Closed Bug 1224579 Opened 6 years ago Closed 5 years ago

Setting cookie with leading dot in domain doesn't work

Categories

(WebExtensions :: Untriaged, defect)

Product:
WebExtensions
Component:
Untriaged
Version:
44 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox46 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla46
Tracking Flags:
Tracking Status
firefox46 --- fixed

People

(Reporter: jan, Assigned: kmag)

References

Details

Attachments

(2 files)

Allow leading dot in domain in cookies.set
2.16 KB, patch
billm
: review+
Details | Diff | Splinter Review
[webext] Fix the handling of domain cookies
7.02 KB, patch
evilpie
: review+
Details | Diff | Splinter Review 
Setting cookie with domain which has the leading dot doesn't work.

var domain = ".example.com";
chrome.cookies.set({"url": url, "domain": domain, "path": "/", "name": "api_debug", "value": "1"});

It will be probably caused by readding antoher in https://dxr.mozilla.org/mozilla-central/rev/0c648a1efbe06b5ec866ba058d18256b80808b46/toolkit/components/extensions/ext-cookies.js#180 (sorry, the link currently does not work, e500, the general https://dxr.mozilla.org/mozilla-central/source/toolkit/components/extensions/ext-cookies.js#180)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-webextensions?
When I read the documentation I somehow assumed that all domains should be the opposite host-only, but it only says when "domain" is committed that cookie should become host only. "The domain of the cookie. If omitted, the cookie becomes a host-only cookie."

So I have to test Chrome again if it always adds a "." before domains. The two leading dots are definitely wrong.
Assignee: nobody → evilpies
Duplicate of this bug: 1233342
(In reply to Bill McCloskey (:billm) from comment #4)
> Does the patch in bug 1210996 fix this?

I think it does, but it would be good to have the additional test either way.
Comment on attachment 8700613 [details] [diff] [review]
Allow leading dot in domain in cookies.set

Review of attachment 8700613 [details] [diff] [review]:
-----------------------------------------------------------------

Yeah, that's true. Tom, once Kris lands his patch, can you check that the test passes without your ext-cookies.js change and then just land the test?
Attachment #8700613 - Flags: review?(wmccloskey) → review+
The error went away, but the result is wrong. It seems to create a hostOnly cookie now. If 'domain' is specified the result is never a hostOnly cookie. As far as I can tell you can only get such a cookie when omitting it.
You're right, I got that bit of logic wrong.
Attachment #8701501 - Flags: review?(evilpies)
Assignee: evilpies → kmaglione+bmo
Status: NEW → ASSIGNED
Comment on attachment 8701501 [details] [diff] [review]
[webext] Fix the handling of domain cookies

Review of attachment 8701501 [details] [diff] [review]:
-----------------------------------------------------------------

As requested, we should also land my test. The new code is really nice btw :)

::: toolkit/components/extensions/ext-cookies.js
@@ +70,5 @@
>    if (!extension.whiteListedHosts.matchesIgnoringPath(uri)) {
>      return false;
>    }
>  
> +  if (!cookie.host) {

Comment that this will be a host only cookie.
Attachment #8701501 - Flags: review?(evilpies) → review+
Keywords: leave-open
I fixed the conflicts, and checked that your tests pass after that patch. Let me know if you want me to check it in.
Sure, whenever you want.
Keywords: leave-open
https://hg.mozilla.org/mozilla-central/rev/e25c5bf2da74
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox46: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.