CookiePrefixes.cpp (3587B)
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* This Source Code Form is subject to the terms of the Mozilla Public 3 * License, v. 2.0. If a copy of the MPL was not distributed with this 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 6 #include "CookiePrefixes.h" 7 8 namespace mozilla::net { 9 10 namespace { 11 12 struct CookiePrefix { 13 CookiePrefixes::Prefix mPrefix; 14 nsCString mPrefixCString; 15 nsString mPrefixString; 16 std::function<bool(const CookieStruct&, bool)> mCallback; 17 }; 18 19 MOZ_RUNINIT CookiePrefix gCookiePrefixes[] = { 20 {CookiePrefixes::eSecure, "__Secure-"_ns, u"__Secure-"_ns, 21 [](const CookieStruct& aCookieData, bool aSecureRequest) -> bool { 22 // If a cookie's name begins with a case-sensitive match for the string 23 // __Secure-, then the cookie will have been set with a Secure attribute. 24 return aSecureRequest && aCookieData.isSecure(); 25 }}, 26 27 {CookiePrefixes::eHost, "__Host-"_ns, u"__Host-"_ns, 28 [](const CookieStruct& aCookieData, bool aSecureRequest) -> bool { 29 // If a cookie's name begins with a case-sensitive match for the string 30 // __Host-, then the cookie will have been set with a Secure attribute, a 31 // Path attribute with a value of /, and no Domain attribute. 32 return aSecureRequest && aCookieData.isSecure() && 33 aCookieData.host()[0] != '.' && 34 aCookieData.path().EqualsLiteral("/"); 35 }}, 36 37 {CookiePrefixes::eHttp, "__Http-"_ns, u"__Http-"_ns, 38 [](const CookieStruct& aCookieData, bool aSecureRequest) -> bool { 39 // If a cookie's name begins with a case-sensitive match for the string 40 // __Http-, then the cookie will have been set with a Secure attribute, 41 // and an HttpOnly attribute. 42 return aSecureRequest && aCookieData.isSecure() && 43 aCookieData.isHttpOnly(); 44 }}, 45 46 {CookiePrefixes::eHostHttp, "__Host-Http-"_ns, u"__Host-Http-"_ns, 47 [](const CookieStruct& aCookieData, bool aSecureRequest) -> bool { 48 // If a cookie's name begins with a case-sensitive match for the string 49 // __Host-Http-, then the cookie will have been set with a Secure 50 // attribute, an HttpOnly attribute, a Path attribute with a value of /, 51 // and no Domain attribute. 52 return aSecureRequest && aCookieData.isSecure() && 53 aCookieData.isHttpOnly() && aCookieData.host()[0] != '.' && 54 aCookieData.path().EqualsLiteral("/"); 55 }}, 56 }; 57 58 } // namespace 59 60 // static 61 bool CookiePrefixes::Has(Prefix aPrefix, const nsAString& aString) { 62 for (CookiePrefix& prefix : gCookiePrefixes) { 63 if (prefix.mPrefix == aPrefix) { 64 return StringBeginsWith(aString, prefix.mPrefixString, 65 nsCaseInsensitiveStringComparator); 66 } 67 } 68 69 return false; 70 } 71 72 // static 73 bool CookiePrefixes::Has(const nsACString& aString) { 74 for (CookiePrefix& prefix : gCookiePrefixes) { 75 if (StringBeginsWith(aString, prefix.mPrefixCString, 76 nsCaseInsensitiveCStringComparator)) { 77 return true; 78 } 79 } 80 81 return false; 82 } 83 84 // static 85 bool CookiePrefixes::Check(const CookieStruct& aCookieData, 86 bool aSecureRequest) { 87 for (CookiePrefix& prefix : gCookiePrefixes) { 88 if (StringBeginsWith(aCookieData.name(), prefix.mPrefixCString, 89 nsCaseInsensitiveCStringComparator)) { 90 return prefix.mCallback(aCookieData, aSecureRequest); 91 } 92 } 93 94 // not one of the magic prefixes: carry on 95 return true; 96 } 97 98 } // namespace mozilla::net