Closed
Bug 1950565
Opened 14 days ago
Closed
CookieStore must enforce the maximum name/value pair size correctly
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
137 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox136 | + | fixed |
| firefox137 | + | fixed |
People
(Reporter: baku, Assigned: baku)
References
Details
(Keywords: webcompat:platform-bug)
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
dmeehan
:
approval-mozilla-release+
|
Details | Review |
"The combined lengths of the name and value fields must not be greater than 4096 bytes (the maximum name/value pair size)."
|
Assignee | |
Updated•14 days ago
|
Summary: CookieStore must implement the maximum name/value pair size correctly → CookieStore must enforce the maximum name/value pair size correctly
|
|
Assignee | |
Comment 1•14 days ago
|
||
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7c97bdd81621
CookieStore must enforce the maximum name/value pair size correctly, r=edgul,smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/50972 for changes under testing/web-platform/tests
|
||
Comment 4•13 days ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 13 days ago
status-firefox137:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch
|
|
||
Comment 5•13 days ago
|
||
| bugherder | ||
Closed: 13 days ago
Upstream PR merged by moz-wptsync-bot
Comment on attachment 9468569 [details]
Bug 1950565 - CookieStore must enforce the maximum name/value pair size correctly, r?edgul
Beta/Release Uplift Approval Request
- User impact if declined/Reason for urgency: Websites that use CookieStore cookies with name+value lengths > 1024 will fail. This could cause login and other state-related issues.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Not risky.
It seems to be fine in nightly and beta.
No logic is changed, just changed the acceptance limits of cookies being set.
Also a test was added - String changes made/needed:
- Is Android affected?: Yes
Attachment #9468569 -
Flags: approval-mozilla-release?
|
||
Updated•2 days ago
|
Keywords: webcompat:platform-bug
|
||
Updated•2 days ago
|
status-firefox136:
--- → affected
status-firefox-esr115:
--- → unaffected
status-firefox-esr128:
--- → unaffected
tracking-firefox136:
--- → +
tracking-firefox137:
--- → +
|
|
||
Comment 9•2 days ago
|
||
Comment on attachment 9468569 [details]
Bug 1950565 - CookieStore must enforce the maximum name/value pair size correctly, r?edgul
Approved for 136.0.1
Attachment #9468569 -
Flags: approval-mozilla-release? → approval-mozilla-release+
|
||
Comment 10•2 days ago
|
||
| uplift | ||
|
|
||
Updated•2 days ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•