Browser+LibWebView+WebContent: Do not domain match on cookie updates

Updating cookies through these hooks happens in one of two manners:
1. Through the Browser's storage inspector.
2. Through WebDriver's delete-cookies operation.

In (1), we should not restrict ourselves to being able to delete cookies
for the current page. For example, it's handy to open the inspector from
the welcome page and be able to delete cookies for any domain.

In (2), we already are only interacting with cookies that have been
matched against the document URL.
This commit is contained in:
Timothy Flynn 2022-11-28 11:24:04 -05:00 committed by Andreas Kling
parent 949f5460fb
commit bf060adcf9
Notes: sideshowbarker 2024-07-17 03:37:50 +09:00
15 changed files with 22 additions and 30 deletions

View file

@ -603,8 +603,8 @@ void BrowserWindow::create_new_tab(URL url, bool activate)
m_cookie_jar.dump_cookies();
};
new_tab.on_update_cookie = [this](auto const& url, auto cookie) {
m_cookie_jar.update_cookie(url, move(cookie));
new_tab.on_update_cookie = [this](auto cookie) {
m_cookie_jar.update_cookie(move(cookie));
};
new_tab.on_get_cookies_entries = [this]() {

View file

@ -51,16 +51,8 @@ void CookieJar::set_cookie(const URL& url, Web::Cookie::ParsedCookie const& pars
// This is based on https://www.rfc-editor.org/rfc/rfc6265#section-5.3 as store_cookie() below
// however the whole ParsedCookie->Cookie conversion is skipped.
void CookieJar::update_cookie(URL const& url, Web::Cookie::Cookie cookie)
void CookieJar::update_cookie(Web::Cookie::Cookie cookie)
{
auto domain = canonicalize_domain(url);
if (!domain.has_value())
return;
// 6. If the canonicalized request-host does not domain-match the domain-attribute: Ignore the cookie entirely and abort these steps.
if (!domain_matches(domain.value(), cookie.domain))
return;
// 11. If the cookie store contains a cookie with the same name, domain, and path as the newly created cookie:
CookieStorageKey key { cookie.name, cookie.domain, cookie.path };

View file

@ -28,7 +28,7 @@ class CookieJar {
public:
DeprecatedString get_cookie(const URL& url, Web::Cookie::Source source);
void set_cookie(const URL& url, Web::Cookie::ParsedCookie const& parsed_cookie, Web::Cookie::Source source);
void update_cookie(URL const&, Web::Cookie::Cookie);
void update_cookie(Web::Cookie::Cookie);
void dump_cookies() const;
Vector<Web::Cookie::Cookie> get_all_cookies() const;
Vector<Web::Cookie::Cookie> get_all_cookies(URL const& url);

View file

@ -397,9 +397,9 @@ Tab::Tab(BrowserWindow& window)
on_set_cookie(url, cookie, source);
};
view().on_update_cookie = [this](auto& url, auto& cookie) {
view().on_update_cookie = [this](auto& cookie) {
if (on_update_cookie)
on_update_cookie(url, cookie);
on_update_cookie(cookie);
};
view().on_get_source = [this](auto& url, auto& source) {
@ -695,7 +695,7 @@ void Tab::show_storage_inspector()
m_storage_widget = storage_window->set_main_widget<StorageWidget>();
m_storage_widget->on_update_cookie = [this](Web::Cookie::Cookie cookie) {
if (on_update_cookie)
on_update_cookie(url(), move(cookie));
on_update_cookie(move(cookie));
};
}

View file

@ -69,7 +69,7 @@ public:
Function<DeprecatedString(const URL&, Web::Cookie::Source source)> on_get_cookie;
Function<void(const URL&, Web::Cookie::ParsedCookie const& cookie, Web::Cookie::Source source)> on_set_cookie;
Function<void()> on_dump_cookies;
Function<void(URL const&, Web::Cookie::Cookie)> on_update_cookie;
Function<void(Web::Cookie::Cookie)> on_update_cookie;
Function<Vector<Web::Cookie::Cookie>()> on_get_cookies_entries;
Function<OrderedHashMap<DeprecatedString, DeprecatedString>()> on_get_local_storage_entries;
Function<OrderedHashMap<DeprecatedString, DeprecatedString>()> on_get_session_storage_entries;

