RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-06-01 09:18:11 +00:00
Code Issues Activity Actions

Browser+LibWeb+WebContent: Track the source of document.cookie requests

Browse source 
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This commit is contained in:
Timothy Flynn 2021-04-13 17:30:41 -04:00 committed by Andreas Kling
parent 7193e518d1
commit c00760c5f9
20 changed files with 54 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
View file

@ -277,7 +277,7 @@ void FrameLoader::resource_did_load()
// FIXME: Support multiple instances of the Set-Cookie response header.
auto set_cookie = resource()->response_headers().get("Set-Cookie");
if (set_cookie.has_value())
document->set_cookie(set_cookie.value());
document->set_cookie(set_cookie.value(), Cookie::Source::Http);
if (!url.fragment().is_empty())
frame().scroll_to_anchor(url.fragment());