1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 11:47:35 +00:00

Browser+LibWeb+WebContent: Track the source of document.cookie requests

To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This commit is contained in:
Timothy Flynn 2021-04-13 17:30:41 -04:00 committed by Andreas Kling
parent 7193e518d1
commit c00760c5f9
20 changed files with 54 additions and 47 deletions

View file

@ -242,15 +242,15 @@ Tab::Tab(Type type)
on_favicon_change(icon);
};
hooks().on_get_cookie = [this](auto& url) -> String {
hooks().on_get_cookie = [this](auto& url, auto source) -> String {
if (on_get_cookie)
return on_get_cookie(url);
return on_get_cookie(url, source);
return {};
};
hooks().on_set_cookie = [this](auto& url, auto& cookie) {
hooks().on_set_cookie = [this](auto& url, auto& cookie, auto source) {
if (on_set_cookie)
on_set_cookie(url, cookie);
on_set_cookie(url, cookie, source);
};
hooks().on_get_source = [this](auto& url, auto& source) {