Bug 1744945: Add scheme checks to CookieCommons::IsSameSiteForeign for "Schemeful SameSite". r=ckerschb,valentin

Differential Revision: https://phabricator.services.mozilla.com/D133118
2021-12-09 19:42:52 +00:00 · 2021-12-09 19:42:52 +00:00 · fc487efbb8
--- a/netwerk/cookie/CookieCommons.cpp
+++ b/netwerk/cookie/CookieCommons.cpp
@ -494,6 +494,33 @@ bool CookieCommons::IsSafeTopLevelNav(nsIChannel* aChannel) {
  return NS_IsSafeMethodNav(aChannel);
 }

+// This function determines if two schemes are equal in the context of
+// "Schemeful SameSite cookies".
+//
+// Two schemes are considered equal:
+//   - if the "network.cookie.sameSite.schemeful" pref is set to false.
+// OR
+//   - if one of the schemes is not http or https.
+// OR
+//   - if both schemes are equal AND both are either http or https.
+bool IsSameSiteSchemeEqual(const nsACString& aFirstScheme,
+                           const nsACString& aSecondScheme) {
+  if (!StaticPrefs::network_cookie_sameSite_schemeful()) {
+    return true;
+  }
+
+  auto isSchemeHttpOrHttps = [](const nsACString& scheme) -> bool {
+    return scheme.EqualsLiteral("http") || scheme.EqualsLiteral("https");
+  };
+
+  if (!isSchemeHttpOrHttps(aFirstScheme) ||
+      !isSchemeHttpOrHttps(aSecondScheme)) {
+    return true;
+  }
+
+  return aFirstScheme.Equals(aSecondScheme);
+}
+
 bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI) {
  if (!aChannel) {
    return false;
@ -509,6 +536,9 @@ bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI) {
    return false;
  }

+  nsAutoCString hostScheme, otherScheme;
+  aHostURI->GetScheme(hostScheme);
+
  bool isForeign = true;
  nsresult rv;
  if (loadInfo->GetExternalContentPolicyType() ==
@ -519,6 +549,8 @@ bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI) {
    // triggeringPrincipal which returns the URI of the document that caused the
    // navigation.
    rv = triggeringPrincipal->IsThirdPartyChannel(aChannel, &isForeign);
+
+    triggeringPrincipal->GetScheme(otherScheme);
  } else {
    nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
        do_GetService(THIRDPARTYUTIL_CONTRACTID);
@ -526,6 +558,8 @@ bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI) {
      return true;
    }
    rv = thirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
+
+    channelURI->GetScheme(otherScheme);
  }
  // if we are dealing with a cross origin request, we can return here
  // because we already know the request is 'foreign'.
@ -533,6 +567,12 @@ bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI) {
    return true;
  }

+  if (!IsSameSiteSchemeEqual(otherScheme, hostScheme)) {
+    // If the two schemes are not of the same http(s) scheme then we
+    // consider the request as foreign.
+    return true;
+  }
+
  // for loads of TYPE_SUBDOCUMENT we have to perform an additional test,
  // because a cross-origin iframe might perform a navigation to a same-origin
  // iframe which would send same-site cookies. Hence, if the iframe navigation
@ -560,6 +600,14 @@ bool CookieCommons::IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI) {
      if (NS_FAILED(rv) || isForeign) {
        return true;
      }
+
+      nsAutoCString redirectScheme;
+      redirectPrincipal->GetScheme(redirectScheme);
+      if (!IsSameSiteSchemeEqual(redirectScheme, hostScheme)) {
+        // If the two schemes are not of the same http(s) scheme then we
+        // consider the request as foreign.
+        return true;
+      }
    }
  }
  return isForeign;
--- a/testing/web-platform/meta/cookies/dir.ini
+++ b/testing/web-platform/meta/cookies/dir.ini
@ -1 +0,0 @@
-prefs: [network.cookie.sameSite.schemeful:false]
--- a/testing/web-platform/meta/cookies/schemeful-same-site/schemeful-navigation.tentative.html.ini
+++ b/testing/web-platform/meta/cookies/schemeful-same-site/schemeful-navigation.tentative.html.ini
@ -4,10 +4,8 @@
    if (os == "linux") and (processor == "x86"): ["OK", "TIMEOUT"]
  [Navigate cross-scheme]
    expected:
-      if (os == "mac") and not debug: ["FAIL", "NOTRUN"]
-      if (os == "linux") and (processor == "x86"): ["FAIL", "NOTRUN"]
-      FAIL
-
+      if (os == "mac") and not debug: ["PASS", "NOTRUN"]
+      if (os == "linux") and (processor == "x86"): ["PASS", "NOTRUN"]
  [Navigate same-scheme]
    expected:
      if (os == "mac") and not debug: ["PASS", "TIMEOUT"]
--- a/testing/web-platform/meta/cookies/schemeful-same-site/schemeful-subresource.tentative.html.ini
+++ b/testing/web-platform/meta/cookies/schemeful-same-site/schemeful-subresource.tentative.html.ini
@ -1,4 +0,0 @@
-[schemeful-subresource.tentative.html]
-  [Cross-scheme subresources cannot sent lax/strict cookies]
-    expected: FAIL
-
--- a/testing/web-platform/meta/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html.ini
+++ b/testing/web-platform/meta/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html.ini
@ -1,7 +0,0 @@
-[schemeful-websockets.sub.tentative.html]
-  [Cross-scheme WebSockets are cross-site]
-    expected:
-      if (os == "mac") and not debug: ["FAIL", "PASS"]
-      if (os == "linux") and (processor == "x86"): ["FAIL", "PASS"]
-      FAIL
-
				`@ -1 +0,0 @@`
				`prefs: [network.cookie.sameSite.schemeful:false]`