An unexpected error occurred with browser.cookies.set() with domain and url key for ip addresses
Categories
(WebExtensions :: Compatibility, defect, P5)
Tracking
(firefox68 fixed)
Tracking | Status | |
---|---|---|
firefox68 | --- | fixed |
People
(Reporter: mrdokenny, Assigned: myeongjun.ko, Mentored)
References
Details
(Keywords: good-first-bug)
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Steps to reproduce: 1. Have an extension with cookies and all urls permission 2. Run this in either the extension code or in the console await browser.cookies.set({ "domain": "192.168.1.1", "httpOnly": true, "name": "", "path": "/", "sameSite": "lax", "secure": true, "storeId": "firefox-default", "url": "https://192.168.1.1/", "value": "" }) Actual results: Error: An unexpected error occurred Expected results: A cookie should have been set. The above works in Chrome though. This call without the domain key works in Firefox. await browser.cookies.set({ "httpOnly": true, "name": "", "path": "/", "sameSite": "lax", "secure": true, "storeId": "firefox-default", "url": "https://192.168.1.1/", "value": "" }) Another thing to note is that this only happens for IP domains.
Updated•5 years ago
|
Updated•5 years ago
|
Comment 1•5 years ago
|
||
This call without the domain key works in Firefox.
This is how the cookies API is supposed to be used. When the "domain" key is passed to the details parameter of browser.cookies.set, the extension API will treat it as a domain cookie (opposed to a host-only cookie). IP addresses are not domain names (they cannot have subdomains), so only host-only cookies are supported for these addresses.
Our implementation unconditionally prepends a period (".") [1], which causes the cookie to be interpreted as a domain cookie. To force the cookie to be treated as a host-only cookie, check if the host is an IP address and avoid prepending a period (e.g. by returning early).
Comment 3•5 years ago
|
||
For those who want to fix this bug, I described the issue and how to fix it in more detail at https://phabricator.services.mozilla.com/D21828#752489
Note: The
browser.cookies.set
implementation currently also has an issue with brackets: https://searchfox.org/mozilla-central/rev/2738efcf98d746c8810819e7c0634b2c57212a8d/toolkit/components/extensions/parent/ext-cookies.js#86-100,130-132
- Line 86-88 : If
domain
is not passed tobrowser.cookies.set
(i.e.cookie.host
is empty), the parsed URI'shost
is used, which does not have brackets - OK.- Line 100 : The
cookie.host
(should be with brackets) is compared withuri.host
(which doesn't have brackets). This is wrong. At that point,cookie.host
should be normalized withdropBracketsIfIPv6
.- Line 130-132 : This is the cause of https://bugzilla.mozilla.org/show_bug.cgi?id=1517993
Together with comment 1, the path to a patch should be quite doable.
If you are new here and interested in picking up this bug, see https://wiki.mozilla.org/WebExtensions/Contribution_Onramp
Assignee | ||
Comment 4•5 years ago
|
||
Could I ask you this issue?
I want to check contents I understand.
Because IP address are not domain names.
If host(i.e. cookie.host) is IP address(IPv6 or IPv4), the host(i.e. cookie.host) be not added a leading ".".
If I understood right, I would try to solve this issue.
Comment 5•5 years ago
|
||
I believe that you have understood the issue, and have assigned the bug to you.
Assignee | ||
Comment 6•5 years ago
|
||
Assignee | ||
Comment 7•5 years ago
|
||
Thanks for checking my code:) I appreciate it.
I revised again.
If It's wrong or need correction, please tell me again.
Assignee | ||
Updated•5 years ago
|
Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2f69f765ef51
An unexpected error occured with browser.cookies.set() with domain and url key for ip address. r=robwu,rpl,mixedpuppy
Comment 10•5 years ago
|
||
bugherder |
Description
•