Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 13 - Cookies, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D21696 --HG-- extra : moz-landing-system : lando
2019-03-08 09:04:34 +00:00 · 2019-03-08 09:04:34 +00:00 · a78d942c6b
--- a/netwerk/cookie/CookieServiceChild.cpp
+++ b/netwerk/cookie/CookieServiceChild.cpp
@ -27,6 +27,7 @@
 #include "nsServiceManagerUtils.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/TimeStamp.h"
+#include "ThirdPartyUtil.h"

 using namespace mozilla::ipc;
 using mozilla::OriginAttributes;
@ -35,7 +36,6 @@ namespace mozilla {
 namespace net {

 // Pref string constants
-static const char kPrefCookieBehavior[] = "network.cookie.cookieBehavior";
 static const char kPrefThirdPartySession[] =
    "network.cookie.thirdparty.sessionOnly";
 static const char kPrefThirdPartyNonsecureSession[] =
@ -59,8 +59,7 @@ NS_IMPL_ISUPPORTS(CookieServiceChild, nsICookieService, nsIObserver,
                  nsITimerCallback, nsISupportsWeakReference)

 CookieServiceChild::CookieServiceChild()
-    : mCookieBehavior(nsICookieService::BEHAVIOR_ACCEPT),
-      mThirdPartySession(false),
+    : mThirdPartySession(false),
      mThirdPartyNonsecureSession(false),
      mIPCOpen(false) {
  NS_ASSERTION(IsNeckoChild(), "not a child process");
@ -81,6 +80,9 @@ CookieServiceChild::CookieServiceChild()

  mIPCOpen = true;

+  mThirdPartyUtil = ThirdPartyUtil::GetInstance();
+  NS_ASSERTION(mThirdPartyUtil, "couldn't get ThirdPartyUtil service");
+
  mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
  NS_ASSERTION(mTLDService, "couldn't get TLDService");

@ -88,7 +90,6 @@ CookieServiceChild::CookieServiceChild()
  nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
  NS_WARNING_ASSERTION(prefBranch, "no prefservice");
  if (prefBranch) {
-    prefBranch->AddObserver(kPrefCookieBehavior, this, true);
    prefBranch->AddObserver(kPrefThirdPartySession, this, true);
    prefBranch->AddObserver(kPrefThirdPartyNonsecureSession, this, true);
    prefBranch->AddObserver(kCookieMoveIntervalSecs, this, true);
@ -148,7 +149,8 @@ void CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel) {
  bool firstPartyStorageAccessGranted = false;
  nsCOMPtr<nsIURI> uri;
  aChannel->GetURI(getter_AddRefs(uri));
-  if (RequireThirdPartyCheck()) {
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+  if (RequireThirdPartyCheck(loadInfo)) {
    mThirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
  }
  nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
@ -172,7 +174,6 @@ void CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel) {
          rejectedReason);
    }
  }
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
  mozilla::OriginAttributes attrs = loadInfo->GetOriginAttributes();
  URIParams uriParams;
  SerializeURI(uri, uriParams);
@ -252,13 +253,6 @@ mozilla::ipc::IPCResult CookieServiceChild::RecvTrackCookiesLoad(
 }

 void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
-  int32_t val;
-  if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookieBehavior, &val)))
-    mCookieBehavior = val >= nsICookieService::BEHAVIOR_ACCEPT &&
-                              val <= nsICookieService::BEHAVIOR_LAST
-                          ? val
-                          : nsICookieService::BEHAVIOR_ACCEPT;
-
  bool boolval;
  if (NS_SUCCEEDED(aPrefBranch->GetBoolPref(kPrefThirdPartySession, &boolval)))
    mThirdPartySession = !!boolval;
@ -267,11 +261,7 @@ void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
          aPrefBranch->GetBoolPref(kPrefThirdPartyNonsecureSession, &boolval)))
    mThirdPartyNonsecureSession = boolval;

