Closed Bug 480892 Opened 15 years ago Closed 15 years ago

".foo.com" cookies have inconsistent UI and behaviour (don't write exceptions for .foo.tld)

Categories

(Camino Graveyard :: Preferences, defect)

Product:
Camino Graveyard
Component:
Preferences
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bugzilla-graveyard, Assigned: bugzilla-graveyard)

References

Details

(Keywords: fixed1.8.1.24, Whiteboard: [camino-2.0])

Attachments

(2 files, 1 obsolete file)

fix v1.01
2.83 KB, patch
bugzilla-graveyard
: review+
bugzilla-graveyard
: superreview+
Details | Diff | Splinter Review
1_8 branch patch to accomodate comment cleanup :P
3.10 KB, patch
Details | Diff | Splinter Review 
Again, I'll use the Freep example.

STR:

1) Visit http://www.freep.com/
2) Preferences -> Privacy -> Show Cookies...
3) (optional) Filter on "freep" for clarity.
4) Control-click on the ".freep.com" entry.

ER: Menu options use ".freep.com" text.

AR: Leading dot is ignored in contextual menu so items use "freep.com". The leading dot is, however, still written to permissions back end (which behaviour is also incorrect according to dwitte).

The contextual menu entry reads "Remove and Block Cookies from Sites Matching freep.com", but it doesn't remove all the cookies that phrasing would imply. At minimum, I would expect it to remove all the ".freep.com" cookies, and you could certainly argue that it ought to remove *all* cookies for the freep.com domain, including the sitelife.freep.com cookie, the www.freep.com cookie, etc.

Our behaviour should be the following:

1) The CM text is fine. Ignoring the leading dot is the right thing to do here.
2) Do not write leading dots to the permissions back-end. It will soon sanitize this input anyway, so writing them will be pointless. (See bug 480891.)
3) Remove all (*.)foo.com cookies when "remove and block all" is chosen from the CM on a .foo.com cookie.

(Funny -- the "Allow all foo.com cookies" item treats leading dots properly.)
(3) is gonna be a little tricky because nsCookieService doesn't have any way to remove all cookies matching a given host. nsCookieService can only delete cookies one at a time or all at once.
Summary: ".foo.com" cookies have inconsistent UI and behaviour → ".foo.com" cookies have inconsistent UI and behaviour (don't write exceptions for .foo.tld)
Attached patch fix v1.0 (obsolete) — Splinter Review 
This refactors some of the other code to make everything in here a bit simpler. Smokey tested it and found that it doesn't seem to break anything, and it fixes the bug as described.

I really need to take a look at bug 480891 at some point, though, because then we could mostly dispense with this permissionsBlockingNameForCookieHostname silliness.
Assignee: nobody → cl-bugs-new
Status: NEW → ASSIGNED
Attachment #405202 - Flags: review?
Oh, but this doesn't fix (3) in comment 0, 'cause like I said, that's a lot trickier. I wouldn't be opposed to fixing that in its own separate bug.
(In reply to comment #4)
> Oh, but this doesn't fix (3) in comment 0, 'cause like I said, that's a lot
> trickier. I wouldn't be opposed to fixing that in its own separate bug.

It should be its own bug; I filed 521170.
Comment on attachment 405202 [details] [diff] [review]
fix v1.0

hendy said he'd try to look at this and then send sr? to smorgan.
There's been some comment cleanup in this file, but the code looks identical, so if this patch passes muster, I'd like to see about getting this fix in 1.6.11 for 10.3.9 users, since our behavior is very broken where users most need it to work (the "remove and block" case).
Flags: camino1.6.11?
Comment on attachment 405202 [details] [diff] [review]
fix v1.0

//-                   forHost:host
//+                    forHost:[self permissionsBlockingNameForCookieHostname:curSite]
//                       type:CHPermissionTypeCookie];

Fix alignment here.

We don't need the check for [inHostname length] > 1. In the case of ".", we send the permissions manager "http://", which has no effect on the permissions.

r+ with those changes.
Attachment #405202 - Flags: review?(trendyhendy2000) → review+
Comment on attachment 405202 [details] [diff] [review]
fix v1.0

I can make hendy's review-comment changes on checkin if Stuart has nothing else and Chris is still flying.
Attachment #405202 - Flags: superreview?(stuart.morgan+bugzilla)
Comment on attachment 405202 [details] [diff] [review]
fix v1.0

sr=smorgan with the changes above and one more: I don't like relying on things working out if we feed an empty host in, so we should get [self permissionsBlockingNameForCookieHostname:curSite]
, check it for non-zero length, and only then make the permissions-setting call.
Attachment #405202 - Flags: superreview?(stuart.morgan+bugzilla) → superreview+
Attached patch fix v1.01Splinter Review 
Updated per r/sr comments, ready for chicken.
Attachment #405202 - Attachment is obsolete: true
Attachment #407869 - Flags: superreview+
Attachment #407869 - Flags: review+
Landed on cvs trunk and CAMINO_2_0_BRANCH.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [camino-2.0]
This is the 1_8 version; we had comment cleanup in the middle of the patched area, which kept the original patch from applying :P
Landed the 1_8 patch on the MOZILLA_1_8_BRANCH.
Flags: camino1.6.11? → camino1.6.11+
Keywords: fixed1.8.1.24
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: