From 924f8844d4e94f56232d70b25a925731ab19a84c Mon Sep 17 00:00:00 2001 From: John-Mark Bell Date: Thu, 3 Jan 2013 00:28:51 +0000 Subject: Treat cookies from HTTP and HTTPS as identical. --- content/urldb.c | 47 +++++++++++++++++++++++++++-------------------- utils/corestrings.c | 3 +++ utils/corestrings.h | 1 + 3 files changed, 31 insertions(+), 20 deletions(-) diff --git a/content/urldb.c b/content/urldb.c index e3cc1d73d..050dbf650 100644 --- a/content/urldb.c +++ b/content/urldb.c @@ -2410,9 +2410,9 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) const char *path; char *ret; lwc_string *scheme; + bool target_is_secure; time_t now; int i; - bool match; assert(url != NULL); @@ -2425,7 +2425,15 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) if (!p) return NULL; - scheme = p->scheme; + scheme = nsurl_get_component(url, NSURL_SCHEME); + if (scheme == NULL) + scheme = lwc_string_ref(corestring_lwc_http); + + if (lwc_string_caseless_isequal(scheme, corestring_lwc_https, + &target_is_secure) != lwc_error_ok) + return NULL; + + lwc_string_unref(scheme); matched_cookies = malloc(matched_cookies_size * sizeof(struct cookie_internal_data *)); @@ -2484,11 +2492,7 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* cookie has expired => ignore */ continue; - if (c->secure && lwc_string_isequal( - q->scheme, - corestring_lwc_https, - &match) && - match == false) + if (c->secure && target_is_secure == false) /* secure cookie for insecure host. * ignore */ continue; @@ -2523,11 +2527,7 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* cookie has expired => ignore */ continue; - if (c->secure && lwc_string_isequal( - q->scheme, - corestring_lwc_https, - &match) && - match == false) + if (c->secure && target_is_secure == false) /* Secure cookie for insecure server * => ignore */ continue; @@ -2567,10 +2567,7 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* paths don't match => ignore */ continue; - if (c->secure && lwc_string_isequal(p->scheme, - corestring_lwc_https, - &match) && - match == false) + if (c->secure && target_is_secure == false) /* Secure cookie for insecure server * => ignore */ continue; @@ -2601,10 +2598,7 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* paths don't match => ignore */ continue; - if (c->secure && lwc_string_isequal(scheme, - corestring_lwc_https, - &match) && - match == false) + if (c->secure && target_is_secure == false) /* secure cookie for insecure host. ignore */ continue; @@ -2698,6 +2692,19 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) return false; } + /* If HTTPS, store cookie using HTTP */ + if (lwc_string_caseless_isequal(scheme, corestring_lwc_https, + &match) != lwc_error_ok) { + lwc_string_unref(scheme); + nsurl_unref(urlt); + return false; + } + + if (match) { + lwc_string_unref(scheme); + scheme = lwc_string_ref(corestring_lwc_http); + } + path = nsurl_get_component(url, NSURL_PATH); if (path == NULL) { lwc_string_unref(scheme); diff --git a/utils/corestrings.c b/utils/corestrings.c index 9fee96d6e..19ffcd148 100644 --- a/utils/corestrings.c +++ b/utils/corestrings.c @@ -58,6 +58,7 @@ lwc_string *corestring_lwc_head; lwc_string *corestring_lwc_hidden; lwc_string *corestring_lwc_hr; lwc_string *corestring_lwc_html; +lwc_string *corestring_lwc_http; lwc_string *corestring_lwc_https; lwc_string *corestring_lwc_iframe; lwc_string *corestring_lwc_image; @@ -272,6 +273,7 @@ void corestrings_fini(void) CSS_LWC_STRING_UNREF(hidden); CSS_LWC_STRING_UNREF(hr); CSS_LWC_STRING_UNREF(html); + CSS_LWC_STRING_UNREF(http); CSS_LWC_STRING_UNREF(https); CSS_LWC_STRING_UNREF(iframe); CSS_LWC_STRING_UNREF(image); @@ -506,6 +508,7 @@ nserror corestrings_init(void) CSS_LWC_STRING_INTERN(hidden); CSS_LWC_STRING_INTERN(hr); CSS_LWC_STRING_INTERN(html); + CSS_LWC_STRING_INTERN(http); CSS_LWC_STRING_INTERN(https); CSS_LWC_STRING_INTERN(iframe); CSS_LWC_STRING_INTERN(image); diff --git a/utils/corestrings.h b/utils/corestrings.h index 08d254501..74c3faa82 100644 --- a/utils/corestrings.h +++ b/utils/corestrings.h @@ -62,6 +62,7 @@ extern lwc_string *corestring_lwc_head; extern lwc_string *corestring_lwc_hidden; extern lwc_string *corestring_lwc_hr; extern lwc_string *corestring_lwc_html; +extern lwc_string *corestring_lwc_http; extern lwc_string *corestring_lwc_https; extern lwc_string *corestring_lwc_iframe; extern lwc_string *corestring_lwc_image; -- cgit v1.2.3