-  if (!mThirdPartyUtil && RequireThirdPartyCheck()) {
-    mThirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-    NS_ASSERTION(mThirdPartyUtil, "require ThirdPartyUtil service");
-  }
-
+  int32_t val;
  if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kCookieMoveIntervalSecs, &val))) {
    gMoveCookiesIntervalSeconds = clamped<uint32_t>(val, 0, 3600);
    if (gMoveCookiesIntervalSeconds && !mCookieTimer) {
@ -292,16 +282,23 @@ void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
 void CookieServiceChild::GetCookieStringFromCookieHashTable(
    nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
    bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav,
-    bool aIsSameSiteForeign, const OriginAttributes &aOriginAttrs,
-    nsCString &aCookieString) {
+    bool aIsSameSiteForeign, nsIChannel *aChannel, nsCString &aCookieString) {
  nsCOMPtr<nsIEffectiveTLDService> TLDService =
      do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
  NS_ASSERTION(TLDService, "Can't get TLDService");
  bool requireHostMatch;
  nsAutoCString baseDomain;
+
+  nsCOMPtr<nsILoadInfo> loadInfo;
+  mozilla::OriginAttributes attrs;
+  if (aChannel) {
+    loadInfo = aChannel->LoadInfo();
+    attrs = loadInfo->GetOriginAttributes();
+  }
+
  nsCookieService::GetBaseDomain(TLDService, aHostURI, baseDomain,
                                 requireHostMatch);
-  nsCookieKey key(baseDomain, aOriginAttrs);
+  nsCookieKey key(baseDomain, attrs);
  CookiesList *cookiesList = nullptr;
  mCookiesMap.Get(key, &cookiesList);

@ -317,14 +314,13 @@ void CookieServiceChild::GetCookieStringFromCookieHashTable(
  int64_t currentTimeInUsec = PR_Now();
  int64_t currentTime = currentTimeInUsec / PR_USEC_PER_SEC;

-  nsCOMPtr<nsICookiePermission> permissionService =
-      nsCookiePermission::GetOrCreate();
+  nsCOMPtr<nsICookieSettings> cookieSettings =
+      nsCookieService::GetCookieSettings(aChannel);
+
  CookieStatus cookieStatus = nsCookieService::CheckPrefs(
-      permissionService, mCookieBehavior, mThirdPartySession,
-      mThirdPartyNonsecureSession, aHostURI, aIsForeign, aIsTrackingResource,
-      aFirstPartyStorageAccessGranted, nullptr,
-      CountCookiesFromHashTable(baseDomain, aOriginAttrs), aOriginAttrs,
-      nullptr);
+      cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
+      aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
+      CountCookiesFromHashTable(baseDomain, attrs), attrs, nullptr);

  if (cookieStatus != STATUS_ACCEPTED &&
      cookieStatus != STATUS_ACCEPT_SESSION) {
@ -409,10 +405,17 @@ void CookieServiceChild::SetCookieInternal(
  RecordDocumentCookie(cookie, aAttrs);
 }

-bool CookieServiceChild::RequireThirdPartyCheck() {
-  return mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
-         mCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN ||
-         mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
+bool CookieServiceChild::RequireThirdPartyCheck(nsILoadInfo *aLoadInfo) {
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return false;
+  }
+
+  uint32_t cookieBehavior = cookieSettings->GetCookieBehavior();
+  return cookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
+         cookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN ||
+         cookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
         mThirdPartySession || mThirdPartyNonsecureSession;
 }

@ -470,17 +473,12 @@ nsresult CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
  aHostURI->GetScheme(scheme);
  if (scheme.EqualsLiteral("moz-nullprincipal")) return NS_OK;

-  nsCOMPtr<nsILoadInfo> loadInfo;
-  mozilla::OriginAttributes attrs;
-  if (aChannel) {
-    loadInfo = aChannel->LoadInfo();
-    attrs = loadInfo->GetOriginAttributes();
-  }
-
  // Asynchronously call the parent.
  bool isForeign = true;
-  if (RequireThirdPartyCheck())
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
+  if (RequireThirdPartyCheck(loadInfo)) {
    mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
+  }

  bool isTrackingResource = false;
  bool firstPartyStorageAccessGranted = false;
@ -502,7 +500,7 @@ nsresult CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
  nsAutoCString result;
  GetCookieStringFromCookieHashTable(
      aHostURI, isForeign, isTrackingResource, firstPartyStorageAccessGranted,
-      isSafeTopLevelNav, isSameSiteForeign, attrs, result);
+      isSafeTopLevelNav, isSameSiteForeign, aChannel, result);

  if (!result.IsEmpty()) *aCookieString = ToNewCString(result);

