зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot
Differential Revision: https://phabricator.services.mozilla.com/D204074
This commit is contained in:
Родитель
f2699121eb
Коммит
cdfc28498b
|
@ -11797,6 +11797,11 @@
|
|||
value: false
|
||||
mirror: always
|
||||
|
||||
- name: network.cookie.sameSite.crossSiteIframeSetCheck
|
||||
type: bool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
- name: network.cookie.thirdparty.sessionOnly
|
||||
type: bool
|
||||
value: false
|
||||
|
|
|
@ -774,6 +774,18 @@ CookieService::SetCookieStringFromHttp(nsIURI* aHostURI,
|
|||
if (!addonAllowsLoad) {
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI,
|
||||
&isForeignAndNotAddon);
|
||||
|
||||
// include sub-document navigations from cross-site to same-site
|
||||
// wrt top-level in our check for thirdparty-ness
|
||||
if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() &&
|
||||
!isForeignAndNotAddon &&
|
||||
loadInfo->GetExternalContentPolicyType() ==
|
||||
ExtContentPolicy::TYPE_SUBDOCUMENT) {
|
||||
bool triggeringPrincipalIsThirdParty = false;
|
||||
BasePrincipal::Cast(loadInfo->TriggeringPrincipal())
|
||||
->IsThirdPartyURI(channelURI, &triggeringPrincipalIsThirdParty);
|
||||
isForeignAndNotAddon |= triggeringPrincipalIsThirdParty;
|
||||
}
|
||||
}
|
||||
|
||||
bool mustBePartitioned =
|
||||
|
|
|
@ -656,6 +656,18 @@ CookieServiceChild::SetCookieStringFromHttp(nsIURI* aHostURI,
|
|||
if (!addonAllowsLoad) {
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI,
|
||||
&isForeignAndNotAddon);
|
||||
|
||||
// include sub-document navigations from cross-site to same-site
|
||||
// wrt top-level in our check for thirdparty-ness
|
||||
if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() &&
|
||||
!isForeignAndNotAddon &&
|
||||
loadInfo->GetExternalContentPolicyType() ==
|
||||
ExtContentPolicy::TYPE_SUBDOCUMENT) {
|
||||
bool triggeringPrincipalIsThirdParty = false;
|
||||
BasePrincipal::Cast(loadInfo->TriggeringPrincipal())
|
||||
->IsThirdPartyURI(finalChannelURI, &triggeringPrincipalIsThirdParty);
|
||||
isForeignAndNotAddon |= triggeringPrincipalIsThirdParty;
|
||||
}
|
||||
}
|
||||
|
||||
bool mustBePartitioned =
|
||||
|
|
Загрузка…
Ссылка в новой задаче