Bug 1351663 - Skip "optimization" if SameSite flag changes draft
authorRob Wu <rob@robwu.nl>
Sat, 09 Jun 2018 00:23:45 +0200
changeset 813064 6db2e8184c1f49f000a2a743853c9a4a1c319662
parent 813062 9c02d2ecf22050bfee5d70c04a359d8aaff6eb91
child 813065 32e8a023568ab9932319345cd4ddba8711fe036a
push id114753
push userbmo:rob@robwu.nl
push dateMon, 02 Jul 2018 10:34:57 +0000
Bug 1351663 - Skip "optimization" if SameSite flag changes After writing a unit test I discovered that updating a cookie's samesite flag did not work. This is caused by an "optimization" that avoids modifying a cookie if any of the cookie attributes were not changed. This check did not account for the SameSite flag, until now. A unit test for this will be added in a later commit, at toolkit/components/extensions/test/xpcshell/test_ext_cookies_samesite.js MozReview-Commit-ID: ChiwwqqOE57
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3701,24 +3701,25 @@ nsCookieService::AddInternal(const nsCoo
     } else {
       // If the old cookie is httponly, make sure we're not coming from script.
       if (!aFromHttp && oldCookie->IsHttpOnly()) {
         COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
           "previously stored cookie is httponly; coming from script");
-      // If the new cookie has the same value, expiry date, and isSecure,
-      // isSession, and isHttpOnly flags then we can just keep the old one.
+      // If the new cookie has the same value, expiry date, isSecure, isSession,
+      // isHttpOnly and sameSite flags then we can just keep the old one.
       // Only if any of these differ we would want to override the cookie.
       if (oldCookie->Value().Equals(aCookie->Value()) &&
           oldCookie->Expiry() == aCookie->Expiry() &&
           oldCookie->IsSecure() == aCookie->IsSecure() &&
           oldCookie->IsSession() == aCookie->IsSession() &&
           oldCookie->IsHttpOnly() == aCookie->IsHttpOnly() &&
+          oldCookie->SameSite() == aCookie->SameSite() &&
           // We don't want to perform this optimization if the cookie is
           // considered stale, since in this case we would need to update the
           // database.
           !oldCookie->IsStale()) {
         // Update the last access time on the old cookie.
         UpdateCookieOldestTime(mDBState, oldCookie);