@ -525,8 +523,10 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,

  // Determine whether the request is foreign. Failure is acceptable.
  bool isForeign = true;
-  if (RequireThirdPartyCheck())
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
+  if (RequireThirdPartyCheck(loadInfo)) {
    mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
+  }

  bool isTrackingResource = false;
  bool firstPartyStorageAccessGranted = false;
@ -556,17 +556,21 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
    aChannel->GetURI(getter_AddRefs(channelURI));
    SerializeURI(channelURI, channelURIParams);

-    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+    MOZ_ASSERT(loadInfo);
    attrs = loadInfo->GetOriginAttributes();
  } else {
    SerializeURI(nullptr, channelURIParams);
  }

+  Maybe<LoadInfoArgs> optionalLoadInfoArgs;
+  LoadInfoToLoadInfoArgs(loadInfo, &optionalLoadInfoArgs);
+
  // Asynchronously call the parent.
  if (mIPCOpen) {
-    SendSetCookieString(hostURIParams, channelURIParams, isForeign,
-                        isTrackingResource, firstPartyStorageAccessGranted,
-                        cookieString, stringServerTime, attrs, aFromHttp);
+    SendSetCookieString(hostURIParams, channelURIParams, optionalLoadInfoArgs,
+                        isForeign, isTrackingResource,
+                        firstPartyStorageAccessGranted, cookieString,
+                        stringServerTime, aFromHttp);
  }

  bool requireHostMatch;
@ -574,14 +578,14 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
  nsCookieService::GetBaseDomain(mTLDService, aHostURI, baseDomain,
                                 requireHostMatch);

-  nsCOMPtr<nsICookiePermission> permissionService =
-      nsCookiePermission::GetOrCreate();
+  nsCOMPtr<nsICookieSettings> cookieSettings =
+      nsCookieService::GetCookieSettings(aChannel);

  CookieStatus cookieStatus = nsCookieService::CheckPrefs(
-      permissionService, mCookieBehavior, mThirdPartySession,
-      mThirdPartyNonsecureSession, aHostURI, isForeign, isTrackingResource,
-      firstPartyStorageAccessGranted, aCookieString,
-      CountCookiesFromHashTable(baseDomain, attrs), attrs, nullptr);
+      cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
+      isForeign, isTrackingResource, firstPartyStorageAccessGranted,
+      aCookieString, CountCookiesFromHashTable(baseDomain, attrs), attrs,
+      nullptr);

  if (cookieStatus != STATUS_ACCEPTED &&
      cookieStatus != STATUS_ACCEPT_SESSION) {
@ -620,6 +624,8 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
    }

    if (canSetCookie) {
+      nsCOMPtr<nsICookiePermission> permissionService =
+          nsCookiePermission::GetOrCreate();
      SetCookieInternal(cookieAttributes, attrs, aChannel, aFromHttp,
                        permissionService);
    }
--- a/netwerk/cookie/CookieServiceChild.h
+++ b/netwerk/cookie/CookieServiceChild.h
@ -19,6 +19,7 @@
 class nsCookie;
 class nsICookiePermission;
 class nsIEffectiveTLDService;
+class nsILoadInfo;

 struct nsCookieAttributes;

@ -60,13 +61,10 @@ class CookieServiceChild : public PCookieServiceChild,
  nsresult GetCookieStringInternal(nsIURI *aHostURI, nsIChannel *aChannel,
                                   char **aCookieString);

