diff options
| author | Timothy Flynn <trflynn89@pm.me> | 2021-04-13 17:30:41 -0400 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-04-14 16:07:46 +0200 |
| commit | c00760c5f9ca72b89b39feb7042978da2f15eef3 (patch) | |
| tree | fcec9f5b592b3472593c4f136c90e2f5595eac67 /Userland/Libraries/LibWeb | |
| parent | 7193e518d1190e54ba3a94cc42c4905a7be786a1 (diff) | |
| download | serenity-c00760c5f9ca72b89b39feb7042978da2f15eef3.zip | |
Browser+LibWeb+WebContent: Track the source of document.cookie requests
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
Diffstat (limited to 'Userland/Libraries/LibWeb')
| -rw-r--r-- | Userland/Libraries/LibWeb/Cookie/Cookie.h | 5 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/DOM/Document.cpp | 8 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/DOM/Document.h | 5 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/Forward.h | 1 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/InProcessWebView.cpp | 8 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/InProcessWebView.h | 4 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/Loader/FrameLoader.cpp | 2 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/OutOfProcessWebView.cpp | 8 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/OutOfProcessWebView.h | 4 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/Page/Page.h | 4 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/WebContentClient.cpp | 4 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/WebViewHooks.h | 4 |
12 files changed, 32 insertions, 25 deletions
diff --git a/Userland/Libraries/LibWeb/Cookie/Cookie.h b/Userland/Libraries/LibWeb/Cookie/Cookie.h index 48f06569fa..fd7bb11533 100644 --- a/Userland/Libraries/LibWeb/Cookie/Cookie.h +++ b/Userland/Libraries/LibWeb/Cookie/Cookie.h @@ -31,6 +31,11 @@ namespace Web::Cookie { +enum class Source { + NonHttp, + Http, +}; + struct Cookie { String name; String value; diff --git a/Userland/Libraries/LibWeb/DOM/Document.cpp b/Userland/Libraries/LibWeb/DOM/Document.cpp index 3cf3a18aa1..a4f77872a4 100644 --- a/Userland/Libraries/LibWeb/DOM/Document.cpp +++ b/Userland/Libraries/LibWeb/DOM/Document.cpp @@ -821,17 +821,17 @@ void Document::completely_finish_loading() dispatch_event(DOM::Event::create(HTML::EventNames::load)); } -String Document::cookie() +String Document::cookie(Cookie::Source source) { if (auto* page = this->page()) - return page->client().page_did_request_cookie(m_url); + return page->client().page_did_request_cookie(m_url, source); return {}; } -void Document::set_cookie(String cookie) +void Document::set_cookie(String cookie, Cookie::Source source) { if (auto* page = this->page()) - page->client().page_did_set_cookie(m_url, cookie); + page->client().page_did_set_cookie(m_url, cookie, source); } } diff --git a/Userland/Libraries/LibWeb/DOM/Document.h b/Userland/Libraries/LibWeb/DOM/Document.h index 27d350b256..5f63b4d408 100644 --- a/Userland/Libraries/LibWeb/DOM/Document.h +++ b/Userland/Libraries/LibWeb/DOM/Document.h @@ -40,6 +40,7 @@ #include <LibWeb/CSS/CSSStyleSheet.h> #include <LibWeb/CSS/StyleResolver.h> #include <LibWeb/CSS/StyleSheetList.h> +#include <LibWeb/Cookie/Cookie.h> #include <LibWeb/DOM/DOMImplementation.h> #include <LibWeb/DOM/ExceptionOr.h> #include <LibWeb/DOM/NonElementParentNode.h> @@ -73,8 +74,8 @@ public: virtual ~Document() override; - String cookie(); - void set_cookie(String); + String cookie(Cookie::Source = Cookie::Source::NonHttp); + void set_cookie(String, Cookie::Source = Cookie::Source::NonHttp); bool should_invalidate_styles_on_attribute_changes() const { return m_should_invalidate_styles_on_attribute_changes; } void set_should_invalidate_styles_on_attribute_changes(bool b) { m_should_invalidate_styles_on_attribute_changes = b; } diff --git a/Userland/Libraries/LibWeb/Forward.h b/Userland/Libraries/LibWeb/Forward.h index 8bc90a2320..02476139c2 100644 --- a/Userland/Libraries/LibWeb/Forward.h +++ b/Userland/Libraries/LibWeb/Forward.h @@ -30,6 +30,7 @@ namespace Web::Cookie { struct Cookie; struct ParsedCookie; +enum class Source; } namespace Web::CSS { diff --git a/Userland/Libraries/LibWeb/InProcessWebView.cpp b/Userland/Libraries/LibWeb/InProcessWebView.cpp index 7a8745bfcb..61cbc087a8 100644 --- a/Userland/Libraries/LibWeb/InProcessWebView.cpp +++ b/Userland/Libraries/LibWeb/InProcessWebView.cpp @@ -433,17 +433,17 @@ String InProcessWebView::page_did_request_prompt(const String& message, const St return {}; } -String InProcessWebView::page_did_request_cookie(const URL& url) +String InProcessWebView::page_did_request_cookie(const URL& url, Cookie::Source source) { if (on_get_cookie) - return on_get_cookie(url); + return on_get_cookie(url, source); return {}; } -void InProcessWebView::page_did_set_cookie(const URL& url, const String& cookie) +void InProcessWebView::page_did_set_cookie(const URL& url, const String& cookie, Cookie::Source source) { if (on_set_cookie) - on_set_cookie(url, cookie); + on_set_cookie(url, cookie, source); } } diff --git a/Userland/Libraries/LibWeb/InProcessWebView.h b/Userland/Libraries/LibWeb/InProcessWebView.h index f718c63690..46db6e319c 100644 --- a/Userland/Libraries/LibWeb/InProcessWebView.h +++ b/Userland/Libraries/LibWeb/InProcessWebView.h @@ -111,8 +111,8 @@ private: virtual void page_did_request_alert(const String&) override; virtual bool page_did_request_confirm(const String&) override; virtual String page_did_request_prompt(const String&, const String&) override; - virtual String page_did_request_cookie(const URL&) override; - virtual void page_did_set_cookie(const URL&, const String&) override; + virtual String page_did_request_cookie(const URL&, Cookie::Source) override; + virtual void page_did_set_cookie(const URL&, const String&, Cookie::Source) override; void layout_and_sync_size(); diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp index 19f1f0b369..496cb38d8d 100644 --- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp +++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp @@ -277,7 +277,7 @@ void FrameLoader::resource_did_load() // FIXME: Support multiple instances of the Set-Cookie response header. auto set_cookie = resource()->response_headers().get("Set-Cookie"); if (set_cookie.has_value()) - document->set_cookie(set_cookie.value()); + document->set_cookie(set_cookie.value(), Cookie::Source::Http); if (!url.fragment().is_empty()) frame().scroll_to_anchor(url.fragment()); diff --git a/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp b/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp index 017a7f258e..6c069edf69 100644 --- a/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp +++ b/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp @@ -365,17 +365,17 @@ void OutOfProcessWebView::notify_server_did_change_favicon(const Gfx::Bitmap& fa on_favicon_change(favicon); } -String OutOfProcessWebView::notify_server_did_request_cookie(Badge<WebContentClient>, const URL& url) +String OutOfProcessWebView::notify_server_did_request_cookie(Badge<WebContentClient>, const URL& url, Cookie::Source source) { if (on_get_cookie) - return on_get_cookie(url); + return on_get_cookie(url, source); return {}; } -void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie) +void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie, Cookie::Source source) { if (on_set_cookie) - on_set_cookie(url, cookie); + on_set_cookie(url, cookie, source); } void OutOfProcessWebView::did_scroll() diff --git a/Userland/Libraries/LibWeb/OutOfProcessWebView.h b/Userland/Libraries/LibWeb/OutOfProcessWebView.h index 5c603b6a6d..386cd92be7 100644 --- a/Userland/Libraries/LibWeb/OutOfProcessWebView.h +++ b/Userland/Libraries/LibWeb/OutOfProcessWebView.h @@ -79,8 +79,8 @@ public: void notify_server_did_get_source(const URL& url, const String& source); void notify_server_did_js_console_output(const String& method, const String& line); void notify_server_did_change_favicon(const Gfx::Bitmap& favicon); - String notify_server_did_request_cookie(Badge<WebContentClient>, const URL& url); - void notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie); + String notify_server_did_request_cookie(Badge<WebContentClient>, const URL& url, Cookie::Source source); + void notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie, Cookie::Source source); private: OutOfProcessWebView(); diff --git a/Userland/Libraries/LibWeb/Page/Page.h b/Userland/Libraries/LibWeb/Page/Page.h index c831efddaa..2df1f2a1fd 100644 --- a/Userland/Libraries/LibWeb/Page/Page.h +++ b/Userland/Libraries/LibWeb/Page/Page.h @@ -111,8 +111,8 @@ public: virtual void page_did_request_alert(const String&) { } virtual bool page_did_request_confirm(const String&) { return false; } virtual String page_did_request_prompt(const String&, const String&) { return {}; } - virtual String page_did_request_cookie(const URL&) { return {}; } - virtual void page_did_set_cookie(const URL&, const String&) { } + virtual String page_did_request_cookie(const URL&, Cookie::Source) { return {}; } + virtual void page_did_set_cookie(const URL&, const String&, Cookie::Source) { } }; } diff --git a/Userland/Libraries/LibWeb/WebContentClient.cpp b/Userland/Libraries/LibWeb/WebContentClient.cpp index d7e95be831..dd25e07e3a 100644 --- a/Userland/Libraries/LibWeb/WebContentClient.cpp +++ b/Userland/Libraries/LibWeb/WebContentClient.cpp @@ -199,13 +199,13 @@ void WebContentClient::handle(const Messages::WebContentClient::DidChangeFavicon OwnPtr<Messages::WebContentClient::DidRequestCookieResponse> WebContentClient::handle(const Messages::WebContentClient::DidRequestCookie& message) { - auto result = m_view.notify_server_did_request_cookie({}, message.url()); + auto result = m_view.notify_server_did_request_cookie({}, message.url(), static_cast<Cookie::Source>(message.source())); return make<Messages::WebContentClient::DidRequestCookieResponse>(result); } void WebContentClient::handle(const Messages::WebContentClient::DidSetCookie& message) { - m_view.notify_server_did_set_cookie({}, message.url(), message.cookie()); + m_view.notify_server_did_set_cookie({}, message.url(), message.cookie(), static_cast<Cookie::Source>(message.source())); } } diff --git a/Userland/Libraries/LibWeb/WebViewHooks.h b/Userland/Libraries/LibWeb/WebViewHooks.h index 748d4ce356..a8f4d2911c 100644 --- a/Userland/Libraries/LibWeb/WebViewHooks.h +++ b/Userland/Libraries/LibWeb/WebViewHooks.h @@ -48,8 +48,8 @@ public: Function<void(DOM::Document*)> on_set_document; Function<void(const URL&, const String&)> on_get_source; Function<void(const String& method, const String& line)> on_js_console_output; - Function<String(const URL& url)> on_get_cookie; - Function<void(const URL& url, const String& cookie)> on_set_cookie; + Function<String(const URL& url, Cookie::Source source)> on_get_cookie; + Function<void(const URL& url, const String& cookie, Cookie::Source source)> on_set_cookie; }; } |