RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 18:37:36 +00:00
Code Issues Activity Actions

Browser+LibWeb+WebContent: Track the source of document.cookie requests

Browse source 
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This commit is contained in:
Timothy Flynn 2021-04-13 17:30:41 -04:00 committed by Andreas Kling
parent 7193e518d1
commit c00760c5f9
20 changed files with 54 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Applications/Browser/Tab.h
View file

@ -70,8 +70,8 @@ public:
Function<void(const URL&)> on_tab_open_request;
Function<void(Tab&)> on_tab_close_request;
Function<void(const Gfx::Bitmap&)> on_favicon_change;
Function<String(const URL& url)> on_get_cookie;
Function<void(const URL& url, const String& cookie)> on_set_cookie;
Function<String(const URL& url, Web::Cookie::Source source)> on_get_cookie;
Function<void(const URL& url, const String& cookie, Web::Cookie::Source source)> on_set_cookie;
Function<void()> on_dump_cookies;
const String& title() const { return m_title; }