mirrors/gecko-dev
1
0
Fork 1
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-11-07 03:38:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
gecko-dev/toolkit/components/extensions/parent/ext-cookies.js

607 lines
19 KiB
JavaScript
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
/* globals DEFAULT_STORE, PRIVATE_STORE */
var { ExtensionError } = ExtensionUtils;
const SAME_SITE_STATUSES = [
"no_restriction", // Index 0 = Ci.nsICookie.SAMESITE_NONE
"lax", // Index 1 = Ci.nsICookie.SAMESITE_LAX
"strict", // Index 2 = Ci.nsICookie.SAMESITE_STRICT
];
const isIPv4 = host => {
let match = /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/.exec(host);
if (match) {
return match[1] < 256 && match[2] < 256 && match[3] < 256 && match[4] < 256;
}
return false;
};
const isIPv6 = host => host.includes(":");
const addBracketIfIPv6 = host =>
isIPv6(host) && !host.startsWith("[") ? `[${host}]` : host;
const dropBracketIfIPv6 = host =>
isIPv6(host) && host.startsWith("[") && host.endsWith("]")
? host.slice(1, -1)
: host;
const convertCookie = ({ cookie, isPrivate }) => {
let result = {
name: cookie.name,
value: cookie.value,
domain: addBracketIfIPv6(cookie.host),
hostOnly: !cookie.isDomain,
path: cookie.path,
secure: cookie.isSecure,
httpOnly: cookie.isHttpOnly,
sameSite: SAME_SITE_STATUSES[cookie.sameSite],
session: cookie.isSession,
firstPartyDomain: cookie.originAttributes.firstPartyDomain || "",
};
if (!cookie.isSession) {
result.expirationDate = cookie.expiry;
}
if (cookie.originAttributes.userContextId) {
result.storeId = getCookieStoreIdForContainer(
cookie.originAttributes.userContextId
);
} else if (cookie.originAttributes.privateBrowsingId || isPrivate) {
result.storeId = PRIVATE_STORE;
} else {
result.storeId = DEFAULT_STORE;
}
return result;
};
const isSubdomain = (otherDomain, baseDomain) => {
return otherDomain == baseDomain || otherDomain.endsWith("." + baseDomain);
};
// Checks that the given extension has permission to set the given cookie for
// the given URI.
const checkSetCookiePermissions = (extension, uri, cookie) => {
// Permission checks:
//
// - If the extension does not have permissions for the specified
// URL, it cannot set cookies for it.
//
// - If the specified URL could not set the given cookie, neither can
// the extension.
//
// Ideally, we would just have the cookie service make the latter
// determination, but that turns out to be quite complicated. At the
// moment, it requires constructing a cookie string and creating a
// dummy channel, both of which can be problematic. It also triggers
// a whole set of additional permission and preference checks, which
// may or may not be desirable.
//
// So instead, we do a similar set of checks here. Exactly what
// cookies a given URL should be able to set is not well-documented,
// and is not standardized in any standard that anyone actually
// follows. So instead, we follow the rules used by the cookie
// service.
//
// See source/netwerk/cookie/CookieService.cpp, in particular
// CheckDomain() and SetCookieInternal().
if (uri.scheme != "http" && uri.scheme != "https") {
return false;
}
if (!extension.allowedOrigins.matches(uri)) {
return false;
}
if (!cookie.host) {
// If no explicit host is specified, this becomes a host-only cookie.
cookie.host = uri.host;
return true;
}
// A leading "." is not expected, but is tolerated if it's not the only
// character in the host. If there is one, start by stripping it off. We'll
// add a new one on success.
if (cookie.host.length > 1) {
cookie.host = cookie.host.replace(/^\./, "");
}
cookie.host = cookie.host.toLowerCase();
cookie.host = dropBracketIfIPv6(cookie.host);
if (cookie.host != uri.host) {
// Not an exact match, so check for a valid subdomain.
let baseDomain;
try {
baseDomain = Services.eTLD.getBaseDomain(uri);
} catch (e) {
if (
e.result == Cr.NS_ERROR_HOST_IS_IP_ADDRESS ||
e.result == Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
) {
// The cookie service uses these to determine whether the domain
// requires an exact match. We already know we don't have an exact
// match, so return false. In all other cases, re-raise the error.
return false;
}
throw e;
}
// The cookie domain must be a subdomain of the base domain. This prevents
// us from setting cookies for domains like ".co.uk".
