Skip to content

Commit 4617389

Browse files
semenkosemenko
committed
Fix host-only cookie duplication & leak
Currently we create duplicate cookies (!) for host-only cookies, one secure, one insecure. This is because we're always setting the domain parameter, regardless of the hostOnly value. See: http://developer.chrome.com/extensions/cookies.html#method-set Closes issue EFForg#159 Signed-off-by: Nick Semenkovich <semenko@alum.mit.edu>
1 parent 9d0af02 commit 4617389

1 file changed

Lines changed: 14 additions & 7 deletions

File tree

chromium/background.js

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -321,17 +321,24 @@ function switchPlannerDetailsHtmlSection(tab_id, rewritten) {
321321
function onCookieChanged(changeInfo) {
322322
if (!changeInfo.removed && !changeInfo.cookie.secure) {
323323
if (all_rules.shouldSecureCookie(changeInfo.cookie, false)) {
324-
var cookie = {name:changeInfo.cookie.name,value:changeInfo.cookie.value,
325-
domain:changeInfo.cookie.domain,path:changeInfo.cookie.path,
324+
var cookie = {name:changeInfo.cookie.name,
325+
value:changeInfo.cookie.value,
326+
path:changeInfo.cookie.path,
326327
httpOnly:changeInfo.cookie.httpOnly,
327328
expirationDate:changeInfo.cookie.expirationDate,
328-
storeId:changeInfo.cookie.storeId};
329-
cookie.secure = true;
330-
// FIXME: What is with this url noise? are we just supposed to lie?
329+
storeId:changeInfo.cookie.storeId,
330+
secure: true};
331+
332+
// Host-only cookies don't set the domain field.
333+
if (!changeInfo.cookie.hostOnly) {
334+
cookie.domain = changeInfo.cookie.domain;
335+
}
336+
337+
// The cookie API is magical -- we must recreate the URL from the domain and path.
331338
if (cookie.domain[0] == ".") {
332-
cookie.url = "https://www"+cookie.domain+cookie.path;
339+
cookie.url = "https://www" + cookie.domain + cookie.path;
333340
} else {
334-
cookie.url = "https://"+cookie.domain+cookie.path;
341+
cookie.url = "https://" + cookie.domain + cookie.path;
335342
}
336343
// We get repeated events for some cookies because sites change their
337344
// value repeatedly and remove the "secure" flag.

0 commit comments

Comments
 (0)