Unretrievable cookies (the browser should accept these but not display them):
diff --git a/Userland/Libraries/LibWebView/CookieJar.cpp b/Userland/Libraries/LibWebView/CookieJar.cpp
index bec1e5b8ca..5e40d1ee31 100644
--- a/Userland/Libraries/LibWebView/CookieJar.cpp
+++ b/Userland/Libraries/LibWebView/CookieJar.cpp
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
namespace WebView {
@@ -316,7 +317,18 @@ void CookieJar::store_cookie(Web::Cookie::ParsedCookie const& parsed_cookie, con
}
// 5. If the user agent is configured to reject "public suffixes" and the domain-attribute is a public suffix:
- // FIXME: Support rejection of public suffixes. The full list is here: https://publicsuffix.org/list/public_suffix_list.dat
+ if (is_public_suffix(cookie.domain)) {
+ // If the domain-attribute is identical to the canonicalized request-host:
+ if (cookie.domain == canonicalized_domain) {
+ // Let the domain-attribute be the empty string.
+ cookie.domain = DeprecatedString::empty();
+ }
+ // Otherwise:
+ else {
+ // Ignore the cookie entirely and abort these steps.
+ return;
+ }
+ }
// 6. If the domain-attribute is non-empty:
if (!cookie.domain.is_empty()) {