From 85083fce2da7a270e324fd951b7f3d03a50aef1b Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Mon, 20 Nov 2017 14:20:39 +0100
Subject: Implement "cookie-averse document objects".

See: https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object
This resolves #196.
---
 dom/base/nsContentSink.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'dom/base/nsContentSink.cpp')

diff --git a/dom/base/nsContentSink.cpp b/dom/base/nsContentSink.cpp
index 3d6f069d2..85b3d07bf 100644
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -305,6 +305,11 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
   mDocument->SetHeaderData(aHeader, aValue);
 
   if (aHeader == nsGkAtoms::setcookie) {
+    // Don't allow setting cookies in cookie-averse documents.
+    if (mDocument->IsCookieAverse()) {
+      return NS_OK;
+    }
+
     // Note: Necko already handles cookies set via the channel.  We can't just
     // call SetCookie on the channel because we want to do some security checks
     // here.
-- 
cgit v1.2.3