Bug 1555846 - Block cookies from trackers with dynamic FPI; r=baku
authorEhsan Akhgari <ehsan@mozilla.com>
Fri, 31 May 2019 14:33:36 +0000
changeset 476410 0ad594cd87445bd3e6ee90a87611cb837334067f
parent 476409 93ae54d47ca448966196d502670b0cfc771a4ef2
child 476411 95ffb38f6a64d7cc5ccacc8080c9928027155be3
push id36094
push useraiakab@mozilla.com
push dateFri, 31 May 2019 21:48:40 +0000
treeherdermozilla-central@a73077366144 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1555846
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1555846 - Block cookies from trackers with dynamic FPI; r=baku Differential Revision: https://phabricator.services.mozilla.com/D33227
netwerk/cookie/nsCookieService.cpp
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3907,18 +3907,16 @@ CookieStatus nsCookieService::CheckPrefs
     nsICookieSettings* aCookieSettings, nsIURI* aHostURI, bool aIsForeign,
     bool aIsTrackingResource, bool aFirstPartyStorageAccessGranted,
     const nsACString& aCookieHeader, const int aNumOfCookies,
     const OriginAttributes& aOriginAttrs, uint32_t* aRejectedReason) {
   nsresult rv;
 
   MOZ_ASSERT(aRejectedReason);
 
-  uint32_t aInputRejectedReason = *aRejectedReason;
-
   *aRejectedReason = 0;
 
   // don't let ftp sites get/set cookies (could be a security issue)
   bool ftp;
   if (NS_SUCCEEDED(aHostURI->SchemeIs("ftp", &ftp)) && ftp) {
     COOKIE_LOGFAILURE(aCookieHeader.IsVoid() ? GET_COOKIE : SET_COOKIE,
                       aHostURI, aCookieHeader, "ftp sites cannot read cookies");
     return STATUS_REJECTED_WITH_ERROR;
@@ -3953,17 +3951,24 @@ CookieStatus nsCookieService::CheckPrefs
     }
   }
 
   // No cookies allowed if this request comes from a tracker, in a 3rd party
   // context, when anti-tracking protection is enabled and when we don't have
   // access to the first-party cookie jar.
   if (aIsForeign && aIsTrackingResource && !aFirstPartyStorageAccessGranted &&
       aCookieSettings->GetRejectThirdPartyTrackers()) {
-    if (StoragePartitioningEnabled(aInputRejectedReason, aCookieSettings)) {
+    // Explicitly pass nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER
+    // here to ensure that we are testing the partitioning configuration only
+    // for the nsICookieService::BEHAVIOR_REJECT_TRACKER configuration.
+    // When partitioning for BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN, we
+    // don't want to give a free pass to tracker cookies here!
+    if (StoragePartitioningEnabled(
+            nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER,
+            aCookieSettings)) {
       MOZ_ASSERT(!aOriginAttrs.mFirstPartyDomain.IsEmpty(),
                  "We must have a StoragePrincipal here!");
       return STATUS_ACCEPTED;
     }
 
     COOKIE_LOGFAILURE(aCookieHeader.IsVoid() ? GET_COOKIE : SET_COOKIE,
                       aHostURI, aCookieHeader,
                       "cookies are disabled in trackers");