CookieService does not normalize IPv6 hosts
Categories
(Core :: Networking: Cookies, defect, P2)
Tracking
()
People
(Reporter: leander.schwarz, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: priv-triaged, Whiteboard: [necko-triaged])
Attachments
(1 file)
57.63 KB,
image/png
|
Details |
IPv6 host cookies added through the CookieService are not normalized, leading to IPv6 hosts being able to be stored multiple times in different representations (e.g. "0:0:0:0:0:0:0:1" and "::1").
If added through a HTTP channel they are normalized but brackets (e.g. "[::1]") are added around the host to disambiguate between host and port colons. While necessary for URLs this does not match the principals host representation without brackets.
To be able to store / remove / lookup IPv6 cookies correctly and consistently, the IPv6 cookie host representation should be normalized on every CookieService operation. Since internally hosts with brackets are used in multiple places, brackets should be added for IPv6 hosts as part of the normalization.
Comment 1•11 months ago
•
|
||
There also seems to be an inconsistency between state reported by storage/cache and cookies
Comment 2•11 months ago
|
||
Clear the severity since I am moving it to another component.
Updated•11 months ago
|
Reporter | ||
Updated•3 months ago
|
Description
•