LibWeb: Add missing cookie-age-limit steps to CookieStore::set()

Author: IdanHo

Libraries/LibWeb/Cookie/ParsedCookie.cpp

@@ -184,11 +184,6 @@ void process_attribute(URL::URL const& url, ParsedCookie& parsed_cookie, StringV
     }
 }
 
-static constexpr AK::Duration maximum_cookie_age()
-{
-    return AK::Duration::from_seconds(400LL * 24 * 60 * 60);
-}
-
 // https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#section-5.6.1
 void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
 {
@@ -201,7 +196,7 @@ void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_valu
 
     // 3. Let cookie-age-limit be the maximum age of the cookie (which SHOULD be 400 days in the future or sooner, see
     //    Section 5.5).
-    auto cookie_age_limit = UnixDateTime::now() + maximum_cookie_age();
+    auto cookie_age_limit = UnixDateTime::now() + maximum_cookie_age;
 
     // 4. If the expiry-time is more than cookie-age-limit, the user agent MUST set the expiry time to cookie-age-limit
     //    in seconds.
@@ -243,7 +238,7 @@ void on_max_age_attribute(ParsedCookie& parsed_cookie, StringView attribute_valu
     }
 
     // 5. Let cookie-age-limit be the maximum age of the cookie (which SHOULD be 400 days or less, see Section 5.5).
-    auto cookie_age_limit = maximum_cookie_age();
+    auto cookie_age_limit = maximum_cookie_age;
 
     // 6. Set delta-seconds to the smaller of its present value and cookie-age-limit.
     if (*delta_seconds > cookie_age_limit.to_seconds())

Libraries/LibWeb/Cookie/ParsedCookie.h

@@ -33,6 +33,8 @@ WEB_API bool cookie_contains_invalid_control_character(StringView);
 WEB_API bool domain_matches(StringView string, StringView domain_string);
 WEB_API String default_path(URL::URL const&);
 
+constexpr inline AK::Duration maximum_cookie_age = AK::Duration::from_seconds(400LL * 24 * 60 * 60);
+
 }
 
 namespace IPC {

Libraries/LibWeb/CookieStore/CookieStore.cpp

@@ -455,8 +455,21 @@ static bool set_a_cookie(PageClient& client, URL::URL const& url, String name, S
     }
 
     // 13. If expires is given, then append `Expires`/expires (date serialized) to attributes.
-    if (expires.has_value())
-        parsed_cookie.expiry_time_from_expires_attribute = UnixDateTime::from_milliseconds_since_epoch(expires.value());
+    if (expires.has_value()) {
+        auto expiry_time = UnixDateTime::from_milliseconds_since_epoch(expires.value());
+
+        // https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#section-5.6.1
+        // 3. Let cookie-age-limit be the maximum age of the cookie (which SHOULD be 400 days in the future or sooner, see
+        //    Section 5.5).
+        auto cookie_age_limit = UnixDateTime::now() + Cookie::maximum_cookie_age;
+
+        // 4. If the expiry-time is more than cookie-age-limit, the user agent MUST set the expiry time to cookie-age-limit
+        //    in seconds.
+        if (expiry_time.seconds_since_epoch() > cookie_age_limit.seconds_since_epoch())
+            expiry_time = cookie_age_limit;
+
+        parsed_cookie.expiry_time_from_expires_attribute = expiry_time;
+    }
 
     // 14. If path is the empty string, then set path to the serialized cookie default path of url.
     if (path.is_empty())