RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 12:07:45 +00:00
Code Issues Activity Actions

Browser+LibWeb+WebContent: Track the source of document.cookie requests

Browse source 
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This commit is contained in:
Timothy Flynn 2021-04-13 17:30:41 -04:00 committed by Andreas Kling
parent 7193e518d1
commit c00760c5f9
20 changed files with 54 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Userland/Services/WebContent/PageHost.cpp
View file

@ -208,14 +208,14 @@ void PageHost::page_did_request_image_context_menu(const Gfx::IntPoint& content_
m_client.post_message(Messages::WebContentClient::DidRequestImageContextMenu(content_position, url, target, modifiers, bitmap->to_shareable_bitmap()));
}
String PageHost::page_did_request_cookie(const URL& url)
String PageHost::page_did_request_cookie(const URL& url, Web::Cookie::Source source)
{
return m_client.send_sync<Messages::WebContentClient::DidRequestCookie>(url)->cookie();
return m_client.send_sync<Messages::WebContentClient::DidRequestCookie>(url, static_cast<u8>(source))->cookie();
}
void PageHost::page_did_set_cookie(const URL& url, const String& cookie)
void PageHost::page_did_set_cookie(const URL& url, const String& cookie, Web::Cookie::Source source)
{
m_client.post_message(Messages::WebContentClient::DidSetCookie(url, cookie));
m_client.post_message(Messages::WebContentClient::DidSetCookie(url, cookie, static_cast<u8>(source)));
}
}