summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--content/fetchers/curl.c2
-rw-r--r--content/urldb.c26
-rw-r--r--content/urldb.h3
-rw-r--r--javascript/jsapi/htmldocument.bnd2
4 files changed, 25 insertions, 8 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 400d0efcf..ff7ccbe30 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -597,7 +597,7 @@ fetch_curl_set_options(struct curl_fetch_info *f)
SETOPT(CURLOPT_HTTPGET, 1L);
}
- f->cookie_string = urldb_get_cookie(f->url);
+ f->cookie_string = urldb_get_cookie(f->url, true);
if (f->cookie_string) {
SETOPT(CURLOPT_COOKIE, f->cookie_string);
} else {
diff --git a/content/urldb.c b/content/urldb.c
index eee98b3b2..e3cc1d73d 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -120,6 +120,7 @@ struct cookie_internal_data {
time_t expires; /**< Expiry timestamp, or -1 for session */
time_t last_used; /**< Last used time */
bool secure; /**< Only send for HTTPS requests */
+ bool http_only; /**< Only expose to HTTP(S) requests */
cookie_version version; /**< Specification compliance */
bool no_destroy; /**< Never destroy this cookie,
* unless it's expired */
@@ -321,7 +322,7 @@ static struct search_node *search_trees[NUM_SEARCH_TREES] = {
};
#define MIN_COOKIE_FILE_VERSION 100
-#define COOKIE_FILE_VERSION 101
+#define COOKIE_FILE_VERSION 102
static int loaded_cookie_file_version;
#define MIN_URL_FILE_VERSION 106
#define URL_FILE_VERSION 106
@@ -2393,9 +2394,10 @@ struct search_node *urldb_search_split(struct search_node *root)
* Retrieve cookies for an URL
*
* \param url URL being fetched
+ * \param include_http_only Whether to include HTTP(S) only cookies.
* \return Cookies string for libcurl (on heap), or NULL on error/no cookies
*/
-char *urldb_get_cookie(nsurl *url)
+char *urldb_get_cookie(nsurl *url, bool include_http_only)
{
const struct path_data *p, *q;
const struct host_part *h;
@@ -2491,6 +2493,10 @@ char *urldb_get_cookie(nsurl *url)
* ignore */
continue;
+ if (c->http_only && !include_http_only)
+ /* Ignore HttpOnly */
+ continue;
+
matched_cookies[count++] = c;
GROW_MATCHED_COOKIES;
@@ -3275,6 +3281,8 @@ bool urldb_parse_avpair(struct cookie_internal_data *c, char *n, char *v,
c->expires = expires;
} else if (strcasecmp(n, "Secure") == 0) {
c->secure = true;
+ } else if (strcasecmp(n, "HttpOnly") == 0) {
+ c->http_only = true;
} else if (!c->name) {
c->name = strdup(n);
c->value = strdup(v);
@@ -3615,7 +3623,7 @@ void urldb_load_cookies(const char *filename)
*domain, *path, *name, *value, *scheme, *url,
*comment;
int version, domain_specified, path_specified,
- secure, no_destroy, value_quoted;
+ secure, http_only, no_destroy, value_quoted;
time_t expires, last_used;
struct cookie_internal_data *c;
@@ -3653,6 +3661,12 @@ void urldb_load_cookies(const char *filename)
SKIP_T; path = p; FIND_T;
SKIP_T; path_specified = atoi(p); FIND_T;
SKIP_T; secure = atoi(p); FIND_T;
+ if (loaded_cookie_file_version > 101) {
+ /* Introduced in version 1.02 */
+ SKIP_T; http_only = atoi(p); FIND_T;
+ } else {
+ http_only = 0;
+ }
SKIP_T; expires = (time_t)atoi(p); FIND_T;
SKIP_T; last_used = (time_t)atoi(p); FIND_T;
SKIP_T; no_destroy = atoi(p); FIND_T;
@@ -3691,6 +3705,7 @@ void urldb_load_cookies(const char *filename)
c->expires = expires;
c->last_used = last_used;
c->secure = secure;
+ c->http_only = http_only;
c->version = version;
c->no_destroy = no_destroy;
@@ -3833,7 +3848,7 @@ void urldb_save_cookies(const char *filename)
"# All lines prior to \"Version:\t%d\" are discarded.\n"
"#\n"
"# Version\tDomain\tDomain from Set-Cookie\tPath\t"
- "Path from Set-Cookie\tSecure\tExpires\tLast used\t"
+ "Path from Set-Cookie\tSecure\tHTTP-Only\tExpires\tLast used\t"
"No destroy\tName\tValue\tValue was quoted\tScheme\t"
"URL\tComment\n",
cookie_file_version);
@@ -3884,11 +3899,12 @@ void urldb_save_cookie_paths(FILE *fp, struct path_data *parent)
continue;
fprintf(fp,
- "%d\t%s\t%d\t%s\t%d\t%d\t%d\t%d\t%d\t"
+ "%d\t%s\t%d\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t"
"%s\t%s\t%d\t%s\t%s\t%s\n",
c->version, c->domain,
c->domain_from_set, c->path,
c->path_from_set, c->secure,
+ c->http_only,
(int)c->expires, (int)c->last_used,
c->no_destroy, c->name, c->value,
c->value_was_quoted,
diff --git a/content/urldb.h b/content/urldb.h
index 00af8e312..9c88903b1 100644
--- a/content/urldb.h
+++ b/content/urldb.h
@@ -54,6 +54,7 @@ struct cookie_data {
const time_t expires; /**< Expiry timestamp, or 1 for session */
const time_t last_used; /**< Last used time */
const bool secure; /**< Only send for HTTPS requests */
+ const bool http_only; /**< Only expose to HTTP(S) requests */
cookie_version version; /**< Specification compliance */
const bool no_destroy; /**< Never destroy this cookie,
* unless it's expired */
@@ -115,7 +116,7 @@ void urldb_dump(void);
/* Cookies */
bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer);
-char *urldb_get_cookie(nsurl *url);
+char *urldb_get_cookie(nsurl *url, bool include_http_only);
void urldb_delete_cookie(const char *domain, const char *path, const char *name);
void urldb_load_cookies(const char *filename);
void urldb_save_cookies(const char *filename);
diff --git a/javascript/jsapi/htmldocument.bnd b/javascript/jsapi/htmldocument.bnd
index cde218450..a45489245 100644
--- a/javascript/jsapi/htmldocument.bnd
+++ b/javascript/jsapi/htmldocument.bnd
@@ -44,7 +44,7 @@ api finalise %{
getter cookie %{
char *cookie_str;
- cookie_str = urldb_get_cookie(llcache_handle_get_url(private->htmlc->base.llcache));
+ cookie_str = urldb_get_cookie(llcache_handle_get_url(private->htmlc->base.llcache), false);
if (cookie_str != NULL) {
jsret = JS_NewStringCopyN(cx, cookie_str, strlen(cookie_str));
free(cookie_str);