-  void GetCookieStringFromCookieHashTable(nsIURI *aHostURI, bool aIsForeign,
-                                          bool aIsTrackingResource,
-                                          bool aFirstPartyStorageAccessGranted,
-                                          bool aIsSafeTopLevelNav,
-                                          bool aIsSameSiteForeign,
-                                          const OriginAttributes &aAttrs,
-                                          nsCString &aCookieString);
+  void GetCookieStringFromCookieHashTable(
+      nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
+      bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav,
+      bool aIsSameSiteForeign, nsIChannel *aChannel, nsCString &aCookieString);

  nsresult SetCookieStringInternal(nsIURI *aHostURI, nsIChannel *aChannel,
                                   const char *aCookieString,
@ -84,7 +82,7 @@ class CookieServiceChild : public PCookieServiceChild,

  void PrefChanged(nsIPrefBranch *aPrefBranch);

-  bool RequireThirdPartyCheck();
+  bool RequireThirdPartyCheck(nsILoadInfo *aLoadInfo);

  mozilla::ipc::IPCResult RecvTrackCookiesLoad(
      nsTArray<CookieStruct> &&aCookiesList, const OriginAttributes &aAttrs);
@ -107,7 +105,6 @@ class CookieServiceChild : public PCookieServiceChild,
  nsCOMPtr<nsITimer> mCookieTimer;
  nsCOMPtr<mozIThirdPartyUtil> mThirdPartyUtil;
  nsCOMPtr<nsIEffectiveTLDService> mTLDService;
-  uint8_t mCookieBehavior;
  bool mThirdPartySession;
  bool mThirdPartyNonsecureSession;
  bool mIPCOpen;
--- a/netwerk/cookie/CookieServiceParent.cpp
+++ b/netwerk/cookie/CookieServiceParent.cpp
@ -28,28 +28,17 @@ namespace {

 // Ignore failures from this function, as they only affect whether we do or
 // don't show a dialog box in private browsing mode if the user sets a pref.
-void CreateDummyChannel(nsIURI *aHostURI, nsIURI *aChannelURI,
-                        OriginAttributes &aAttrs, nsIChannel **aChannel) {
-  nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(aHostURI, aAttrs);
-  if (!principal) {
-    return;
-  }
-
-  // The following channel is never openend, so it does not matter what
-  // securityFlags we pass; let's follow the principle of least privilege.
+nsresult CreateDummyChannel(nsIURI *aHostURI, nsILoadInfo *aLoadInfo,
+                            nsIChannel **aChannel) {
  nsCOMPtr<nsIChannel> dummyChannel;
-  NS_NewChannel(getter_AddRefs(dummyChannel), aChannelURI, principal,
-                nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
-                nsIContentPolicy::TYPE_INVALID);
-  nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel =
-      do_QueryInterface(dummyChannel);
-  if (!pbChannel) {
-    return;
+  nsresult rv =
+      NS_NewChannelInternal(getter_AddRefs(dummyChannel), aHostURI, aLoadInfo);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
  }

-  pbChannel->SetPrivate(aAttrs.mPrivateBrowsingId > 0);
  dummyChannel.forget(aChannel);
+  return NS_OK;
 }

 }  // namespace
@ -216,10 +205,10 @@ void CookieServiceParent::ActorDestroy(ActorDestroyReason aWhy) {

 mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
    const URIParams &aHost, const Maybe<URIParams> &aChannelURI,
-    const bool &aIsForeign, const bool &aIsTrackingResource,
+    const Maybe<LoadInfoArgs> &aLoadInfoArgs, const bool &aIsForeign,
+    const bool &aIsTrackingResource,
    const bool &aFirstPartyStorageAccessGranted, const nsCString &aCookieString,
-    const nsCString &aServerTime, const OriginAttributes &aAttrs,
-    const bool &aFromHttp) {
+    const nsCString &aServerTime, const bool &aFromHttp) {
  if (!mCookieService) return IPC_OK();

  // Deserialize URI. Having a host URI is mandatory and should always be
@ -229,6 +218,10 @@ mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(

  nsCOMPtr<nsIURI> channelURI = DeserializeURI(aChannelURI);

