Closed
Bug 1286858
Opened 8 years ago
Closed 7 years ago
Modify nsCookie*, interfaces and storage to include the SameSite attribute
Categories
(Core :: Networking: Cookies, defect, P2)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
mozilla58
| Tracking | Status | |
|---|---|---|
| firefox58 | --- | fixed |
People
(Reporter: mgoodwin, Assigned: amchung)
References
Details
Attachments
(1 file, 1 obsolete file)
|
40.83 KB,
patch
|
amchung
:
review+
|
Details | Diff | Splinter Review |
See https://tools.ietf.org/html/draft-west-first-party-cookies-07 - section 4.2
Mark, what's the roadmap for the SameSite cookie attribute? Are you working on this?
|
||
Updated•8 years ago
|
Whiteboard: [necko-active]
|
Reporter | |
Comment 2•8 years ago
|
||
(In reply to m.kurz from comment #1)
> Mark, what's the roadmap for the SameSite cookie attribute? Are you working
> on this?
I'm hoping for firefox 51 (or shortly after).
Yes, I am actively working on this.
|
|
Reporter | |
Comment 3•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/66028/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/66028/
Attachment #8773284 -
Flags: review?(valentin.gosu)
|
|
Reporter | |
Comment 4•8 years ago
|
||
Valentin; at this stage this is more feedback? than r? - but AFICT mozreview has no support for such a thing.
|
||
Comment 5•8 years ago
|
||
Comment on attachment 8773284 [details]
Bug 1286858 - Data storage and interface changes for SameSite cookies
Looks good overall. I haven't looked at the SQL bits too closely.
I would add a check to nsCookie::Create() that aSameSite has a sane value.
Also, some tests that actually use this feature would be great, and the comments in nsICookie2.idl should specify what the attribute is used for. Thanks!
Attachment #8773284 -
Flags: review?(valentin.gosu) → feedback+
| Comment hidden (mozreview-request) |
|
|
||
Comment 7•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8773284 [details]
Bug 1286858 - Data storage and interface changes for SameSite cookies
https://reviewboard.mozilla.org/r/66028/#review70856
Looks good to me. Thanks!
Attachment #8773284 -
Flags: review?(valentin.gosu) → review+
|
|
Reporter | |
Comment 8•8 years ago
|
||
|
|
Reporter | |
Comment 9•8 years ago
|
||
|
|
Reporter | |
Comment 10•8 years ago
|
||
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
Blocks: 1298370
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
||
Comment 15•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8773284 [details]
Bug 1286858 - Data storage and interface changes for SameSite cookies
https://reviewboard.mozilla.org/r/66028/#review121508
Looks good to me.
r=me with the following question answered.
::: netwerk/cookie/nsCookieService.cpp:2819
(Diff revision 6)
> "creationTime, "
> "isSecure, "
> - "isHttpOnly "
> + "isHttpOnly, "
> + "baseDomain, "
> + "originAttributes, "
> + "sameSite "
baseDomain and originAttributes weren't listed here before. Was that a bug?
|
|
Reporter | |
Comment 16•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8773284 [details]
Bug 1286858 - Data storage and interface changes for SameSite cookies
https://reviewboard.mozilla.org/r/66028/#review121596
::: netwerk/cookie/nsCookieService.cpp:2819
(Diff revision 6)
> "creationTime, "
> "isSecure, "
> - "isHttpOnly "
> + "isHttpOnly, "
> + "baseDomain, "
> + "originAttributes, "
> + "sameSite "
Well, not really.
They're not actually used in GetCookieFromRow but we need to have them in the data for the row if we want to use IDX_SAME_SITE for the index in that function. Since the use of these greatly helps readability, I added them to that statement.
|
|
Reporter | |
Comment 17•8 years ago
|
||
|
||
Comment 18•7 years ago
|
||
Bulk priority update: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
|
||
Comment 19•7 years ago
|
||
Not happening for 57.
Mark, what's the status with this work? Anything we can do to move it along?
Flags: needinfo?(mgoodwin)
Priority: P1 → P2
Whiteboard: [necko-active]
|
|
Reporter | |
Comment 20•7 years ago
|
||
(In reply to Jason Duell [:jduell] (needinfo me) from comment #19)
> Not happening for 57.
>
> Mark, what's the status with this work? Anything we can do to move it along?
The patch on this bug needs rebasing and landing. With regards to the rest of the work; I'm unable to work on this in the near-term due to other priorities in CryptoEng - would be really happy to see someone else pick it up if someone in necko has time?
Assignee: mgoodwin → nobody
Flags: needinfo?(mgoodwin)
|
Assignee | |
Comment 22•7 years ago
|
||
Attachment #8773284 -
Attachment is obsolete: true
Attachment #8911588 -
Flags: review+
|
|
Assignee | |
Comment 23•7 years ago
|
||
[Try Server]
https://treeherder.mozilla.org/#/jobs?repo=try&revision=06b304474708389e207dfdf6c66e1592a2a8a01f
Keywords: checkin-needed
|
||
Comment 24•7 years ago
|
||
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/23221e95f9ca
Data storage and interface changes for SameSite cookies. r=valentin
Keywords: checkin-needed
|
||
Comment 25•7 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in
before you can comment on or make changes to this bug.
Description
•