// The domain of the requesting URL must likewise be a subdomain of the
// cookie domain. This prevents us from setting cookies for entirely
// unrelated domains.
if (
!isSubdomain(cookie.host, baseDomain) ||
!isSubdomain(uri.host, cookie.host)
) {
return false;
}
// RFC2109 suggests that we may only add cookies for sub-domains 1-level
// below us, but enforcing that would break the web, so we don't.
}
// If the host is an IP address, avoid adding a leading ".".
// An IP address is not a domain name, and only supports host-only cookies.
if (isIPv6(cookie.host) || isIPv4(cookie.host)) {
return true;
}
// An explicit domain was passed, so add a leading "." to make this a
// domain cookie.
cookie.host = "." + cookie.host;
// We don't do any significant checking of path permissions. RFC2109
// suggests we only allow sites to add cookies for sub-paths, similar to
// same origin policy enforcement, but no-one implements this.
return true;
};
/**
* Query the cookie store for matching cookies.
* @param {Object} detailsIn
* @param {Array} props Properties the extension is interested in matching against.
* @param {BaseContext} context The context making the query.
*/
const query = function*(detailsIn, props, context) {
let details = {};
props.forEach(property => {
if (detailsIn[property] !== null) {
details[property] = detailsIn[property];
}
});
if ("domain" in details) {
details.domain = details.domain.toLowerCase().replace(/^\./, "");
details.domain = dropBracketIfIPv6(details.domain);
}
let userContextId = 0;
let isPrivate = context.incognito;
if (details.storeId) {
if (!isValidCookieStoreId(details.storeId)) {
return;
}
if (isDefaultCookieStoreId(details.storeId)) {
isPrivate = false;
} else if (isPrivateCookieStoreId(details.storeId)) {
isPrivate = true;
} else if (isContainerCookieStoreId(details.storeId)) {
isPrivate = false;
userContextId = getContainerForCookieStoreId(details.storeId);
if (!userContextId) {
return;
}
}
}
let storeId = DEFAULT_STORE;
if (isPrivate) {
storeId = PRIVATE_STORE;
} else if ("storeId" in details) {
storeId = details.storeId;
}
if (storeId == PRIVATE_STORE && !context.privateBrowsingAllowed) {
throw new ExtensionError(
"Extension disallowed access to the private cookies storeId."
);
}
// We can use getCookiesFromHost for faster searching.
let cookies;
let host;
let url;
let originAttributes = {
userContextId,
privateBrowsingId: isPrivate ? 1 : 0,
};
if ("firstPartyDomain" in details) {
originAttributes.firstPartyDomain = details.firstPartyDomain;
}
if ("url" in details) {
try {
url = new URL(details.url);
host = dropBracketIfIPv6(url.hostname);
} catch (ex) {
// This often happens for about: URLs
return;
}
} else if ("domain" in details) {
host = details.domain;
}
if (host && "firstPartyDomain" in originAttributes) {
// getCookiesFromHost is more efficient than getCookiesWithOriginAttributes
// if the host and all origin attributes are known.
cookies = Services.cookies.getCookiesFromHost(host, originAttributes);
} else {
cookies = Services.cookies.getCookiesWithOriginAttributes(
JSON.stringify(originAttributes),
host
);
}
// Based on CookieService::GetCookieStringFromHttp
function matches(cookie) {
function domainMatches(host) {
return (
cookie.rawHost == host ||
(cookie.isDomain && host.endsWith(cookie.host))
);
}
function pathMatches(path) {
let cookiePath = cookie.path.replace(/\/$/, "");
if (!path.startsWith(cookiePath)) {
return false;
}
// path == cookiePath, but without the redundant string compare.