+  nsCOMPtr<nsILoadInfo> loadInfo;
+  Unused << NS_WARN_IF(NS_FAILED(
+      LoadInfoArgsToLoadInfo(aLoadInfoArgs, getter_AddRefs(loadInfo))));
+
  // This is a gross hack. We've already computed everything we need to know
  // for whether to set this cookie or not, but we need to communicate all of
  // this information through to nsICookiePermission, which indirectly
@ -237,19 +230,27 @@ mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
  // with aIsForeign before we have to worry about nsCookiePermission trying
  // to use the channel to inspect it.
  nsCOMPtr<nsIChannel> dummyChannel;
-  CreateDummyChannel(hostURI, channelURI,
-                     const_cast<OriginAttributes &>(aAttrs),
-                     getter_AddRefs(dummyChannel));
+  nsresult rv =
+      CreateDummyChannel(channelURI, loadInfo, getter_AddRefs(dummyChannel));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    // No reason to kill the content process.
+    return IPC_OK();
+  }

  // NB: dummyChannel could be null if something failed in CreateDummyChannel.
  nsDependentCString cookieString(aCookieString, 0);

+  OriginAttributes attrs;
+  if (loadInfo) {
+    attrs = loadInfo->GetOriginAttributes();
+  }
+
  // We set this to true while processing this cookie update, to make sure
  // we don't send it back to the same content process.
  mProcessingCookie = true;
  mCookieService->SetCookieStringInternal(
      hostURI, aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted,
-      cookieString, aServerTime, aFromHttp, aAttrs, dummyChannel);
+      cookieString, aServerTime, aFromHttp, attrs, dummyChannel);
  mProcessingCookie = false;
  return IPC_OK();
 }
--- a/netwerk/cookie/CookieServiceParent.h
+++ b/netwerk/cookie/CookieServiceParent.h
@ -46,10 +46,12 @@ class CookieServiceParent : public PCookieServiceParent {

  mozilla::ipc::IPCResult RecvSetCookieString(
      const URIParams &aHost, const Maybe<URIParams> &aChannelURI,
-      const bool &aIsForeign, const bool &aIsTrackingResource,
+      const Maybe<LoadInfoArgs> &aLoadInfoArgs, const bool &aIsForeign,
+      const bool &aIsTrackingResource,
      const bool &aFirstPartyStorageAccessGranted,
      const nsCString &aCookieString, const nsCString &aServerTime,
-      const OriginAttributes &aAttrs, const bool &aFromHttp);
+      const bool &aFromHttp);
+
  mozilla::ipc::IPCResult RecvPrepareCookieList(
      const URIParams &aHost, const bool &aIsForeign,
      const bool &aIsTackingResource,
--- a/netwerk/cookie/PCookieService.ipdl
+++ b/netwerk/cookie/PCookieService.ipdl
@ -40,6 +40,8 @@ parent:
   *        Same as the 'aURI' argument to nsICookieService.setCookieString.
   * @param channelURI
   *        The URI of the request.
+   * @param loadInfoArgs
+   *        The optional serialization of nsILoadInfo.
   * @param isForeign
   *        True if the the request is third party, for purposes of allowing
   *        access to cookies. This should be obtained from
@ -62,9 +64,6 @@ parent:
   *        Whether the result is for an HTTP request header. This should be
   *        true for nsICookieService.setCookieStringFromHttp calls, false
   *        otherwise.
-   * @param attrs
-   *        The origin attributes from the HTTP channel or document that the
-   *        cookie is being set on.
   *
   * @see nsICookieService.setCookieString
   * @see nsICookieService.setCookieStringFromHttp
@ -72,12 +71,12 @@ parent:
   */
  nested(inside_cpow) async SetCookieString(URIParams host,
                                            URIParams? channelURI,
+                                            LoadInfoArgs? loadInfoArgs,
                                            bool isForeign,
                                            bool isTrackingResource,
                                            bool firstPartyStorageAccessGranted,
                                            nsCString cookieString,
                                            nsCString serverTime,
-                                            OriginAttributes attrs,
                                            bool aFromHttp);

  async PrepareCookieList(URIParams host,
--- a/netwerk/cookie/moz.build
+++ b/netwerk/cookie/moz.build
@ -37,6 +37,7 @@ if CONFIG['NECKO_COOKIES']:
        'nsCookieService.cpp',
    ]
    LOCAL_INCLUDES += [
+        '/dom/base',
        '/extensions/cookie',
        '/intl/uconv',
    ]
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@ -12,6 +12,7 @@
 #include "mozilla/Printf.h"
 #include "mozilla/Unused.h"

