Closed Bug 536514 Opened 10 years ago Closed 10 years ago

Treat leading and trailing "."s in Domain attributes like other browsers

Categories

(Core :: Networking: Cookies, defect)

defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: abarth-mozilla, Assigned: abarth-mozilla)

Details

Attachments

(1 file)

== Extra leading and trailing "." in domain attribute ==

* Set-Cookie: foo=bar; domain=..home.example.org
http://home.example.org:8888/cookie-parser?domain0010: FAIL
(Every browser tolerates a single leading "." character.)

Expected behavior: The cookie is not sent
Passing browsers: IE, Safari, Chrome, Opera
Failing browsers: Firefox

* Set-Cookie: foo=bar; domain=home.example.org.
http://home.example.org:8888/cookie-parser?domain0014: FAIL

Expected behavior: The cookie is not sent
Passing browsers: IE, Chrome, Opera
Failing browsers: Firefox, Safari

* Set-Cookie: foo=bar; domain=home.example.org..
http://home.example.org:8888/cookie-parser?domain0015: FAIL

Expected behavior: The cookie is not sent
Passing browsers: IE, Safari, Chrome, Opera
Failing browsers: Firefox

Recommendation: Change Firefox to match the other browsers
Attached patch patch with testSplinter Review
Here's a patch that fixes the bug, complete with test.
Attachment #418970 - Flags: superreview?(dwitte)
Attachment #418970 - Flags: review?(dwitte)
Comment on attachment 418970 [details] [diff] [review]
patch with test

Awesome. r=me is sufficient here; I'll roll this past tryserver and land it.

On a somewhat unrelated topic: if you want another test to add, how about UTF8/IDN tests for hostnames (both as the host setting or getting the cookie, and the 'domain' attribute)? We do normalize URI hostnames to IDN, but we don't normalize the 'domain' attribute, so if it's not IDN then things won't work.
Attachment #418970 - Flags: superreview?(dwitte)
Attachment #418970 - Flags: review?(dwitte)
Attachment #418970 - Flags: review+
Thanks for the review.  I'll write some IDN tests.  Are there any in TestCookie that I should start from?
Nope. :( There are some in netwerk/test/unit/test_bug368702.js (for the eTLD service), and test_idnservice.js. You could use that as a starting point. At some point, we should add some proper xpcshell tests in netwerk/test/unit.
http://hg.mozilla.org/mozilla-central/rev/54a3a5a3fc60
Assignee: nobody → abarth-mozilla
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.