if (path.length == cookiePath.length) {
return true;
}
// URL path is a substring of the cookie path, so it matches if, and
// only if, the next character is a path delimiter.
return path[cookiePath.length] === "/";
}
// "Restricts the retrieved cookies to those that would match the given URL."
if (url) {
if (!domainMatches(host)) {
return false;
}
if (cookie.isSecure && url.protocol != "https:") {
return false;
}
if (!pathMatches(url.pathname)) {
return false;
}
}
if ("name" in details && details.name != cookie.name) {
return false;
}
// "Restricts the retrieved cookies to those whose domains match or are subdomains of this one."
if ("domain" in details && !isSubdomain(cookie.rawHost, details.domain)) {
return false;
}
// "Restricts the retrieved cookies to those whose path exactly matches this string.""
if ("path" in details && details.path != cookie.path) {
return false;
}
if ("secure" in details && details.secure != cookie.isSecure) {
return false;
}
if ("session" in details && details.session != cookie.isSession) {
return false;
}
// Check that the extension has permissions for this host.
if (!context.extension.allowedOrigins.matchesCookie(cookie)) {
return false;
}
return true;
}
for (const cookie of cookies) {
if (matches(cookie)) {
yield { cookie, isPrivate, storeId };
}
}
};
const normalizeFirstPartyDomain = details => {
if (details.firstPartyDomain != null) {
return;
}
if (Services.prefs.getBoolPref("privacy.firstparty.isolate")) {
throw new ExtensionError(
"First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set."
);
}
// When FPI is disabled, the "firstPartyDomain" attribute is optional
// and defaults to the empty string.
details.firstPartyDomain = "";
};
this.cookies = class extends ExtensionAPI {
getAPI(context) {
let { extension } = context;
let self = {
cookies: {
get: function(details) {
normalizeFirstPartyDomain(details);
// FIXME: We don't sort by length of path and creation time.
let allowed = ["url", "name", "storeId", "firstPartyDomain"];
for (let cookie of query(details, allowed, context)) {
return Promise.resolve(convertCookie(cookie));
}
// Found no match.
return Promise.resolve(null);
},
getAll: function(details) {
if (!("firstPartyDomain" in details)) {
normalizeFirstPartyDomain(details);
}
let allowed = [
"url",
"name",
"domain",
"path",
"secure",
"session",
"storeId",
];
// firstPartyDomain may be set to null or undefined to not filter by FPD.
if (details.firstPartyDomain != null) {
allowed.push("firstPartyDomain");
}
let result = Array.from(
query(details, allowed, context),
convertCookie
);
return Promise.resolve(result);
},
set: function(details) {
normalizeFirstPartyDomain(details);
let uri = Services.io.newURI(details.url);
let path;
if (details.path !== null) {
path = details.path;
} else {
// This interface essentially emulates the behavior of the
// Set-Cookie header. In the case of an omitted path, the cookie
// service uses the directory path of the requesting URL, ignoring
// any filename or query parameters.