+#include "mozilla/net/CookieSettings.h"
 #include "mozilla/net/CookieServiceChild.h"
 #include "mozilla/net/NeckoCommon.h"

@ -125,7 +126,6 @@ static const uint32_t kMaxBytesPerCookie = 4096;
 static const uint32_t kMaxBytesPerPath = 1024;

 // pref string constants
-static const char kPrefCookieBehavior[] = "network.cookie.cookieBehavior";
 static const char kPrefMaxNumberOfCookies[] = "network.cookie.maxNumber";
 static const char kPrefMaxCookiesPerHost[] = "network.cookie.maxPerHost";
 static const char kPrefCookieQuotaPerHost[] = "network.cookie.quotaPerHost";
@ -586,7 +586,6 @@ NS_IMPL_ISUPPORTS(nsCookieService, nsICookieService, nsICookieManager,

 nsCookieService::nsCookieService()
    : mDBState(nullptr),
-      mCookieBehavior(nsICookieService::BEHAVIOR_ACCEPT),
      mThirdPartySession(false),
      mThirdPartyNonsecureSession(false),
      mMaxNumberOfCookies(kMaxNumberOfCookies),
@ -612,7 +611,6 @@ nsresult nsCookieService::Init() {
  // init our pref and observer
  nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
  if (prefBranch) {
-    prefBranch->AddObserver(kPrefCookieBehavior, this, true);
    prefBranch->AddObserver(kPrefMaxNumberOfCookies, this, true);
    prefBranch->AddObserver(kPrefMaxCookiesPerHost, this, true);
    prefBranch->AddObserver(kPrefCookiePurgeAge, this, true);
@ -2005,6 +2003,24 @@ nsresult nsCookieService::GetCookieStringCommon(nsIURI *aHostURI,
  return NS_OK;
 }

+// static
+already_AddRefed<nsICookieSettings> nsCookieService::GetCookieSettings(
+    nsIChannel *aChannel) {
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  if (aChannel) {
+    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+    nsresult rv = loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      cookieSettings = CookieSettings::CreateBlockingAll();
+    }
+  } else {
+    cookieSettings = CookieSettings::Create();
+  }
+
+  MOZ_ASSERT(cookieSettings);
+  return cookieSettings.forget();
+}
+
 NS_IMETHODIMP
 nsCookieService::SetCookieString(nsIURI *aHostURI, nsIPrompt *aPrompt,
                                 const char *aCookieHeader,
@ -2138,6 +2154,7 @@ void nsCookieService::SetCookieStringInternal(
  }

  nsCookieKey key(baseDomain, aOriginAttrs);
+  nsCOMPtr<nsICookieSettings> cookieSettings = GetCookieSettings(aChannel);

  // check default prefs
  uint32_t priorCookieCount = 0;
@ -2146,10 +2163,9 @@ void nsCookieService::SetCookieStringInternal(
  aHostURI->GetHost(hostFromURI);
  CountCookiesFromHost(hostFromURI, &priorCookieCount);
  CookieStatus cookieStatus = CheckPrefs(
-      mPermissionService, mCookieBehavior, mThirdPartySession,
-      mThirdPartyNonsecureSession, aHostURI, aIsForeign, aIsTrackingResource,
-      aFirstPartyStorageAccessGranted, aCookieHeader.get(), priorCookieCount,
-      aOriginAttrs, &rejectedReason);
+      cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
+      aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted,
+      aCookieHeader.get(), priorCookieCount, aOriginAttrs, &rejectedReason);

  MOZ_ASSERT_IF(rejectedReason, cookieStatus == STATUS_REJECTED);

@ -2360,10 +2376,6 @@ nsCookieService::RunInTransaction(nsICookieTransactionCallback *aCallback) {

 void nsCookieService::PrefChanged(nsIPrefBranch *aPrefBranch) {
  int32_t val;
-  if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookieBehavior, &val)))
-    mCookieBehavior =
-        (uint8_t)LIMIT(val, 0, nsICookieService::BEHAVIOR_LAST, 0);
-
  if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefMaxNumberOfCookies, &val)))
    mMaxNumberOfCookies = (uint16_t)LIMIT(val, 1, 0xFFFF, kMaxNumberOfCookies);

