RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 16:07:45 +00:00
Code Issues Activity Actions

LibWeb: Parse SameSite cookie attribute

Browse source
This commit is contained in:
Smrtnyk 2022-10-21 13:00:04 +02:00 committed by Linus Groh
parent a534e61b44
commit b08ae57b23
4 changed files with 55 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp
View file

@ -25,6 +25,7 @@ static void on_domain_attribute(ParsedCookie& parsed_cookie, StringView attribut
static void on_path_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
static void on_secure_attribute(ParsedCookie& parsed_cookie);
static void on_http_only_attribute(ParsedCookie& parsed_cookie);
static void on_same_site_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
static Optional<Core::DateTime> parse_date_time(StringView date_string);
Optional<ParsedCookie> parse_cookie(String const& cookie_string)
@ -143,6 +144,8 @@ void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, S
on_secure_attribute(parsed_cookie);
} else if (attribute_name.equals_ignoring_case("HttpOnly"sv)) {
on_http_only_attribute(parsed_cookie);
} else if (attribute_name.equals_ignoring_case("SameSite"sv)) {
on_same_site_attribute(parsed_cookie, attribute_value);
}
}
@ -222,6 +225,23 @@ void on_http_only_attribute(ParsedCookie& parsed_cookie)
parsed_cookie.http_only_attribute_present = true;
}
// https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-samesite-attribute-2
void on_same_site_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
{
// 1. Let enforcement be "Default"
// Note: Set as default value in ParsedCookie.h
// 2. If cookie-av's attribute-value is a case-insensitive match for "None", set enforcement to "None".
if (attribute_value.equals_ignoring_case("None"sv))
parsed_cookie.same_site_attribute = SameSite::None;
// 3. If cookie-av's attribute-value is a case-insensitive match for "Strict", set enforcement to "Strict".
else if (attribute_value.equals_ignoring_case("Strict"sv))
parsed_cookie.same_site_attribute = SameSite::Strict;
// 4. If cookie-av's attribute-value is a case-insensitive match for "Lax", set enforcement to "Lax".
else if (attribute_value.equals_ignoring_case("Lax"sv))
parsed_cookie.same_site_attribute = SameSite::Lax;
}
Optional<Core::DateTime> parse_date_time(StringView date_string)
{
// https://tools.ietf.org/html/rfc6265#section-5.1.1
@ -343,6 +363,7 @@ bool IPC::encode(Encoder& encoder, Web::Cookie::ParsedCookie const& cookie)
encoder << cookie.path;
encoder << cookie.secure_attribute_present;
encoder << cookie.http_only_attribute_present;
encoder << cookie.same_site_attribute;
return true;
}
@ -357,5 +378,6 @@ ErrorOr<void> IPC::decode(Decoder& decoder, Web::Cookie::ParsedCookie& cookie)
TRY(decoder.decode(cookie.path));
TRY(decoder.decode(cookie.secure_attribute_present));
TRY(decoder.decode(cookie.http_only_attribute_present));
TRY(decoder.decode(cookie.same_site_attribute));
return {};
}