Skip to content

Commit 5d3a031

Browse files
Mike Perrypde
Mike Perry
authored and
pde
committed
Untested attempt at securing JS cookies.
1 parent 76799bf commit 5d3a031

File tree

3 files changed

+35
-2
lines changed

3 files changed

+35
-2
lines changed

src/chrome/content/code/HTTPS.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,16 @@ const HTTPS = {
219219

220220
}
221221
},
222+
223+
handleInsecureCookieEvent: function(c) {
224+
if (HTTPSRules.shouldSecureCookie(null, c)) {
225+
this.log(INFO, "Securing cookie from event: " + c.domain + " " + c.name);
226+
var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
227+
.getService(Components.interfaces.nsICookieManager);
228+
cookieManager.remove(c.host, c.name, c.path, false);
229+
cookieManager.add(c.host, c.path, c.name, c.value, true, c.isHTTPOnly, c.isSession, c.expiry);
230+
}
231+
},
222232

223233
handleCrossSiteCookies: function(req, origin, browser) {
224234

src/chrome/content/code/HTTPSRules.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -506,9 +506,9 @@ const HTTPSRules = {
506506
}
507507
}
508508
if (ruleset.cookierules.length > 0)
509-
applicable_list.moot_rule(ruleset);
509+
if (applicable_list) applicable_list.moot_rule(ruleset);
510510
} else if (ruleset.cookierules.length > 0) {
511-
applicable_list.inactive_rule(ruleset);
511+
if (applicable_list) applicable_list.inactive_rule(ruleset);
512512
this.log(INFO,"Inactive cookie rule " + ruleset.name);
513513
}
514514
}

src/components/https-everywhere.js

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -430,6 +430,28 @@ HTTPSEverywhere.prototype = {
430430
} else if (topic == "http-on-examine-merged-response") {
431431
this.log(DBUG, "Got http-on-examine-merged-response ");
432432
HTTPS.handleSecureCookies(channel);
433+
} else if (topic == "cookie-changed") {
434+
// Javascript can add cookies via document.cookie that are insecure.
435+
// It might also be able to
436+
if (data == "added" || data == "changed") {
437+
// subject can also be an nsIArray! bleh.
438+
try {
439+
subject.QueryInterface(Ci.nsIArray);
440+
var elems = subject.enumerate();
441+
while (elems.hasMoreElements()) {
442+
var cookie = elems.getNext()
443+
.QueryInterface(Ci.nsICookie2);
444+
if (!cookie.isSecure) {
445+
HTTPS.handleInsecureCookie(cookie);
446+
}
447+
}
448+
} catch(e) {
449+
subject.QueryInterface(Ci.nsICookie2);
450+
if(!subject.isSecure) {
451+
HTTPS.handleInsecureCookie(subject);
452+
}
453+
}
454+
}
433455
} else if (topic == "app-startup") {
434456
this.log(DBUG,"Got app-startup");
435457
} else if (topic == "profile-before-change") {
@@ -440,6 +462,7 @@ HTTPSEverywhere.prototype = {
440462
Thread.hostRunning = false;
441463
} else if (topic == "profile-after-change") {
442464
this.log(DBUG, "Got profile-after-change");
465+
OS.addObserver(this, "cookie-changed", false);
443466
OS.addObserver(this, "http-on-modify-request", false);
444467
OS.addObserver(this, "http-on-examine-merged-response", false);
445468
OS.addObserver(this, "http-on-examine-response", false);

0 commit comments

Comments
 (0)