View file

@ -182,7 +182,7 @@ public:
virtual Optional<Web::Cookie::Cookie> page_did_request_named_cookie(AK::URL const&, DeprecatedString const&) { return {}; }
virtual DeprecatedString page_did_request_cookie(const AK::URL&, Cookie::Source) { return {}; }
virtual void page_did_set_cookie(const AK::URL&, Cookie::ParsedCookie const&, Cookie::Source) { }
virtual void page_did_update_cookie(AK::URL const&, Web::Cookie::Cookie) { }
virtual void page_did_update_cookie(Web::Cookie::Cookie) { }
virtual void page_did_update_resource_count(i32) { }
virtual void page_did_close_browsing_context(HTML::BrowsingContext const&) { }

View file

@ -461,10 +461,10 @@ void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>,
on_set_cookie(url, cookie, source);
}
void OutOfProcessWebView::notify_server_did_update_cookie(Badge<WebContentClient>, AK::URL const& url, Web::Cookie::Cookie const& cookie)
void OutOfProcessWebView::notify_server_did_update_cookie(Badge<WebContentClient>, Web::Cookie::Cookie const& cookie)
{
if (on_update_cookie)
on_update_cookie(url, cookie);
on_update_cookie(cookie);
}
void OutOfProcessWebView::notify_server_did_update_resource_count(i32 count_waiting)

View file

@ -103,7 +103,7 @@ public:
Function<Optional<Web::Cookie::Cookie>(AK::URL const& url, DeprecatedString const& name)> on_get_named_cookie;
Function<DeprecatedString(const AK::URL& url, Web::Cookie::Source source)> on_get_cookie;
Function<void(const AK::URL& url, Web::Cookie::ParsedCookie const& cookie, Web::Cookie::Source source)> on_set_cookie;
Function<void(AK::URL const& url, Web::Cookie::Cookie const& cookie)> on_update_cookie;
Function<void(Web::Cookie::Cookie const& cookie)> on_update_cookie;
Function<void(i32 count_waiting)> on_resource_status_change;
Function<void()> on_restore_window;
Function<Gfx::IntPoint(Gfx::IntPoint)> on_reposition_window;
@ -175,7 +175,7 @@ private:
virtual Optional<Web::Cookie::Cookie> notify_server_did_request_named_cookie(Badge<WebContentClient>, AK::URL const& url, DeprecatedString const& name) override;
virtual DeprecatedString notify_server_did_request_cookie(Badge<WebContentClient>, const AK::URL& url, Web::Cookie::Source source) override;
virtual void notify_server_did_set_cookie(Badge<WebContentClient>, const AK::URL& url, Web::Cookie::ParsedCookie const& cookie, Web::Cookie::Source source) override;
virtual void notify_server_did_update_cookie(Badge<WebContentClient>, AK::URL const& url, Web::Cookie::Cookie const& cookie) override;
virtual void notify_server_did_update_cookie(Badge<WebContentClient>, Web::Cookie::Cookie const& cookie) override;
virtual void notify_server_did_update_resource_count(i32 count_waiting) override;
virtual void notify_server_did_request_restore_window() override;
virtual Gfx::IntPoint notify_server_did_request_reposition_window(Gfx::IntPoint) override;

View file

@ -57,7 +57,7 @@ public:
virtual Optional<Web::Cookie::Cookie> notify_server_did_request_named_cookie(Badge<WebContentClient>, AK::URL const& url, DeprecatedString const& name) = 0;
virtual DeprecatedString notify_server_did_request_cookie(Badge<WebContentClient>, const AK::URL& url, Web::Cookie::Source source) = 0;
virtual void notify_server_did_set_cookie(Badge<WebContentClient>, const AK::URL& url, Web::Cookie::ParsedCookie const& cookie, Web::Cookie::Source source) = 0;
virtual void notify_server_did_update_cookie(Badge<WebContentClient>, AK::URL const& url, Web::Cookie::Cookie const& cookie) = 0;
virtual void notify_server_did_update_cookie(Badge<WebContentClient>, Web::Cookie::Cookie const& cookie) = 0;
virtual void notify_server_did_update_resource_count(i32 count_waiting) = 0;
virtual void notify_server_did_request_restore_window() = 0;
virtual Gfx::IntPoint notify_server_did_request_reposition_window(Gfx::IntPoint) = 0;

