Bug 1641459 - Do not expose sameSite=lax/strict cookies to cross-site documents - part 1 - implementation, r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D77208
2020-05-29 15:53:42 +00:00 · 2020-05-29 15:53:42 +00:00 · e9c61f5c0b
--- a/netwerk/cookie/CookieCommons.cpp
+++ b/netwerk/cookie/CookieCommons.cpp
@ -446,5 +446,15 @@ already_AddRefed<nsICookieJarSettings> CookieCommons::GetCookieJarSettings(
  return cookieJarSettings.forget();
 }

+// static
+bool CookieCommons::ShouldIncludeCrossSiteCookieForDocument(Cookie* aCookie) {
+  MOZ_ASSERT(aCookie);
+
+  int32_t sameSiteAttr = 0;
+  aCookie->GetSameSite(&sameSiteAttr);
+
+  return sameSiteAttr == nsICookie::SAMESITE_NONE;
+}
+
 }  // namespace net
 }  // namespace mozilla
--- a/netwerk/cookie/CookieCommons.h
+++ b/netwerk/cookie/CookieCommons.h
@ -10,6 +10,7 @@
 #include <functional>
 #include "prtime.h"
 #include "nsString.h"
+#include "nsICookie.h"

 class nsIChannel;
 class nsICookieJarSettings;
@ -105,6 +106,8 @@ class CookieCommons final {

  static already_AddRefed<nsICookieJarSettings> GetCookieJarSettings(
      nsIChannel* aChannel);
+
+  static bool ShouldIncludeCrossSiteCookieForDocument(Cookie* aCookie);
 };

 }  // namespace net
--- a/netwerk/cookie/CookieService.cpp
+++ b/netwerk/cookie/CookieService.cpp
@ -317,6 +317,14 @@ CookieService::GetCookieStringFromDocument(Document* aDocument,
  // if it isn't, then we can't send a secure cookie over the connection.
  bool potentiallyTurstworthy = principal->GetIsOriginPotentiallyTrustworthy();

+  nsPIDOMWindowInner* innerWindow = aDocument->GetInnerWindow();
+  if (NS_WARN_IF(!innerWindow)) {
+    return NS_OK;
+  }
+
+  bool thirdParty = nsContentUtils::IsThirdPartyWindowOrChannel(
+      innerWindow, nullptr, nullptr);
+
  bool stale = false;
  nsTArray<Cookie*> cookieList;

@ -333,6 +341,11 @@ CookieService::GetCookieStringFromDocument(Document* aDocument,
      continue;
    }

+    if (thirdParty &&
+        !CookieCommons::ShouldIncludeCrossSiteCookieForDocument(cookie)) {
+      continue;
+    }
+
    // if the cookie is secure and the host scheme isn't, we can't send it
    if (cookie->IsSecure() && !potentiallyTurstworthy) {
      continue;
--- a/netwerk/cookie/CookieServiceChild.cpp
+++ b/netwerk/cookie/CookieServiceChild.cpp
@ -351,6 +351,14 @@ CookieServiceChild::GetCookieStringFromDocument(Document* aDocument,
  nsAutoCString pathFromURI;
  principal->GetFilePath(pathFromURI);

+  nsPIDOMWindowInner* innerWindow = aDocument->GetInnerWindow();
+  if (NS_WARN_IF(!innerWindow)) {
+    return NS_OK;
+  }
+
+  bool thirdParty = nsContentUtils::IsThirdPartyWindowOrChannel(
+      innerWindow, nullptr, nullptr);
+
  bool isPotentiallyTrustworthy =
      principal->GetIsOriginPotentiallyTrustworthy();
  int64_t currentTimeInUsec = PR_Now();
@ -369,6 +377,11 @@ CookieServiceChild::GetCookieStringFromDocument(Document* aDocument,
      continue;
    }

+    if (thirdParty &&
+        !CookieCommons::ShouldIncludeCrossSiteCookieForDocument(cookie)) {
+      continue;
+    }
+
    // if the cookie is secure and the host scheme isn't, we can't send it
    if (cookie->IsSecure() && !isPotentiallyTrustworthy) {
      continue;