From 19ac3d11e9e79cb0d2cfe82dd0e9428711589ccb Mon Sep 17 00:00:00 2001
From: "cbiesinger%web.de" <cbiesinger%web.de>
Date: Tue, 25 Oct 2005 21:00:54 +0000
Subject: [PATCH] bug 313414 process cookies only after sending
 http-on-examine-response, to allow the observer to do stuff to the cookie
 header (modify or delete it) r+sr=darin

---
 netwerk/protocol/http/src/nsHttpChannel.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/netwerk/protocol/http/src/nsHttpChannel.cpp b/netwerk/protocol/http/src/nsHttpChannel.cpp
index 159ebd78e28..7d445903047 100644
--- a/netwerk/protocol/http/src/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/src/nsHttpChannel.cpp
@@ -776,12 +776,13 @@ nsHttpChannel::ProcessResponse()
     LOG(("nsHttpChannel::ProcessResponse [this=%x httpStatus=%u]\n",
         this, httpStatus));
 
-    // set cookies, if any exist
-    SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
-
     // notify "http-on-examine-response" observers
     gHttpHandler->OnExamineResponse(this);
 
+    // set cookies, if any exist; done after OnExamineResponse to allow those
+    // observers to modify the cookie response headers
+    SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
+
     // handle unused username and password in url (see bug 232567)
     if (httpStatus != 401 && httpStatus != 407) {
         CheckForSuperfluousAuth();