Bug 1457503 - Removal of http-equiv cookies. draft, r=jkt
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 08 May 2019 13:50:45 +0000
changeset 531884 af207309bcf591289490bb78a11412975a559574
parent 531883 bf0ba3020f6128dd35c0aee4965371b162dc633b
child 531885 1c914f89d39582a35e96e22542cd4fd99e2dc663
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjkt
bugs1457503
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1457503 - Removal of http-equiv cookies. draft, r=jkt Differential Revision: https://phabricator.services.mozilla.com/D29841
dom/base/nsContentSink.cpp
modules/libpref/init/StaticPrefList.h
netwerk/test/mochitests/file_domain_hierarchy_inner.html
netwerk/test/mochitests/file_domain_hierarchy_inner.html^headers^
netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html
netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html^headers^
netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html
netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html^headers^
netwerk/test/mochitests/file_domain_inner.html
netwerk/test/mochitests/file_domain_inner.html^headers^
netwerk/test/mochitests/file_domain_inner_inner.html
netwerk/test/mochitests/file_domain_inner_inner.html^headers^
netwerk/test/mochitests/file_image_inner.html
netwerk/test/mochitests/file_image_inner.html^headers^
netwerk/test/mochitests/file_image_inner_inner.html
netwerk/test/mochitests/file_image_inner_inner.html^headers^
netwerk/test/mochitests/file_loadflags_inner.html
netwerk/test/mochitests/file_loadflags_inner.html^headers^
netwerk/test/mochitests/file_localhost_inner.html
netwerk/test/mochitests/file_localhost_inner.html^headers^
netwerk/test/mochitests/file_loopback_inner.html
netwerk/test/mochitests/file_loopback_inner.html^headers^
netwerk/test/mochitests/file_subdomain_inner.html
netwerk/test/mochitests/file_subdomain_inner.html^headers^
netwerk/test/mochitests/mochitest.ini
netwerk/test/mochitests/test_same_base_domain.html
netwerk/test/mochitests/test_same_base_domain_3.html
netwerk/test/mochitests/test_same_base_domain_5.html
netwerk/test/mochitests/test_samedomain.html
testing/web-platform/meta/cookies/meta-blocked.html.ini
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -292,17 +292,18 @@ nsresult nsContentSink::ProcessHTTPHeade
 nsresult nsContentSink::ProcessHeaderData(nsAtom* aHeader,
                                           const nsAString& aValue,
                                           nsIContent* aContent) {
   nsresult rv = NS_OK;
   // necko doesn't process headers coming in from the parser
 
   mDocument->SetHeaderData(aHeader, aValue);
 
-  if (aHeader == nsGkAtoms::setcookie) {
+  if (aHeader == nsGkAtoms::setcookie &&
+      StaticPrefs::dom_metaElement_setCookie_allowed()) {
     // Note: Necko already handles cookies set via the channel.  We can't just
     // call SetCookie on the channel because we want to do some security checks
     // here.
     nsCOMPtr<nsICookieService> cookieServ =
         do_GetService(NS_COOKIESERVICE_CONTRACTID, &rv);
     if (NS_FAILED(rv)) {
       return rv;
     }
@@ -791,17 +792,18 @@ nsresult nsContentSink::ProcessMETATag(n
     nsContentUtils::ASCIIToLower(header);
     if (nsGkAtoms::refresh->Equals(header) &&
         (mDocument->GetSandboxFlags() & SANDBOXED_AUTOMATIC_FEATURES)) {
       return NS_OK;
     }
 
     // Don't allow setting cookies in <meta http-equiv> in cookie averse
     // documents.
-    if (nsGkAtoms::setcookie->Equals(header) && mDocument->IsCookieAverse()) {
+    if (nsGkAtoms::setcookie->Equals(header) && mDocument->IsCookieAverse() &&
+        StaticPrefs::dom_metaElement_setCookie_allowed()) {
       return NS_OK;
     }
 
     nsAutoString result;
     element->GetAttr(kNameSpaceID_None, nsGkAtoms::content, result);
     if (!result.IsEmpty()) {
       RefPtr<nsAtom> fieldAtom(NS_Atomize(header));
       rv = ProcessHeaderData(fieldAtom, result, element);
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -715,16 +715,22 @@ VARCACHE_PREF(
 )
 
 VARCACHE_PREF(
   "dom.largeAllocation.forceEnable",
    dom_largeAllocation_forceEnable,
   bool, false
 )
 
+VARCACHE_PREF(
+  "dom.metaElement.setCookie.allowed",
+   dom_metaElement_setCookie_allowed,
+  bool, false
+)
+
 //---------------------------------------------------------------------------
 // Extension prefs
 //---------------------------------------------------------------------------
 
 #ifdef ANDROID
 // Private browsing opt-in is only supported on Firefox desktop.
 # define PREF_VALUE true
 #else
--- a/netwerk/test/mochitests/file_domain_hierarchy_inner.html
+++ b/netwerk/test/mochitests/file_domain_hierarchy_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     document.cookie = "can=has";
 
     // send a message to our test document, to say we're done loading
     window.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 <body>
 <iframe name="frame1" src="http://example.com/tests/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_domain_hierarchy_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html
+++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
   <script type="text/javascript">
     document.cookie = "can2=has2";
 
     // send a message to our test document, to say we're done loading
     window.parent.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 <body>
 <iframe name="frame1" src="http://example.org/tests/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta2=tag2
--- a/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html
+++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta3=tag3">
   <script type="text/javascript">
     document.cookie = "can3=has3";
 
     // send a message to our test document, to say we're done loading
     window.parent.parent.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 </head>
 <body>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta3=tag3
--- a/netwerk/test/mochitests/file_domain_inner.html
+++ b/netwerk/test/mochitests/file_domain_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     document.cookie = "can=has";
 
     // send a message to our test document, to say we're done loading
     window.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 <body>
 <iframe name="frame1" src="http://example.org/tests/netwerk/test/mochitests/file_domain_inner_inner.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_domain_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/file_domain_inner_inner.html
+++ b/netwerk/test/mochitests/file_domain_inner_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
   <script type="text/javascript">
     document.cookie = "can2=has2";
 
     // send a message to our test document, to say we're done loading
     window.parent.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 </head>
 <body>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_domain_inner_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta2=tag2
--- a/netwerk/test/mochitests/file_image_inner.html
+++ b/netwerk/test/mochitests/file_image_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     document.cookie = "can=has";
 
     // send a message to our test document, to say we're done loading
     window.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 </head>
 <body>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_image_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/file_image_inner_inner.html
+++ b/netwerk/test/mochitests/file_image_inner_inner.html
@@ -1,14 +1,13 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <link rel="stylesheet" type="text/css" media="all" href="http://example.org/tests/netwerk/test/mochitests/test1.css" />
   <link rel="stylesheet" type="text/css" media="all" href="http://example.com/tests/netwerk/test/mochitests/test2.css" />
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
   <script type="text/javascript">
     function runTest() {
       document.cookie = "can2=has2";
 
       // send a message to our test document, to say we're done loading
       window.parent.opener.postMessage("message", "http://mochi.test:8888");
     }
   </script>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_image_inner_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta2=tag2
--- a/netwerk/test/mochitests/file_loadflags_inner.html
+++ b/netwerk/test/mochitests/file_loadflags_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     function runTest() {
       document.cookie = "can=has";
 
       // send a message to our test document, to say we're done loading
       window.opener.postMessage("f_lf_i msg data img", "http://mochi.test:8888");
     }
   </script>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_loadflags_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/file_localhost_inner.html
+++ b/netwerk/test/mochitests/file_localhost_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     document.cookie = "can=has";
 
     // send a message to our test document, to say we're done loading
     window.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 <body>
 <iframe name="frame1" src="http://mochi.test:8888/tests/netwerk/test/mochitests/file_domain_inner_inner.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_localhost_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/file_loopback_inner.html
+++ b/netwerk/test/mochitests/file_loopback_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     document.cookie = "can=has";
 
     // send a message to our test document, to say we're done loading
     window.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 <body>
 <iframe name="frame1" src="http://127.0.0.1:8888/tests/netwerk/test/mochitests/file_domain_inner_inner.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_loopback_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/file_subdomain_inner.html
+++ b/netwerk/test/mochitests/file_subdomain_inner.html
@@ -1,12 +1,11 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
   <script type="text/javascript">
     document.cookie = "can=has";
 
