Bug 1454242 - Setting samesite cookie should not rely on NS_IsSameSiteForeign. r=valentin, a=jcristau
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 16 Apr 2018 07:18:21 +0200
changeset 460830 a8a5ba53d104721c7c586c53bc52a61d82a53d73
parent 460829 01e680ea0270b9b84e409c686541b0db4dff3c54
child 460831 7cb7bafe04e4ab600d49a90302e8455748199431
push id9066
push userryanvm@gmail.com
push dateMon, 16 Apr 2018 16:39:10 +0000
treeherdermozilla-beta@9f8ac6bbbd47 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin, jcristau
bugs1454242
milestone60.0
Bug 1454242 - Setting samesite cookie should not rely on NS_IsSameSiteForeign. r=valentin, a=jcristau
netwerk/cookie/nsCookieService.cpp
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3466,18 +3466,20 @@ nsCookieService::CanSetCookie(nsIURI*   
       "non-https cookie can't set secure flag");
     Telemetry::Accumulate(Telemetry::COOKIE_LEAVE_SECURE_ALONE,
                           BLOCKED_SECURE_SET_FROM_HTTP);
     return newCookie;
   }
 
   // If the new cookie is same-site but in a cross site context,
   // browser must ignore the cookie.
-  if (aCookieAttributes.sameSite != nsICookie2::SAMESITE_UNSET) {
-    bool isThirdParty = NS_IsSameSiteForeign(aChannel, aHostURI);
+  if (aCookieAttributes.sameSite != nsICookie2::SAMESITE_UNSET &&
+      aThirdPartyUtil) {
+    bool isThirdParty = false;
+    aThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isThirdParty);
     if (isThirdParty) {
       COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader,
                         "failed the samesite tests");
       return newCookie;
     }
   }
 
   aSetCookie = true;