@ -3038,15 +3050,16 @@ void nsCookieService::GetCookiesForURI(
    return;
  }

+  nsCOMPtr<nsICookieSettings> cookieSettings = GetCookieSettings(aChannel);
+
  // check default prefs
  uint32_t rejectedReason = 0;
  uint32_t priorCookieCount = 0;
  CountCookiesFromHost(hostFromURI, &priorCookieCount);
-  CookieStatus cookieStatus =
-      CheckPrefs(mPermissionService, mCookieBehavior, mThirdPartySession,
-                 mThirdPartyNonsecureSession, aHostURI, aIsForeign,
-                 aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
-                 priorCookieCount, aOriginAttrs, &rejectedReason);
+  CookieStatus cookieStatus = CheckPrefs(
+      cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
+      aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
+      priorCookieCount, aOriginAttrs, &rejectedReason);

  MOZ_ASSERT_IF(rejectedReason, cookieStatus == STATUS_REJECTED);

@ -3969,12 +3982,11 @@ static inline bool IsSubdomainOf(const nsCString &a, const nsCString &b) {
 }

 CookieStatus nsCookieService::CheckPrefs(
-    nsICookiePermission *aPermissionService, uint8_t aCookieBehavior,
-    bool aThirdPartySession, bool aThirdPartyNonsecureSession, nsIURI *aHostURI,
-    bool aIsForeign, bool aIsTrackingResource,
-    bool aFirstPartyStorageAccessGranted, const char *aCookieHeader,
-    const int aNumOfCookies, const OriginAttributes &aOriginAttrs,
-    uint32_t *aRejectedReason) {
+    nsICookieSettings *aCookieSettings, bool aThirdPartySession,
+    bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign,
+    bool aIsTrackingResource, bool aFirstPartyStorageAccessGranted,
+    const char *aCookieHeader, const int aNumOfCookies,
+    const OriginAttributes &aOriginAttrs, uint32_t *aRejectedReason) {
  nsresult rv;

  // Let's use a internal value in order to avoid a null check on
@ -4006,25 +4018,19 @@ CookieStatus nsCookieService::CheckPrefs(

  // check the permission list first; if we find an entry, it overrides
  // default prefs. see bug 184059.
-  if (aPermissionService) {
-    nsCookieAccess access;
-    // Not passing an nsIChannel here is probably OK; our implementation
-    // doesn't do anything with it anyway.
-    rv = aPermissionService->CanAccess(principal, &access);
+  uint32_t cookiePermission = nsICookiePermission::ACCESS_DEFAULT;
+  rv = aCookieSettings->CookiePermission(principal, &cookiePermission);
+  if (NS_SUCCEEDED(rv)) {
+    switch (cookiePermission) {
+      case nsICookiePermission::ACCESS_DENY:
+        COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
+                          aCookieHeader, "cookies are blocked for this site");
+        *aRejectedReason =
+            nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
+        return STATUS_REJECTED;

-    // if we found an entry, use it
-    if (NS_SUCCEEDED(rv)) {
-      switch (access) {
-        case nsICookiePermission::ACCESS_DENY:
-          COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
-                            aCookieHeader, "cookies are blocked for this site");
-          *aRejectedReason =
-              nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
-          return STATUS_REJECTED;
-
-        case nsICookiePermission::ACCESS_ALLOW:
-          return STATUS_ACCEPTED;
-      }
+      case nsICookiePermission::ACCESS_ALLOW:
+        return STATUS_ACCEPTED;
    }
  }

