summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn-Mark Bell <jmb@netsurf-browser.org>2013-01-04 22:01:15 +0000
committerJohn-Mark Bell <jmb@netsurf-browser.org>2013-01-04 22:06:31 +0000
commitd0d3d31e97c3d8e23be983243fb29e30accb4c86 (patch)
tree810c593aa6def23786def34188b702a78303de1e
parent07024b05c4be91498245a3066fc3365259acf8bd (diff)
downloadnetsurf-d0d3d31e97c3d8e23be983243fb29e30accb4c86.tar.gz
netsurf-d0d3d31e97c3d8e23be983243fb29e30accb4c86.tar.bz2
Revert "Treat cookies from HTTP and HTTPS as identical."
Sadly, this breaks path cookies on HTTPS sites. The correct fix is to implement RFC6265 in full (probably replacing urldb with something less complex, too). This reverts commit 924f8844d4e94f56232d70b25a925731ab19a84c.
-rw-r--r--content/urldb.c47
-rw-r--r--utils/corestrings.c3
-rw-r--r--utils/corestrings.h1
3 files changed, 20 insertions, 31 deletions
diff --git a/content/urldb.c b/content/urldb.c
index 050dbf650..e3cc1d73d 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -2410,9 +2410,9 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only)
const char *path;
char *ret;
lwc_string *scheme;
- bool target_is_secure;
time_t now;
int i;
+ bool match;
assert(url != NULL);
@@ -2425,15 +2425,7 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only)
if (!p)
return NULL;
- scheme = nsurl_get_component(url, NSURL_SCHEME);
- if (scheme == NULL)
- scheme = lwc_string_ref(corestring_lwc_http);
-
- if (lwc_string_caseless_isequal(scheme, corestring_lwc_https,
- &target_is_secure) != lwc_error_ok)
- return NULL;
-
- lwc_string_unref(scheme);
+ scheme = p->scheme;
matched_cookies = malloc(matched_cookies_size *
sizeof(struct cookie_internal_data *));
@@ -2492,7 +2484,11 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only)
/* cookie has expired => ignore */
continue;
- if (c->secure && target_is_secure == false)
+ if (c->secure && lwc_string_isequal(
+ q->scheme,
+ corestring_lwc_https,
+ &match) &&
+ match == false)
/* secure cookie for insecure host.
* ignore */
continue;
@@ -2527,7 +2523,11 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only)
/* cookie has expired => ignore */
continue;
- if (c->secure && target_is_secure == false)
+ if (c->secure && lwc_string_isequal(
+ q->scheme,
+ corestring_lwc_https,
+ &match) &&
+ match == false)
/* Secure cookie for insecure server
* => ignore */
continue;
@@ -2567,7 +2567,10 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only)
/* paths don't match => ignore */
continue;
- if (c->secure && target_is_secure == false)
+ if (c->secure && lwc_string_isequal(p->scheme,
+ corestring_lwc_https,
+ &match) &&
+ match == false)
/* Secure cookie for insecure server
* => ignore */
continue;
@@ -2598,7 +2601,10 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only)
/* paths don't match => ignore */
continue;
- if (c->secure && target_is_secure == false)
+ if (c->secure && lwc_string_isequal(scheme,
+ corestring_lwc_https,
+ &match) &&
+ match == false)
/* secure cookie for insecure host. ignore */
continue;
@@ -2692,19 +2698,6 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
return false;
}
- /* If HTTPS, store cookie using HTTP */
- if (lwc_string_caseless_isequal(scheme, corestring_lwc_https,
- &match) != lwc_error_ok) {
- lwc_string_unref(scheme);
- nsurl_unref(urlt);
- return false;
- }
-
- if (match) {
- lwc_string_unref(scheme);
- scheme = lwc_string_ref(corestring_lwc_http);
- }
-
path = nsurl_get_component(url, NSURL_PATH);
if (path == NULL) {
lwc_string_unref(scheme);
diff --git a/utils/corestrings.c b/utils/corestrings.c
index 4be9871ce..65666df66 100644
--- a/utils/corestrings.c
+++ b/utils/corestrings.c
@@ -58,7 +58,6 @@ lwc_string *corestring_lwc_head;
lwc_string *corestring_lwc_hidden;
lwc_string *corestring_lwc_hr;
lwc_string *corestring_lwc_html;
-lwc_string *corestring_lwc_http;
lwc_string *corestring_lwc_https;
lwc_string *corestring_lwc_iframe;
lwc_string *corestring_lwc_image;
@@ -273,7 +272,6 @@ void corestrings_fini(void)
CSS_LWC_STRING_UNREF(hidden);
CSS_LWC_STRING_UNREF(hr);
CSS_LWC_STRING_UNREF(html);
- CSS_LWC_STRING_UNREF(http);
CSS_LWC_STRING_UNREF(https);
CSS_LWC_STRING_UNREF(iframe);
CSS_LWC_STRING_UNREF(image);
@@ -508,7 +506,6 @@ nserror corestrings_init(void)
CSS_LWC_STRING_INTERN(hidden);
CSS_LWC_STRING_INTERN(hr);
CSS_LWC_STRING_INTERN(html);
- CSS_LWC_STRING_INTERN(http);
CSS_LWC_STRING_INTERN(https);
CSS_LWC_STRING_INTERN(iframe);
CSS_LWC_STRING_INTERN(image);
diff --git a/utils/corestrings.h b/utils/corestrings.h
index 74c3faa82..08d254501 100644
--- a/utils/corestrings.h
+++ b/utils/corestrings.h
@@ -62,7 +62,6 @@ extern lwc_string *corestring_lwc_head;
extern lwc_string *corestring_lwc_hidden;
extern lwc_string *corestring_lwc_hr;
extern lwc_string *corestring_lwc_html;
-extern lwc_string *corestring_lwc_http;
extern lwc_string *corestring_lwc_https;
extern lwc_string *corestring_lwc_iframe;
extern lwc_string *corestring_lwc_image;