Open Bug 1818988 Opened 2 years ago Updated 2 years ago

cookies.set() sometimes returns a cookie different from what was set (from the same domain)

Categories

(WebExtensions :: General, defect, P3)

Product:
WebExtensions
Component:
General
Type:
defect

Tracking

(Not tracked)

People

(Reporter: robwu, Unassigned)

References

Details

cookies.set - internally uses cookies.get to return the just-created cookie. For this to work, the internal parameter to cookies.get should describe a cookie equivalent to what was passed to cookies.set.

As bug 1818968 shows, there are cases where cookies.get would return an incorrect value, and therefore cookies.set(). See that other bug for the STR.

I'm filing this separate report, because there is a similar bug when cookies.set is used, in any of the following scenarios:

  • cookies.set({ url, path, ... }) called where url and path are not overlapping - see STR below.
  • cookies.set({ url, path, ... }) called where url and path overlap, but there is a cookie with a longer path field (modify step 5 of STR below by changing "/dir2" to "/", expected result would be "new" for "/", actual result would be "one" for "/dir1").

STR:

  1. Visit https://example.com/dir1/file
  2. Run the following snippet: document.cookie = "key=one";
  3. Visit https://example.com/dir2/file
  4. Run the following snippet: document.cookie = "key=two";
  5. Run the following snippet in an extension with the "cookies" permission and host permissions for (at least) example.com.
chrome.cookies.set({
  url: "https://example.com/dir1/file",
  path: "/dir2",
  name: "key",
  value: "new",
}, console.log);
  1. Run the following snippet in the tab from step 3 (https://example.com/dir2/file) and check the result: document.cookie

Expected:

  • Step 5: Logged cookie should have value "new" and path "/dir2"
  • Step 6: The value of document.cookie should be "key=new"

Actual:

  • Step 5: Logged cookie has value "one" and path "/dir1".
  • Step 6: As expected.

For comparison, Chrome currently has the same result as Firefox.

The main cause of this bug is that cookies.get call does not receive the path from cookies.set.
While this could be "fixed" by fixing bug 1818968 AND modifying details.url based on details.path before internally calling this.cookies.get, I would recommend to add a path property to the cookies.get method, because any attempt to merge path with url can result in a mismatch, e.g. when the path contains ../ or ? (similar to https://bugzilla.mozilla.org/show_bug.cgi?id=1440263#c13).

See Also: → 1440263

The work-around, however terrible it is, is to call cookies.getAll() to get all cookies and then find the right cookie among them.

Severity: -- → S4
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.