RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 17:07:35 +00:00
Code Issues Activity Actions

Browser+LibWeb+WebContent: Track the source of document.cookie requests

Browse source 
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This commit is contained in:
Timothy Flynn 2021-04-13 17:30:41 -04:00 committed by Andreas Kling
parent 7193e518d1
commit c00760c5f9
20 changed files with 54 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Libraries/LibWeb/DOM/Document.h
View file

@ -40,6 +40,7 @@
#include <LibWeb/CSS/CSSStyleSheet.h>
#include <LibWeb/CSS/StyleResolver.h>
#include <LibWeb/CSS/StyleSheetList.h>
#include <LibWeb/Cookie/Cookie.h>
#include <LibWeb/DOM/DOMImplementation.h>
#include <LibWeb/DOM/ExceptionOr.h>
#include <LibWeb/DOM/NonElementParentNode.h>
@ -73,8 +74,8 @@ public:
virtual ~Document() override;
String cookie();
void set_cookie(String);
String cookie(Cookie::Source = Cookie::Source::NonHttp);
void set_cookie(String, Cookie::Source = Cookie::Source::NonHttp);
bool should_invalidate_styles_on_attribute_changes() const { return m_should_invalidate_styles_on_attribute_changes; }
void set_should_invalidate_styles_on_attribute_changes(bool b) { m_should_invalidate_styles_on_attribute_changes = b; }