mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 23:47:45 +00:00
Browser+LibWebView+WebContent: Do not domain match on cookie updates
Updating cookies through these hooks happens in one of two manners: 1. Through the Browser's storage inspector. 2. Through WebDriver's delete-cookies operation. In (1), we should not restrict ourselves to being able to delete cookies for the current page. For example, it's handy to open the inspector from the welcome page and be able to delete cookies for any domain. In (2), we already are only interacting with cookies that have been matched against the document URL.
This commit is contained in:
parent
949f5460fb
commit
bf060adcf9
15 changed files with 22 additions and 30 deletions
|
@ -51,16 +51,8 @@ void CookieJar::set_cookie(const URL& url, Web::Cookie::ParsedCookie const& pars
|
|||
|
||||
// This is based on https://www.rfc-editor.org/rfc/rfc6265#section-5.3 as store_cookie() below
|
||||
// however the whole ParsedCookie->Cookie conversion is skipped.
|
||||
void CookieJar::update_cookie(URL const& url, Web::Cookie::Cookie cookie)
|
||||
void CookieJar::update_cookie(Web::Cookie::Cookie cookie)
|
||||
{
|
||||
auto domain = canonicalize_domain(url);
|
||||
if (!domain.has_value())
|
||||
return;
|
||||
|
||||
// 6. If the canonicalized request-host does not domain-match the domain-attribute: Ignore the cookie entirely and abort these steps.
|
||||
if (!domain_matches(domain.value(), cookie.domain))
|
||||
return;
|
||||
|
||||
// 11. If the cookie store contains a cookie with the same name, domain, and path as the newly created cookie:
|
||||
CookieStorageKey key { cookie.name, cookie.domain, cookie.path };
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue