Implement "cookie-averse document objects".

See: https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object This resolves #196.
author: wolfbeast <mcwerewolf@gmail.com> 2017-11-20 14:20:39 +0100
committer: wolfbeast <mcwerewolf@gmail.com> 2018-02-08 21:02:09 +0100
commit: 85083fce2da7a270e324fd951b7f3d03a50aef1b (patch)
tree: d278950db54b32faa9dded6e46dd475f904d3030 /dom/base/nsContentSink.cpp
parent: ef720ec2507fafcb67b5ef1a1ef34a2aae5b5868 (diff)
download: UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar
UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar.gz
UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar.lz
UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar.xz
UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/dom/base/nsContentSink.cpp b/dom/base/nsContentSink.cpp
index 3d6f069d2..85b3d07bf 100644
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -305,6 +305,11 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
   mDocument->SetHeaderData(aHeader, aValue);
 
   if (aHeader == nsGkAtoms::setcookie) {
+    // Don't allow setting cookies in cookie-averse documents.
+    if (mDocument->IsCookieAverse()) {
+      return NS_OK;
+    }
+
     // Note: Necko already handles cookies set via the channel.  We can't just
     // call SetCookie on the channel because we want to do some security checks
     // here.
author	wolfbeast <mcwerewolf@gmail.com>	2017-11-20 14:20:39 +0100
committer	wolfbeast <mcwerewolf@gmail.com>	2018-02-08 21:02:09 +0100
commit	85083fce2da7a270e324fd951b7f3d03a50aef1b (patch)
tree	d278950db54b32faa9dded6e46dd475f904d3030 /dom/base/nsContentSink.cpp
parent	ef720ec2507fafcb67b5ef1a1ef34a2aae5b5868 (diff)
download	UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar.gz UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar.lz UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.tar.xz UXP-85083fce2da7a270e324fd951b7f3d03a50aef1b.zip