View file

@ -235,9 +235,9 @@ void WebContentClient::did_set_cookie(AK::URL const& url, Web::Cookie::ParsedCoo
m_view.notify_server_did_set_cookie({}, url, cookie, static_cast<Web::Cookie::Source>(source));
}
void WebContentClient::did_update_cookie(AK::URL const& url, Web::Cookie::Cookie const& cookie)
void WebContentClient::did_update_cookie(Web::Cookie::Cookie const& cookie)
{
m_view.notify_server_did_update_cookie({}, url, cookie);
m_view.notify_server_did_update_cookie({}, cookie);
}
void WebContentClient::did_update_resource_count(i32 count_waiting)

View file

@ -67,7 +67,7 @@ private:
virtual Messages::WebContentClient::DidRequestNamedCookieResponse did_request_named_cookie(AK::URL const&, DeprecatedString const&) override;
virtual Messages::WebContentClient::DidRequestCookieResponse did_request_cookie(AK::URL const&, u8) override;
virtual void did_set_cookie(AK::URL const&, Web::Cookie::ParsedCookie const&, u8) override;
virtual void did_update_cookie(AK::URL const&, Web::Cookie::Cookie const&) override;
virtual void did_update_cookie(Web::Cookie::Cookie const&) override;
virtual void did_update_resource_count(i32 count_waiting) override;
virtual void did_request_restore_window() override;
virtual Messages::WebContentClient::DidRequestRepositionWindowResponse did_request_reposition_window(Gfx::IntPoint) override;

View file

@ -359,9 +359,9 @@ void PageHost::page_did_set_cookie(const URL& url, Web::Cookie::ParsedCookie con
m_client.async_did_set_cookie(url, cookie, static_cast<u8>(source));
}
void PageHost::page_did_update_cookie(URL const& url, Web::Cookie::Cookie cookie)
void PageHost::page_did_update_cookie(Web::Cookie::Cookie cookie)
{
m_client.async_did_update_cookie(url, move(cookie));
m_client.async_did_update_cookie(move(cookie));
}
void PageHost::page_did_update_resource_count(i32 count_waiting)

View file

@ -92,7 +92,7 @@ private:
virtual Optional<Web::Cookie::Cookie> page_did_request_named_cookie(URL const&, DeprecatedString const&) override;
virtual DeprecatedString page_did_request_cookie(const URL&, Web::Cookie::Source) override;
virtual void page_did_set_cookie(const URL&, Web::Cookie::ParsedCookie const&, Web::Cookie::Source) override;
virtual void page_did_update_cookie(URL const&, Web::Cookie::Cookie) override;
virtual void page_did_update_cookie(Web::Cookie::Cookie) override;
virtual void page_did_update_resource_count(i32) override;
virtual void request_file(NonnullRefPtr<Web::FileRequest>&) override;

View file

@ -43,7 +43,7 @@ endpoint WebContentClient
did_request_named_cookie(URL url, DeprecatedString name) => (Optional<Web::Cookie::Cookie> cookie)
did_request_cookie(URL url, u8 source) => (DeprecatedString cookie)
did_set_cookie(URL url, Web::Cookie::ParsedCookie cookie, u8 source) =|
did_update_cookie(URL url, Web::Cookie::Cookie cookie) =|
did_update_cookie(Web::Cookie::Cookie cookie) =|
did_update_resource_count(i32 count_waiting) =|
did_request_restore_window() =|
did_request_reposition_window(Gfx::IntPoint position) => (Gfx::IntPoint window_position)

View file

@ -1752,7 +1752,7 @@ void WebDriverConnection::delete_cookies(Optional<StringView> const& name)
if (!name.has_value() || name.value() == cookie.name) {
// Set the cookie expiry time to a Unix timestamp in the past.
cookie.expiry_time = Core::DateTime::from_timestamp(0);
m_page_client.page_did_update_cookie(document->url(), move(cookie));
m_page_client.page_did_update_cookie(move(cookie));
}
// -> Otherwise
// Do nothing.