RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 19:07:35 +00:00
Code Issues Activity Actions

Browser+LibWeb+WebContent: Track the source of document.cookie requests

Browse source 
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This commit is contained in:
Timothy Flynn 2021-04-13 17:30:41 -04:00 committed by Andreas Kling
parent 7193e518d1
commit c00760c5f9
20 changed files with 54 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Userland/Libraries/LibWeb/DOM/Document.cpp
View file

@ -821,17 +821,17 @@ void Document::completely_finish_loading()
dispatch_event(DOM::Event::create(HTML::EventNames::load));
}
String Document::cookie()
String Document::cookie(Cookie::Source source)
{
if (auto* page = this->page())
return page->client().page_did_request_cookie(m_url);
return page->client().page_did_request_cookie(m_url, source);
return {};
}
void Document::set_cookie(String cookie)
void Document::set_cookie(String cookie, Cookie::Source source)
{
if (auto* page = this->page())
page->client().page_did_set_cookie(m_url, cookie);
page->client().page_did_set_cookie(m_url, cookie, source);
}
}