Closed Bug 223782 Opened 21 years ago Closed 21 years ago

[cookies] remove support for dom.disable_cookie_[get,set] prefs

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: dwitte, Assigned: dwitte)

References

Details

(Whiteboard: checklinux)

Attachments

(2 files, 2 obsolete files)

final patch
11.51 KB, patch
Details | Diff | Splinter Review
supplementary patch
5.11 KB, patch
Details | Diff | Splinter Review 
it's nonsensical to have a pref for one specific mode of getting/setting a
cookie, and not for the others... i don't think we should have these prefs
anymore. in addition, they cause a constant pain to both users and bug triagers
because the UI for these is hidden away separately from the main cookie prefs.

so, if there are no objections, i'd like to go ahead and nuke them...
Attached patch nuke'm (obsolete) — Splinter Review 
this removes the backend + UI for the prefs. (it also removes some unnecessary
nsIPrompt fu in nsHTMLDocument, since the cookieservice doesn't do anything
with that inparam anymore. we'll rev the interface to remove it soon, but i
might as well remove some bloat now, while i'm in there).

i'd like to get reviews from caillon and jag/alecf here, if that's agreeable...
Attachment #134219 - Flags: superreview?(alecf)
Attachment #134219 - Flags: review?(caillon)
I dunno.. don't look at this from a cookie perspective, look at this from a
script perspective. This is just one of many pieces of script granularity in
that pref pane. 

I'm going to theorize that setting a cookie from an HTTP header requires control
of the server, whereas using a script allows pages like those on geocities to
change cookies. (I could at least be partly wrong in that <meta> tags might
allow you to set cookies, though I believe sites like geocities don't allow you
to set <meta> tags, you can only edit the body of the document)

is there CVS blame for this pref, and justification in whatever bug this was? I
would be interested to know if anyone uses this setting for a particular purpose.

Anyway, I'm not totally against this, I just want to see better justification
than "it's nonsensical..."
>(I could at least be partly wrong in that <meta> tags might
>allow you to set cookies, though I believe sites like geocities don't allow you
>to set <meta> tags, you can only edit the body of the document)

hmm.. couldn't a page on geocities document.write the <meta> tag?  anyways, i
think we parse <meta> tags that appear in the <body> section to account for
authors who forget to put them in the <head> section.

if we disable document.cookies, then it seems like we should also disable
setting cookies via <meta> tags.  otherwise, it does seem pretty bogus.
>I could at least be partly wrong in that <meta> tags might allow you to set
>cookies

yeah, like darin said, you can set cookies from metatags :)

>is there CVS blame for this pref

it looks like the original bug here was bug 75731, where mpt drew up a spec for
the prefpanel which included the cookie prefs:
http://bugzilla.mozilla.org/attachment.cgi?id=49497&action=view

i grepped around the bug and didn't find any arguments as to why that particular
pref should exist.

>I just want to see better justification than "it's nonsensical..."

fair enough :) in addition to darin's argument (which doesn't alone justify
removal), i'd say the best reason for removing it is that it's inconsistent with
the other prefs there. the other prefs deal with visual things that shouldn't
affect script function - the script doesn't care if moving/resizing a window
failed; it just might mess up the layout a bit. cookies are different. blocking
cookies from a script or site very often breaks it, and it's up to the user to
figure out what caused that breakage (or come here and file a bug).

for that reason, i'd argue that blocking cookies for all scripts is not a useful
thing to do. we have another mechanism for blocking particular sites from
manipulating cookies - the permissionmanager. i think it's more logical to
control cookies on a site-by-site basis than on a mechanism basis, and i don't
think we need both.
Comment on attachment 134219 [details] [diff] [review]
nuke'm

sounds reasonable to me then! thanks for going into it a bit more.

