Bug 1454242: Setting samesite cookie should not rely on NS_IsSameSiteForeign. r=valentin
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 16 Apr 2018 07:18:21 +0200
changeset 413831 3c1fdf8c83daf09d9bcf41ccd4c7bc0380f3d478
parent 413830 c6757ad801fedaff8606b6ae34a276ce08714ce8
child 413832 b5e2ab3b7a26a301212db459a42067feabba426a
push id33852
push usershindli@mozilla.com
push dateMon, 16 Apr 2018 21:59:17 +0000
treeherdermozilla-central@0ceabd10aac2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1454242
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1454242: Setting samesite cookie should not rely on NS_IsSameSiteForeign. r=valentin
netwerk/cookie/nsCookieService.cpp
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3466,18 +3466,20 @@ nsCookieService::CanSetCookie(nsIURI*   
       "non-https cookie can't set secure flag");
     Telemetry::Accumulate(Telemetry::COOKIE_LEAVE_SECURE_ALONE,
                           BLOCKED_SECURE_SET_FROM_HTTP);
     return newCookie;
   }
 
   // If the new cookie is same-site but in a cross site context,
   // browser must ignore the cookie.
-  if (aCookieAttributes.sameSite != nsICookie2::SAMESITE_UNSET) {
-    bool isThirdParty = NS_IsSameSiteForeign(aChannel, aHostURI);
+  if (aCookieAttributes.sameSite != nsICookie2::SAMESITE_UNSET &&
+      aThirdPartyUtil) {
+    bool isThirdParty = false;
+    aThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isThirdParty);
     if (isThirdParty) {
       COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader,
                         "failed the samesite tests");
       return newCookie;
     }
   }
 
   aSetCookie = true;