path = uri.QueryInterface(Ci.nsIURL).directory;
}
let name = details.name !== null ? details.name : "";
let value = details.value !== null ? details.value : "";
let secure = details.secure !== null ? details.secure : false;
let httpOnly = details.httpOnly !== null ? details.httpOnly : false;
let isSession = details.expirationDate === null;
let expiry = isSession
? Number.MAX_SAFE_INTEGER
: details.expirationDate;
let isPrivate = context.incognito;
let userContextId = 0;
if (isDefaultCookieStoreId(details.storeId)) {
isPrivate = false;
} else if (isPrivateCookieStoreId(details.storeId)) {
if (!context.privateBrowsingAllowed) {
return Promise.reject({
message:
"Extension disallowed access to the private cookies storeId.",
});
}
isPrivate = true;
} else if (isContainerCookieStoreId(details.storeId)) {
let containerId = getContainerForCookieStoreId(details.storeId);
if (containerId === null) {
return Promise.reject({
message: `Illegal storeId: ${details.storeId}`,
});
}
isPrivate = false;
userContextId = containerId;
} else if (details.storeId !== null) {
return Promise.reject({ message: "Unknown storeId" });
}
let cookieAttrs = {
host: details.domain,
path: path,
isSecure: secure,
};
if (!checkSetCookiePermissions(extension, uri, cookieAttrs)) {
return Promise.reject({
message: `Permission denied to set cookie ${JSON.stringify(
details
)}`,
});
}
let originAttributes = {
userContextId,
privateBrowsingId: isPrivate ? 1 : 0,
firstPartyDomain: details.firstPartyDomain,
};
let sameSite = SAME_SITE_STATUSES.indexOf(details.sameSite);
let schemeType = Ci.nsICookie.SCHEME_UNSET;
if (uri.scheme === "https") {
schemeType = Ci.nsICookie.SCHEME_HTTPS;
} else if (uri.scheme === "http") {
schemeType = Ci.nsICookie.SCHEME_HTTP;
} else if (uri.scheme === "file") {
schemeType = Ci.nsICookie.SCHEME_FILE;
}
// The permission check may have modified the domain, so use
// the new value instead.
Services.cookies.add(
cookieAttrs.host,
path,
name,
value,
secure,
httpOnly,
isSession,
expiry,
originAttributes,
sameSite,
schemeType
);
return self.cookies.get(details);
},
remove: function(details) {
normalizeFirstPartyDomain(details);
let allowed = ["url", "name", "storeId", "firstPartyDomain"];
for (let { cookie, storeId } of query(details, allowed, context)) {
if (
isPrivateCookieStoreId(details.storeId) &&
!context.privateBrowsingAllowed
) {
return Promise.reject({ message: "Unknown storeId" });
}
Services.cookies.remove(
cookie.host,
cookie.name,
cookie.path,
cookie.originAttributes
);
// TODO Bug 1387957: could there be multiple per subdomain?
return Promise.resolve({
url: details.url,
name: details.name,
storeId,
firstPartyDomain: details.firstPartyDomain,
});
}
return Promise.resolve(null);
},
getAllCookieStores: function() {
let data = {};
for (let tab of extension.tabManager.query()) {
if (!(tab.cookieStoreId in data)) {
data[tab.cookieStoreId] = [];
}
data[tab.cookieStoreId].push(tab.id);
}
let result = [];
for (let key in data) {
result.push({
id: key,
tabIds: data[key],
incognito: key == PRIVATE_STORE,
});
}
return Promise.resolve(result);
},
onChanged: new EventManager({
context,
name: "cookies.onChanged",
register: fire => {
let observer = (subject, topic, data) => {
let notify = (removed, cookie, cause) => {
cookie.QueryInterface(Ci.nsICookie);
if (extension.allowedOrigins.matchesCookie(cookie)) {
fire.async({
removed,
cookie: convertCookie({
cookie,
isPrivate: topic == "private-cookie-changed",
}),
cause,
});
}
};
// We do our best effort here to map the incompatible states.
switch (data) {
case "deleted":
notify(true, subject, "explicit");
break;
case "added":
notify(false, subject, "explicit");
break;
case "changed":
notify(true, subject, "overwrite");
notify(false, subject, "explicit");
break;
case "batch-deleted":
subject.QueryInterface(Ci.nsIArray);
for (let i = 0; i < subject.length; i++) {
let cookie = subject.queryElementAt(i, Ci.nsICookie);
if (
!cookie.isSession &&
cookie.expiry * 1000 <= Date.now()
) {
notify(true, cookie, "expired");
} else {
notify(true, cookie, "evicted");
}
}
break;
}
};
Services.obs.addObserver(observer, "cookie-changed");
if (context.privateBrowsingAllowed) {
Services.obs.addObserver(observer, "private-cookie-changed");
}
return () => {
Services.obs.removeObserver(observer, "cookie-changed");
if (context.privateBrowsingAllowed) {
Services.obs.removeObserver(observer, "private-cookie-changed");
}
};
},
}).api(),
},
};
return self;
}
};
Reference in a new issue View git blame Copy permalink