зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1774857 - Send (only) laxByDefault cookies on boomerang-redirects. r=dveditz
Differential Revision: https://phabricator.services.mozilla.com/D150253
This commit is contained in:
Родитель
b42049028c
Коммит
e0b9da0442
|
@ -10746,6 +10746,14 @@
|
|||
value: 120
|
||||
mirror: always
|
||||
|
||||
# For lax-by-default cookies ignore cross-site redirects when the final
|
||||
# redirect is same-site again.
|
||||
# https://github.com/httpwg/http-extensions/issues/2104
|
||||
- name: network.cookie.sameSite.laxByDefault.allowBoomerangRedirect
|
||||
type: bool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
- name: network.cookie.sameSite.noneRequiresSecure
|
||||
type: bool
|
||||
value: @IS_EARLY_BETA_OR_EARLIER@
|
||||
|
|
|
@ -610,7 +610,7 @@ bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI,
|
|||
rv = redirectPrincipal->IsThirdPartyChannel(aChannel, &isForeign);
|
||||
// if at any point we encounter a cross-origin redirect we can return.
|
||||
if (NS_FAILED(rv) || isForeign) {
|
||||
*aHadCrossSiteRedirects = true;
|
||||
*aHadCrossSiteRedirects = isForeign;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -1093,13 +1093,27 @@ void CookieService::GetCookiesForURI(
|
|||
}
|
||||
}
|
||||
|
||||
// Lax-by-default cookies are processed even with an intermediate
|
||||
// cross-site redirect (they are treated like aIsSameSiteForeign = false).
|
||||
//
|
||||
// This is outside of ProcessSameSiteCookieForForeignRequest to still
|
||||
// collect the same telemetry.
|
||||
if (blockCookie && aHadCrossSiteRedirects &&
|
||||
cookie->IsDefaultSameSite() &&
|
||||
StaticPrefs::
|
||||
network_cookie_sameSite_laxByDefault_allowBoomerangRedirect()) {
|
||||
blockCookie = false;
|
||||
}
|
||||
|
||||
if (blockCookie) {
|
||||
CookieLogging::LogMessageToConsole(
|
||||
crc, aHostURI, nsIScriptError::warningFlag,
|
||||
CONSOLE_REJECTION_CATEGORY, "CookieBlockedCrossSiteRedirect"_ns,
|
||||
AutoTArray<nsString, 1>{
|
||||
NS_ConvertUTF8toUTF16(cookie->Name()),
|
||||
});
|
||||
if (aHadCrossSiteRedirects) {
|
||||
CookieLogging::LogMessageToConsole(
|
||||
crc, aHostURI, nsIScriptError::warningFlag,
|
||||
CONSOLE_REJECTION_CATEGORY, "CookieBlockedCrossSiteRedirect"_ns,
|
||||
AutoTArray<nsString, 1>{
|
||||
NS_ConvertUTF8toUTF16(cookie->Name()),
|
||||
});
|
||||
}
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,2 +1,8 @@
|
|||
[fetch.https.html]
|
||||
prefs: [network.cookie.sameSite.laxByDefault:true, network.cookie.sameSite.noneRequiresSecure:true]
|
||||
|
||||
[Cross-site redirecting to same-host fetches are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to subdomain fetches are cross-site]
|
||||
expected: FAIL
|
||||
|
|
|
@ -3,3 +3,9 @@
|
|||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
if (os == "mac") and not debug: [OK, TIMEOUT]
|
||||
[Cross-site redirecting to same-host top-level form POSTs are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to subdomain top-level form POSTs are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -2,3 +2,9 @@
|
|||
prefs: [network.cookie.sameSite.laxByDefault:true, network.cookie.sameSite.noneRequiresSecure:true]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Cross-site redirecting to same-host fetches are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to subdomain fetches are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -3,3 +3,9 @@
|
|||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
if (os == "mac") and not debug: [OK, TIMEOUT]
|
||||
[Cross-site redirecting to same-host images are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to subdomain images are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -3,3 +3,9 @@
|
|||
expected:
|
||||
if (os == "mac") and not debug: [OK, TIMEOUT]
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Cross-site redirecting to same-host images are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to subdomain images are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче