web content can set httponly cookie by overwriting a non-httponly one.
b=387543, p=dveditz, r=dwitte, sr=mconnor.
web content can set httponly cookie by overwriting a non-httponly one.
b=387543, p=dveditz, r=dwitte, sr=mconnor.
--- a/netwerk/cookie/src/nsCookieService.cpp
+++ b/netwerk/cookie/src/nsCookieService.cpp
@@ -1302,16 +1302,22 @@ nsCookieService::SetCookieInternal(nsIUR
// reached). also performs list maintenance by removing expired cookies.
void
nsCookieService::AddInternal(nsCookie *aCookie,
PRInt64 aCurrentTime,
nsIURI *aHostURI,
const char *aCookieHeader,
PRBool aFromHttp)
{
+ // if the new cookie is httponly, make sure we're not coming from script
+ if (!aFromHttp && aCookie->IsHttpOnly()) {
+ COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "cookie is httponly; coming from script");
+ return;
+ }
+
// start a transaction on the storage db, to optimize deletions/insertions.
// transaction will automically commit on completion. if we already have a
// transaction (e.g. from SetCookie*()), this will have no effect.
mozStorageTransaction transaction(mDBConn, PR_TRUE);
nsListIter matchIter;
const PRBool foundCookie =
FindCookie(aCookie->Host(), aCookie->Name(), aCookie->Path(), matchIter);
@@ -1337,22 +1343,16 @@ nsCookieService::AddInternal(nsCookie
} else {
// check if cookie has already expired
if (aCookie->Expiry() <= aCurrentTime) {
COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "cookie has already expired");
return;
}
- // if the new cookie is httponly, make sure we're not coming from script
- if (!aFromHttp && aCookie->IsHttpOnly()) {
- COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "cookie is httponly; coming from script");
- return;
- }
-
// check if we have to delete an old cookie.
nsEnumerationData data(aCurrentTime, LL_MAXINT);
if (CountCookiesFromHostInternal(aCookie->RawHost(), data) >= mMaxCookiesPerHost) {
// remove the oldest cookie from host
oldCookie = data.iter.current;
RemoveCookieFromList(data.iter);
} else if (mCookieCount >= mMaxNumberOfCookies) {