@ -4032,7 +4038,8 @@ CookieStatus nsCookieService::CheckPrefs(
  // context, when anti-tracking protection is enabled and when we don't have
  // access to the first-party cookie jar.
  if (aIsForeign && aIsTrackingResource && !aFirstPartyStorageAccessGranted &&
-      aCookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+      aCookieSettings->GetCookieBehavior() ==
+          nsICookieService::BEHAVIOR_REJECT_TRACKER) {
    COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                      aCookieHeader, "cookies are disabled in trackers");
    *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER;
@ -4043,7 +4050,8 @@ CookieStatus nsCookieService::CheckPrefs(
  // Check aFirstPartyStorageAccessGranted when checking aCookieBehavior
  // so that we take things such as the content blocking allow list into
  // account.
-  if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT &&
+  if (aCookieSettings->GetCookieBehavior() ==
+          nsICookieService::BEHAVIOR_REJECT &&
      !aFirstPartyStorageAccessGranted) {
    COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                      aCookieHeader, "cookies are disabled");
@ -4053,7 +4061,8 @@ CookieStatus nsCookieService::CheckPrefs(

  // check if cookie is foreign
  if (aIsForeign) {
-    if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN &&
+    if (aCookieSettings->GetCookieBehavior() ==
+            nsICookieService::BEHAVIOR_REJECT_FOREIGN &&
        !aFirstPartyStorageAccessGranted) {
      COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                        aCookieHeader, "context is third party");
@ -4061,7 +4070,8 @@ CookieStatus nsCookieService::CheckPrefs(
      return STATUS_REJECTED;
    }

-    if (aCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN &&
+    if (aCookieSettings->GetCookieBehavior() ==
+            nsICookieService::BEHAVIOR_LIMIT_FOREIGN &&
        !aFirstPartyStorageAccessGranted && aNumOfCookies == 0) {
      COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                        aCookieHeader, "context is third party");
--- a/netwerk/cookie/nsCookieService.h
+++ b/netwerk/cookie/nsCookieService.h
@ -8,6 +8,7 @@

 #include "nsICookieService.h"
 #include "nsICookieManager.h"
+#include "nsICookiePermission.h"
 #include "nsIObserver.h"
 #include "nsWeakReference.h"

@ -38,6 +39,7 @@
 using mozilla::OriginAttributes;

 class nsICookiePermission;
+class nsICookieSettings;
 class nsIEffectiveTLDService;
 class nsIIDNService;
 class nsIPrefBranch;
@ -258,13 +260,16 @@ class nsCookieService final : public nsICookieService,
                           nsIChannel *aChannel, bool &aSetCookie,
                           mozIThirdPartyUtil *aThirdPartyUtil);
  static CookieStatus CheckPrefs(
-      nsICookiePermission *aPermissionServices, uint8_t aCookieBehavior,
-      bool aThirdPartySession, bool aThirdPartyNonsecureSession,
-      nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
-      bool aIsFirstPartyStorageAccessGranted, const char *aCookieHeader,
-      const int aNumOfCookies, const OriginAttributes &aOriginAttrs,
-      uint32_t *aRejectedReason);
+      nsICookieSettings *aCookieSettings, bool aThirdPartySession,
+      bool aThirdPartyNonsecureSession, nsIURI *aHostURI, bool aIsForeign,
+      bool aIsTrackingResource, bool aIsFirstPartyStorageAccessGranted,
+      const char *aCookieHeader, const int aNumOfCookies,
+      const OriginAttributes &aOriginAttrs, uint32_t *aRejectedReason);
  static int64_t ParseServerTime(const nsCString &aServerTime);
+
+  static already_AddRefed<nsICookieSettings> GetCookieSettings(
+      nsIChannel *aChannel);
+
  void GetCookiesForURI(nsIURI *aHostURI, nsIChannel *aChannel, bool aIsForeign,
                        bool aIsTrackingResource,
                        bool aFirstPartyStorageAccessGranted,
@ -398,9 +403,6 @@ class nsCookieService final : public nsICookieService,
  RefPtr<DBState> mDefaultDBState;
  RefPtr<DBState> mPrivateDBState;

-  // cached prefs
-  uint8_t mCookieBehavior;  // BEHAVIOR_{ACCEPT, REJECTFOREIGN, REJECT,
-                            // LIMITFOREIGN}
  bool mThirdPartySession;
  bool mThirdPartyNonsecureSession;
  uint16_t mMaxNumberOfCookies;