The code removal looks good... and you're sure we don't need that prompter..

sr=alecf
Attachment #134219 - Flags: superreview?(alecf) → superreview+
hmm... i know the cookies backend can usually get a prompter from the channel,
but what if the channel does not have one?  is there value in providing one
explicitly? ... because at least in this case, we seem to know that we can get
the right one.  :-/
yeah mvl and i were just talking about that... currently of course we do nothing
with the nsIPrompt that's passed in, so as it stands the removal is fine, but
maybe we do want to use a passed-in prompter if the channel's one is fubar. or
should the nsHTMLDocument code just set the channel's prompter itself?

so i'll forego the removal of the prompter code and just save it for another
bug, then. ;)
Comment on attachment 134219 [details] [diff] [review]
nuke'm

I think I own the actual cvsblame for this, by way of a patch from doron. 
Anyway, benc and I have had discussions about this and have come to the
conclusion that this pref needs to go.	Aside from the afore mentioned reasons,
benc notes that it confuses users who read about the scripts prefs one of the
many "tips" sites which reference this panel. They see the prefs here and think
these prefs are the main cookie get/set prefs.

This patch is generally fine, however we need to (properly) address the issue
that this got checked in for: we cannot throw exceptions if the cookie service
does not exist.  The existing route did a lame job of it by making you set the
pref.  nsHTMLDocument::GetCookie and SetCookie should never fail unless we are
propogating an OOM error.  Also, I'd like to see jst's input on this patch
since he was heavily involved with this going in to the tree.
Attachment #134219 - Flags: review?(caillon) → review-
Attached patch round 2 (obsolete) — Splinter Review 
thanks for the tight review caillon! this puts the prompt fu back in per darin,
and fixes the error propagation for the no-cookieservice case.
Attachment #134219 - Attachment is obsolete: true
Comment on attachment 134298 [details] [diff] [review]
round 2

Index: content/html/document/src/nsHTMLDocument.cpp

>+  // not having a cookie service isn't an error
>+  nsCOMPtr<nsICookieService> service = do_GetService(kCookieServiceCID);
>   if (service) {
...
>+    rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie));
>     if (NS_SUCCEEDED(rv) && cookie)
>       CopyASCIItoUCS2(nsDependentCString(cookie), aCookie);
>   }
>   return rv;
> }

nit: and GetCookieString only fails if there is an out-of-memory condition? 
that
isn't required by the interface is it?	doesn't that make this somewhat
fragile?

sr=darin (but maybe still get jst's approval per caillon)
Attachment #134298 - Flags: superreview+
Comment on attachment 134298 [details] [diff] [review]
round 2

yeah, it would be safer to not propagate rv from GetCookieString() and
SetCookieString(). caillon said he's ok with the patch if i make that change.

jst, with that in mind, care to do the honors? ;)
Attachment #134298 - Flags: review?(jst)
Comment on attachment 134298 [details] [diff] [review]
round 2

Yeah, r=jst with that change.
Attachment #134298 - Flags: review?(jst) → review+
Attached patch final patchSplinter Review 
this is what i checked in.
Attachment #134298 - Attachment is obsolete: true
i missed a bunch of all.js files sprawled around the tree, in my original
patch. this covers them.
mkaply, any chance you could check in
http://bugzilla.mozilla.org/attachment.cgi?id=134794&action=view (it touches
mail/ and browser/) ? thanks!
*** Bug 143810 has been marked as a duplicate of this bug. ***
urgh, i didn't notice that older bug... thanks jesse!
Fix checked in to composer, browser, mail, calendar
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Does this mean it's no longer possible to allow server cookies for a domain
(e.g. mozillazine.com) and concurrently disable JavaScript access to cookies on
that domain?

I've had dom.disable_cookie_[get,set] set to false for all sites to prevent the
possibility of "cookie-grabber" code from gaining access to my cookies. This is
a valid concern on all sites with dynamic user-created content (e.g. forums,
gaming sites). Websites rarely use scripting for essential cookies, and I'd like
to be able to universally disable that mechanism.

If it's possible to achieve this with a CAPS policy, please post that
information here for the sake of people who have been relying on
dom.disable_cookie_[get,set] up to this point.
capability.policy.default.HTMLDocument.cookie.get and
capability.policy.default.HTMLDocument.cookie.set can be set to noAccess
Thanks very much, Boris. Good to know there's also a possibility of scripted
cookie whitelisting through CAPS policies.
V/fixed. Mozilla 1.6f, Mac OS X.
Status: RESOLVED → VERIFIED
QA Contact: cookieqa → benc
Whiteboard: checkwin checklinux
V/fixed: mozilla 1.7.2/xp
Whiteboard: checkwin checklinux → checklinux
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: