Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add domain and path checks for secure cookies eviction #14491

Merged
merged 3 commits into from Dec 24, 2016
+164 −29
Merged

Add domain and path checks for secure cookies eviction #14491

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
64b456f
Conform conditionals regarding cookie removal with spec
KiChjang Dec 8, 2016
63a7e8e
Add domain and path checks for secure cookies eviction
KiChjang Dec 8, 2016
16f1947
Add unit tests
KiChjang Dec 9, 2016
File filter...
Filter file types
Jump to…
Jump to file
Failed to load files.

Always

Just for now

Next

Conform conditionals regarding cookie removal with spec

  • Loading branch information
@KiChjang
KiChjang committed Dec 20, 2016
commit 64b456f0e2484ca49ca0fe784053c0028698f7fb
12 components/net/cookie_storage.rs
View file
Open in desktop
@@ -37,23 +37,24 @@ impl CookieStorage {
let domain = reg_host(cookie.cookie.domain.as_ref().unwrap_or(&"".to_string()));
let cookies = self.cookies_map.entry(domain).or_insert(vec![]);

// Step 1
// Step 11.1
let position = cookies.iter().position(|c| {
c.cookie.domain == cookie.cookie.domain &&
c.cookie.path == cookie.cookie.path &&
c.cookie.name == cookie.cookie.name
});

if let Some(ind) = position {
// Step 11.4
let c = cookies.remove(ind);

// http://tools.ietf.org/html/rfc6265#section-5.3 step 11.2
if !c.cookie.httponly || source == CookieSource::HTTP {
Ok(Some(c))
} else {
if c.cookie.httponly && source == CookieSource::NonHTTP {
// Undo the removal.
cookies.push(c);
Err(())
} else {
Ok(Some(c))
}
} else {
Ok(None)
@@ -83,7 +84,7 @@ impl CookieStorage {
cookies.retain(|c| !is_cookie_expired(&c));
let new_len = cookies.len();

// https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone
// https://www.ietf.org/id/draft-ietf-httpbis-cookie-alone-01.txt
if new_len == old_len && !evict_one_cookie(cookie.cookie.secure, cookies) {
return;
}
@@ -159,6 +160,7 @@ impl CookieStorage {
}))
}
}

fn reg_host<'a>(url: &'a str) -> String {
reg_suffix(url).to_string()
}
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.