     // send a message to our test document, to say we're done loading
     window.opener.postMessage("message", "http://mochi.test:8888");
   </script>
 <body>
 <iframe name="frame1" src="http://test2.example.org/tests/netwerk/test/mochitests/file_domain_inner_inner.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_subdomain_inner.html^headers^
@@ -0,0 +1,1 @@
+Set-Cookie: meta=tag
--- a/netwerk/test/mochitests/mochitest.ini
+++ b/netwerk/test/mochitests/mochitest.ini
@@ -21,26 +21,37 @@ support-files =
   origin_header.sjs
   origin_header_form_post.html
   origin_header_form_post_xorigin.html
   subResources.sjs
   beltzner.jpg
   beltzner.jpg^headers^
   file_chromecommon.js
   file_domain_hierarchy_inner.html
+  file_domain_hierarchy_inner.html^headers^
   file_domain_hierarchy_inner_inner.html
+  file_domain_hierarchy_inner_inner.html^headers^
   file_domain_hierarchy_inner_inner_inner.html
+  file_domain_hierarchy_inner_inner_inner.html^headers^
   file_domain_inner.html
+  file_domain_inner.html^headers^
   file_domain_inner_inner.html
+  file_domain_inner_inner.html^headers^
   file_image_inner.html
+  file_image_inner.html^headers^
   file_image_inner_inner.html
+  file_image_inner_inner.html^headers^
   file_loadflags_inner.html
+  file_loadflags_inner.html^headers^
   file_localhost_inner.html
+  file_localhost_inner.html^headers^
   file_loopback_inner.html
+  file_loopback_inner.html^headers^
   file_subdomain_inner.html
+  file_subdomain_inner.html^headers^
   file_testcommon.js
   file_testloadflags.js
   file_testloadflags_chromescript.js
   image1.png
   image1.png^headers^
   image2.png
   image2.png^headers^
   test1.css
--- a/netwerk/test/mochitests/test_same_base_domain.html
+++ b/netwerk/test/mochitests/test_same_base_domain.html
@@ -1,15 +1,15 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Cross domain access to properties</title>
   <script src="/tests/SimpleTest/SimpleTest.js"></script>        
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
-<body onload="setupTest('http://test1.example.org/tests/netwerk/test/mochitests/file_domain_inner.html', 5, 2)">
+<body onload="setupTest('http://test1.example.org/tests/netwerk/test/mochitests/file_domain_inner.html', 4, 2)">
 <p id="display"></p>
 <pre id="test">
 <script class="testbody" type="text/javascript" src="file_testcommon.js">
 </script>
 </pre>
 </body>
 </html>
--- a/netwerk/test/mochitests/test_same_base_domain_3.html
+++ b/netwerk/test/mochitests/test_same_base_domain_3.html
@@ -1,15 +1,15 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Cross domain access to properties</title>
   <script src="/tests/SimpleTest/SimpleTest.js"></script>        
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
-<body onload="setupTest('http://example.org/tests/netwerk/test/mochitests/file_subdomain_inner.html', 5, 2)">
+<body onload="setupTest('http://example.org/tests/netwerk/test/mochitests/file_subdomain_inner.html', 4, 2)">
 <p id="display"></p>
 <pre id="test">
 <script class="testbody" type="text/javascript" src="file_testcommon.js">
 </script>
 </pre>
 </body>
 </html>
--- a/netwerk/test/mochitests/test_same_base_domain_5.html
+++ b/netwerk/test/mochitests/test_same_base_domain_5.html
@@ -1,15 +1,15 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Cross domain access to properties</title>
   <script src="/tests/SimpleTest/SimpleTest.js"></script>        
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
-<body onload="setupTest('http://sub1.test1.example.org/tests/netwerk/test/mochitests/file_subdomain_inner.html', 5, 2)">
+<body onload="setupTest('http://sub1.test1.example.org/tests/netwerk/test/mochitests/file_subdomain_inner.html', 4, 2)">
 <p id="display"></p>
 <pre id="test">
 <script class="testbody" type="text/javascript" src="file_testcommon.js">
 </script>
 </pre>
 </body>
 </html>
--- a/netwerk/test/mochitests/test_samedomain.html
+++ b/netwerk/test/mochitests/test_samedomain.html
@@ -1,15 +1,15 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Cross domain access to properties</title>
   <script src="/tests/SimpleTest/SimpleTest.js"></script>        
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
-<body onload="setupTest('http://example.org/tests/netwerk/test/mochitests/file_domain_inner.html', 5, 2)">
+<body onload="setupTest('http://example.org/tests/netwerk/test/mochitests/file_domain_inner.html', 4, 2)">
 <p id="display"></p>
 <pre id="test">
 <script class="testbody" type="text/javascript" src="file_testcommon.js">
 </script>
 </pre>
 </body>
 </html>
--- a/testing/web-platform/meta/cookies/meta-blocked.html.ini
+++ b/testing/web-platform/meta/cookies/meta-blocked.html.ini
@@ -1,4 +1,2 @@
 [meta-blocked.html]
-  [Cookie is not set from `<meta>`.]
-    expected: FAIL
-
+  prefs: [content.cookie.meta.disabled:false]