Bug 1551798 - SameSite=lax by default and SameSite=none only if secur…

…e, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D31215
Brli · Jun 5, 2019 · 3929f8a · 3929f8a
1 parent bba6206
commit 3929f8a
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 4 deletions.
diff --git a/modules/libpref/init/StaticPrefList.h b/modules/libpref/init/StaticPrefList.h
@@ -5747,6 +5747,20 @@ VARCACHE_PREF(
   RelaxedAtomicInt32, 0
 )
 
+VARCACHE_PREF(
+  Live,
+  "network.cookie.sameSite.laxByDefault",
+   network_cookie_sameSite_laxByDefault,
+  bool, false
+)
+
+VARCACHE_PREF(
+  Live,
+  "network.cookie.sameSite.noneRequiresSecure",
+   network_cookie_sameSite_noneRequiresSecure,
+  bool, false
+)
+
 VARCACHE_PREF(
   Live,
   "network.cookie.thirdparty.sessionOnly",

diff --git a/netwerk/cookie/nsCookieService.cpp b/netwerk/cookie/nsCookieService.cpp
@@ -3169,7 +3169,12 @@ bool nsCookieService::CanSetCookie(nsIURI* aHostURI, const nsCookieKey& aKey,
   // so we can handle them separately.
   nsAutoCString expires;
   nsAutoCString maxage;
-  bool newCookie = ParseAttributes(aCookieHeader, aCookieData, expires, maxage);
+  bool acceptedByParser = false;
+  bool newCookie = ParseAttributes(aCookieHeader, aCookieData, expires, maxage,
+                                   acceptedByParser);
+  if (!acceptedByParser) {
+    return newCookie;
+  }
 
   // Collect telemetry on how often secure cookies are set from non-secure
   // origins, and vice-versa.
@@ -3717,8 +3722,10 @@ bool nsCookieService::GetTokenValue(nsACString::const_char_iterator& aIter,
 // until we've parsed the header.
 bool nsCookieService::ParseAttributes(nsCString& aCookieHeader,
                                       CookieStruct& aCookieData,
-                                      nsACString& aExpires,
-                                      nsACString& aMaxage) {
+                                      nsACString& aExpires, nsACString& aMaxage,
+                                      bool& aAcceptedByParser) {
+  aAcceptedByParser = false;
+
   static const char kPath[] = "path";
   static const char kDomain[] = "domain";
   static const char kExpires[] = "expires";
@@ -3727,6 +3734,7 @@ bool nsCookieService::ParseAttributes(nsCString& aCookieHeader,
   static const char kHttpOnly[] = "httponly";
   static const char kSameSite[] = "samesite";
   static const char kSameSiteLax[] = "lax";
+  static const char kSameSiteNone[] = "none";
   static const char kSameSiteStrict[] = "strict";
 
   nsACString::const_char_iterator tempBegin, tempEnd;
@@ -3738,6 +3746,10 @@ bool nsCookieService::ParseAttributes(nsCString& aCookieHeader,
   aCookieData.isHttpOnly() = false;
   aCookieData.sameSite() = nsICookie::SAMESITE_NONE;
 
+  if (StaticPrefs::network_cookie_sameSite_laxByDefault()) {
+    aCookieData.sameSite() = nsICookie::SAMESITE_LAX;
+  }
+
   nsDependentCSubstring tokenString(cookieStart, cookieStart);
   nsDependentCSubstring tokenValue(cookieStart, cookieStart);
   bool newCookie, equalsFound;
@@ -3793,10 +3805,24 @@ bool nsCookieService::ParseAttributes(nsCString& aCookieHeader,
         aCookieData.sameSite() = nsICookie::SAMESITE_LAX;
       } else if (tokenValue.LowerCaseEqualsLiteral(kSameSiteStrict)) {
         aCookieData.sameSite() = nsICookie::SAMESITE_STRICT;
+      } else if (tokenValue.LowerCaseEqualsLiteral(kSameSiteNone)) {
+        aCookieData.sameSite() = nsICookie::SAMESITE_NONE;
       }
     }
   }
 
+  // If same-site is set to 'none' but this is not a secure context, let's abort
+  // the parsing.
+  if (StaticPrefs::network_cookie_sameSite_laxByDefault() &&
+      StaticPrefs::network_cookie_sameSite_noneRequiresSecure() &&
+      !aCookieData.isSecure() &&
+      aCookieData.sameSite() == nsICookie::SAMESITE_NONE) {
+    return newCookie;
+  }
+
+  // Cookie accepted.
+  aAcceptedByParser = true;
+
   // re-assign aCookieHeader, in case we need to process another cookie
   aCookieHeader.Assign(Substring(cookieStart, cookieEnd));
   return newCookie;

diff --git a/netwerk/cookie/nsCookieService.h b/netwerk/cookie/nsCookieService.h
@@ -296,7 +296,8 @@ class nsCookieService final : public nsICookieService,
                             bool& aEqualsFound);
   static bool ParseAttributes(nsCString& aCookieHeader,
                               mozilla::net::CookieStruct& aCookieData,
-                              nsACString& aExpires, nsACString& aMaxage);
+                              nsACString& aExpires, nsACString& aMaxage,
+                              bool& aAcceptedByParser);
   bool RequireThirdPartyCheck();
   static bool CheckDomain(mozilla::net::CookieStruct& aCookieData,
                           nsIURI* aHostURI, const nsCString& aBaseDomain,