From c00760c5f9ca72b89b39feb7042978da2f15eef3 Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Tue, 13 Apr 2021 17:30:41 -0400
Subject: Browser+LibWeb+WebContent: Track the source of document.cookie
 requests

To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
---
 Userland/Libraries/LibWeb/Loader/FrameLoader.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Userland/Libraries/LibWeb/Loader')

diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
index 19f1f0b369..496cb38d8d 100644
--- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
+++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
@@ -277,7 +277,7 @@ void FrameLoader::resource_did_load()
     // FIXME: Support multiple instances of the Set-Cookie response header.
     auto set_cookie = resource()->response_headers().get("Set-Cookie");
     if (set_cookie.has_value())
-        document->set_cookie(set_cookie.value());
+        document->set_cookie(set_cookie.value(), Cookie::Source::Http);
 
     if (!url.fragment().is_empty())
         frame().scroll_to_anchor(url.fragment());
-- 
cgit v1.2.3