, options.expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + options.url.startsWith("https") + ? Ci.nsICookie.SCHEME_HTTPS + : Ci.nsICookie.SCHEME_HTTP ); sendAsyncMessage("done"); }); @@ -185,7 +194,10 @@ async function testCookies(options) { false, options.expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + options.url.startsWith("https") + ? Ci.nsICookie.SCHEME_HTTPS + : Ci.nsICookie.SCHEME_HTTP ); Services.cookies.add( domain, @@ -197,7 +209,10 @@ async function testCookies(options) { false, options.expiry, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + options.url.startsWith("https") + ? Ci.nsICookie.SCHEME_HTTPS + : Ci.nsICookie.SCHEME_HTTP ); Services.cookies.remove(domain, "x", "/", {}); sendAsyncMessage("done"); diff --git a/toolkit/components/extensions/test/mochitest/test_ext_cookies_expiry.html b/toolkit/components/extensions/test/mochitest/test_ext_cookies_expiry.html index 8f5d90957a5a..fa118f527170 100644 --- a/toolkit/components/extensions/test/mochitest/test_ext_cookies_expiry.html +++ b/toolkit/components/extensions/test/mochitest/test_ext_cookies_expiry.html @@ -45,7 +45,7 @@ add_task(async function test_cookies_expiry() { let chromeScript = loadChromeScript(() => { const {sendAsyncMessage} = this; - Services.cookies.add(".example.com", "/", "first", "one", false, false, false, Date.now() / 1000 + 1, {}, Ci.nsICookie.SAMESITE_NONE); + Services.cookies.add(".example.com", "/", "first", "one", false, false, false, Date.now() / 1000 + 1, {}, Ci.nsICookie.SAMESITE_NONE, Ci.nsICookie.SCHEME_HTTP); sendAsyncMessage("done"); }); await chromeScript.promiseOneMessage("done"); @@ -56,7 +56,7 @@ add_task(async function test_cookies_expiry() { chromeScript = loadChromeScript(() => { const {sendAsyncMessage} = this; - Services.cookies.add(".example.com", "/", "first", "one-again", false, false, false, Date.now() / 1000 + 10, {}, Ci.nsICookie.SAMESITE_NONE); + Services.cookies.add(".example.com", "/", "first", "one-again", false, false, false, Date.now() / 1000 + 10, {}, Ci.nsICookie.SAMESITE_NONE, Ci.nsICookie.SCHEME_HTTP); sendAsyncMessage("done"); }); await chromeScript.promiseOneMessage("done"); diff --git a/toolkit/components/forgetaboutsite/test/unit/test_removeDataFromDomain.js b/toolkit/components/forgetaboutsite/test/unit/test_removeDataFromDomain.js index aba03cac6649..f77efbab10d4 100644 --- a/toolkit/components/forgetaboutsite/test/unit/test_removeDataFromDomain.js +++ b/toolkit/components/forgetaboutsite/test/unit/test_removeDataFromDomain.js @@ -60,7 +60,8 @@ function add_cookie(aDomain) { false, COOKIE_EXPIRY, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS ); check_cookie_exists(aDomain, true); } diff --git a/toolkit/mozapps/extensions/test/browser/browser_html_discover_view.js b/toolkit/mozapps/extensions/test/browser/browser_html_discover_view.js index def653090598..920ff479d747 100644 --- a/toolkit/mozapps/extensions/test/browser/browser_html_discover_view.js +++ b/toolkit/mozapps/extensions/test/browser/browser_html_discover_view.js @@ -696,7 +696,8 @@ add_task(async function discopane_no_cookies() { false, Date.now() / 1000 + 600, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); let win = await loadInitialView("discover"); let request = await requestPromise; diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_AddonRepository_langpacks.js b/toolkit/mozapps/extensions/test/xpcshell/test_AddonRepository_langpacks.js index 598675e0c8d4..e84ce4ea30c3 100644 --- a/toolkit/mozapps/extensions/test/xpcshell/test_AddonRepository_langpacks.js +++ b/toolkit/mozapps/extensions/test/xpcshell/test_AddonRepository_langpacks.js @@ -120,7 +120,8 @@ add_task(async function test_cookies() { false, expiration, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); await AddonRepository.getAvailableLangpacks(); diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_cookies.js b/toolkit/mozapps/extensions/test/xpcshell/test_cookies.js index 7a37c7367423..fc001bc701a4 100644 --- a/toolkit/mozapps/extensions/test/xpcshell/test_cookies.js +++ b/toolkit/mozapps/extensions/test/xpcshell/test_cookies.js @@ -62,7 +62,8 @@ add_task(async function test_cookies() { false, expiration, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); await promiseStartupManager(); diff --git a/toolkit/mozapps/extensions/test/xpinstall/browser_cookies2.js b/toolkit/mozapps/extensions/test/xpinstall/browser_cookies2.js index 172527b479d3..092e9a1ef100 100644 --- a/toolkit/mozapps/extensions/test/xpinstall/browser_cookies2.js +++ b/toolkit/mozapps/extensions/test/xpinstall/browser_cookies2.js @@ -17,7 +17,8 @@ function test() { true, Date.now() / 1000 + 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); PermissionTestUtils.add( diff --git a/toolkit/mozapps/extensions/test/xpinstall/browser_cookies3.js b/toolkit/mozapps/extensions/test/xpinstall/browser_cookies3.js index 6d1a5a39935b..abe2b58a49e1 100644 --- a/toolkit/mozapps/extensions/test/xpinstall/browser_cookies3.js +++ b/toolkit/mozapps/extensions/test/xpinstall/browser_cookies3.js @@ -17,7 +17,8 @@ function test() { true, Date.now() / 1000 + 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); PermissionTestUtils.add( diff --git a/toolkit/mozapps/extensions/test/xpinstall/browser_cookies4.js b/toolkit/mozapps/extensions/test/xpinstall/browser_cookies4.js index 34b7522e5909..927b1562eaf7 100644 --- a/toolkit/mozapps/extensions/test/xpinstall/browser_cookies4.js +++ b/toolkit/mozapps/extensions/test/xpinstall/browser_cookies4.js @@ -18,7 +18,8 @@ function test() { true, Date.now() / 1000 + 60, {}, - Ci.nsICookie.SAMESITE_NONE + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP ); PermissionTestUtils.add(