Bug 1654556 - Log also "failed the samesite tests" cookie rejection reason, r=baku
authorHonza Bambas <honzab.moz@firemni.cz>
Thu, 23 Jul 2020 14:48:12 +0000
changeset 541797 2c6272a20ddd8957e2da8a514a2fda45d470fa71
parent 541796 e87edc47ce4966ef9cf2df591dfa8a0d66f57116
child 541798 95bc4d15b66ad0dc5d50413cac924a153efb2e36
push id37633
push userccoroiu@mozilla.com
push dateFri, 24 Jul 2020 09:32:06 +0000
treeherdermozilla-central@141543043270 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1654556
milestone80.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1654556 - Log also "failed the samesite tests" cookie rejection reason, r=baku Differential Revision: https://phabricator.services.mozilla.com/D84555
netwerk/cookie/CookieService.cpp
netwerk/locales/en-US/necko.properties
--- a/netwerk/cookie/CookieService.cpp
+++ b/netwerk/cookie/CookieService.cpp
@@ -1163,16 +1163,23 @@ bool CookieService::CanSetCookie(
   }
 
   // If the new cookie is same-site but in a cross site context,
   // browser must ignore the cookie.
   if ((aCookieData.sameSite() != nsICookie::SAMESITE_NONE) &&
       aIsForeignAndNotAddon) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader,
                       "failed the samesite tests");
+
+    CookieLogging::LogMessageToConsole(
+        aCRC, aHostURI, nsIScriptError::warningFlag, CONSOLE_SAMESITE_CATEGORY,
+        "CookieRejectedForNonSameSiteness"_ns,
+        AutoTArray<nsString, 1>{
+            NS_ConvertUTF8toUTF16(aCookieData.name()),
+        });
     return newCookie;
   }
 
   aSetCookie = true;
   return newCookie;
 }
 
 /******************************************************************************
--- a/netwerk/locales/en-US/necko.properties
+++ b/netwerk/locales/en-US/necko.properties
@@ -82,8 +82,10 @@ CookieRejectedHttpOnlyButFromScript=Cookie “%1$S” has been rejected because there is already an HTTP-Only cookie but script tried to store a new one.
 # LOCALIZATION NOTE (CookieRejectedSecureButHttp): %1$S is the cookie name.
 CookieRejectedSecureButNonHttps=Cookie “%1$S” has been rejected because a non-HTTPS cookie can’t be set as “secure”.
 # LOCALIZATION NOTE (CookieRejectedThirdParty): %1$S is the cookie response header.
 CookieRejectedThirdParty=Cookie “%1$S” has been rejected as third-party.
 # LOCALIZATION NOTE (CookieRejectedNonsecureOverSecure): %1$S is the cookie name.
 CookieRejectedNonsecureOverSecure=Cookie “%1$S” has been rejected because there is an existing “secure” cookie.
 # LOCALIZATION NOTE (CookieRejectedExpired): %1$S is the cookie name.
 CookieRejectedExpired=Cookie “%1$S” has been rejected because it is already expired.
+# LOCALIZATION NOTE (CookieRejectedForNonSameSiteness): %1$S is the cookie name.
+CookieRejectedForNonSameSiteness=Cookie “%1$S” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.