1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-28 13:27:36 +00:00

Browser+LibWebView+WebContent: Do not domain match on cookie updates

Updating cookies through these hooks happens in one of two manners:
1. Through the Browser's storage inspector.
2. Through WebDriver's delete-cookies operation.

In (1), we should not restrict ourselves to being able to delete cookies
for the current page. For example, it's handy to open the inspector from
the welcome page and be able to delete cookies for any domain.

In (2), we already are only interacting with cookies that have been
matched against the document URL.
This commit is contained in:
Timothy Flynn 2022-11-28 11:24:04 -05:00 committed by Andreas Kling
parent 949f5460fb
commit bf060adcf9
15 changed files with 22 additions and 30 deletions

View file

@ -603,8 +603,8 @@ void BrowserWindow::create_new_tab(URL url, bool activate)
m_cookie_jar.dump_cookies();
};
new_tab.on_update_cookie = [this](auto const& url, auto cookie) {
m_cookie_jar.update_cookie(url, move(cookie));
new_tab.on_update_cookie = [this](auto cookie) {
m_cookie_jar.update_cookie(move(cookie));
};
new_tab.on_get_cookies_entries = [this]() {

View file

@ -51,16 +51,8 @@ void CookieJar::set_cookie(const URL& url, Web::Cookie::ParsedCookie const& pars
// This is based on https://www.rfc-editor.org/rfc/rfc6265#section-5.3 as store_cookie() below
// however the whole ParsedCookie->Cookie conversion is skipped.
void CookieJar::update_cookie(URL const& url, Web::Cookie::Cookie cookie)
void CookieJar::update_cookie(Web::Cookie::Cookie cookie)
{
auto domain = canonicalize_domain(url);
if (!domain.has_value())
return;
// 6. If the canonicalized request-host does not domain-match the domain-attribute: Ignore the cookie entirely and abort these steps.
if (!domain_matches(domain.value(), cookie.domain))
return;
// 11. If the cookie store contains a cookie with the same name, domain, and path as the newly created cookie:
CookieStorageKey key { cookie.name, cookie.domain, cookie.path };

View file

@ -28,7 +28,7 @@ class CookieJar {
public:
DeprecatedString get_cookie(const URL& url, Web::Cookie::Source source);
void set_cookie(const URL& url, Web::Cookie::ParsedCookie const& parsed_cookie, Web::Cookie::Source source);
void update_cookie(URL const&, Web::Cookie::Cookie);
void update_cookie(Web::Cookie::Cookie);
void dump_cookies() const;
Vector<Web::Cookie::Cookie> get_all_cookies() const;
Vector<Web::Cookie::Cookie> get_all_cookies(URL const& url);

View file

@ -397,9 +397,9 @@ Tab::Tab(BrowserWindow& window)
on_set_cookie(url, cookie, source);
};
view().on_update_cookie = [this](auto& url, auto& cookie) {
view().on_update_cookie = [this](auto& cookie) {
if (on_update_cookie)
on_update_cookie(url, cookie);
on_update_cookie(cookie);
};
view().on_get_source = [this](auto& url, auto& source) {
@ -695,7 +695,7 @@ void Tab::show_storage_inspector()
m_storage_widget = storage_window->set_main_widget<StorageWidget>();
m_storage_widget->on_update_cookie = [this](Web::Cookie::Cookie cookie) {
if (on_update_cookie)
on_update_cookie(url(), move(cookie));
on_update_cookie(move(cookie));
};
}

View file

@ -69,7 +69,7 @@ public:
Function<DeprecatedString(const URL&, Web::Cookie::Source source)> on_get_cookie;
Function<void(const URL&, Web::Cookie::ParsedCookie const& cookie, Web::Cookie::Source source)> on_set_cookie;
Function<void()> on_dump_cookies;
Function<void(URL const&, Web::Cookie::Cookie)> on_update_cookie;
Function<void(Web::Cookie::Cookie)> on_update_cookie;
Function<Vector<Web::Cookie::Cookie>()> on_get_cookies_entries;
Function<OrderedHashMap<DeprecatedString, DeprecatedString>()> on_get_local_storage_entries;
Function<OrderedHashMap<DeprecatedString, DeprecatedString>()> on_get_session_storage_entries;