InitializeOriginAttributes takes aArgc and only initializes the
parameter when aArgc is 1. nsCookieService::Add takes another optional
parameter, namely aSameSite. If a caller sets this SameSite flag, then
InitializeOriginAttributes would skip the initialization of the
OriginAttributes.
This was caught by a private browsing test in
toolkit/components/extensions/test/mochitest/test_ext_cookies.html
(after I added support for SameSite flag in the extension API)
MozReview-Commit-ID: HLfte7x1X7T
--HG--
extra : rebase_source : 1feb84ceca157d8c5ec8575c6336cc606c3504fe
After writing a unit test I discovered that updating a cookie's samesite
flag did not work. This is caused by an "optimization" that avoids
modifying a cookie if any of the cookie attributes were not changed.
This check did not account for the SameSite flag, until now.
A unit test for this will be added in a later commit, at
toolkit/components/extensions/test/xpcshell/test_ext_cookies_samesite.js
MozReview-Commit-ID: ChiwwqqOE57
--HG--
extra : rebase_source : f6bd9bd650f6db50a0726451cd781ca7984962a1
This patch is an automatic replacement of s/NS_NOTREACHED/MOZ_ASSERT_UNREACHABLE/. Reindenting long lines and whitespace fixups follow in patch 6b.
MozReview-Commit-ID: 5UQVHElSpCr
--HG--
extra : rebase_source : 4c1b2fc32b269342f07639266b64941e2270e9c4
extra : source : 907543f6eae716f23a6de52b1ffb1c82908d158a
This patch reverts parts of changeset e87e706def11 (bug 1425031).
The problem in bug 1425031 was that when the content process set a cookie
a notification was sent to the parent process. This notification was then
forwarded to all the content processes, including the one it originated from.
The solution was to not forward cookies that originated from a content
process, but this causes the current bug.
The correct fix is to forward the cookie changes to all content processes
except the one they originated from.
The test for bug 1425031 remains, and should keep passing.
MozReview-Commit-ID: 1P6JwHQDy93
--HG--
extra : rebase_source : 85845c93059004836e14d5a46f2df881237fad6e
There seems to be no reason to conditionally fire the cookie-db-read event. Currently it is not fired if no cookies were read. There seems to be only one other consumer of this event (a test) which should work fine if the event were fired every time. This change would eliminate a particularly ugly workaround in cookie-related policy testing.
MozReview-Commit-ID: FbD1cvsBZBO
--HG--
extra : rebase_source : 6611debb3567310c61e5a5dc9cedadeae888cfe5
There seems to be no reason to conditionally fire the cookie-db-read event. Currently it is not fired if no cookies were read. There seems to be only one other consumer of this event (a test) which should work fine if the event were fired every time. This change would eliminate a particularly ugly workaround in cookie-related policy testing.
MozReview-Commit-ID: FbD1cvsBZBO
--HG--
extra : rebase_source : ff5049f36c7f3df3ad182ebb1a6ccc5db1032e23
This new COOKIE_SCHEME_HTTPS telemetry probe reports the same information as the COOKIE_SCHEME_SECURITY probe, but also categories cookies by whether they are set from an HTTP or HTTPS origin.
MozReview-Commit-ID: IWg8dycCzwq
--HG--
extra : source : 94708be3f00796680377b3235b78f7db70c34510
extra : intermediate-source : eaf32e92b13d54a8e8d70a7b8caf420800641d49
"Nonsecure HTTP" here just means regular, not-HTTPS HTTP. It doesn't mean HTTPS without the `Secure` cookie flag. Honor the expiration time of third-party cookies set over HTTPS, whether or not they have the `Secure` cookie flag. If a third-party cookie is set over HTTPS and then later sent in nonsecure HTTP request (which is allowed for cookies without the `Secure` cookie flag), the cookie won't be turned into a session cookie unless the nonsecure HTTP response sets a new cookie value.
This feature is controlled by the pref "network.cookie.thirdparty.nonsecureSessionOnly".
MozReview-Commit-ID: HlCg21JyvNC
--HG--
rename : extensions/cookie/test/unit/test_cookies_thirdparty_session.js => extensions/cookie/test/unit/test_cookies_thirdparty_nonsecure_session.js
extra : source : d1be2e4265201efd3ee93e965ac68561f548fd05
extra : intermediate-source : f5b382fa1b70e30a907b1f10d74f8c0c6dff344e
The NS_LITERAL_CSTRING macro creates a temporary nsLiteralCString to encapsulate the string literal and its length, but AssignLiteral() can determine the string literal's length at compile-time without nsLiteralCString.
MozReview-Commit-ID: DbTW5Bhd9E1
--HG--
extra : rebase_source : b27f666e5ca832d814fb6846208474e1ec66e5f4
extra : source : 9ff4e11402a9a43ed90298a9c354b0164cf9414f
These methods return an addrefed raw pointer, which makes them easy to use in
ways that cause leaks. If they're to continue returning an addrefed pointer,
they should explicitly return an already_AddRefed.
This also switches to StaticRefPtr with ClearOnShutdown for the cached
pointers for the sake of sanity.
MozReview-Commit-ID: D0lDpU8Hqug
--HG--
extra : rebase_source : 7b199070805fc0472eaf8409932517700ed23d49
