| blob | 3b880c49a98ba595677c038cb54a484d436ceeb0 |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is mozilla.org code.
16 *
17 * The Initial Developer of the Original Code is
18 * Netscape Communications Corporation.
19 * Portions created by the Initial Developer are Copyright (C) 2003
20 * the Initial Developer. All Rights Reserved.
21 *
22 * Contributor(s):
23 * Daniel Witte (dwitte@stanford.edu)
24 * Michiel van Leeuwen (mvl@exedo.nl)
25 * Michael Ventnor <m.ventnor@gmail.com>
26 * Ehsan Akhgari <ehsan.akhgari@gmail.com>
27 *
28 * Alternatively, the contents of this file may be used under the terms of
29 * either the GNU General Public License Version 2 or later (the "GPL"), or
30 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
31 * in which case the provisions of the GPL or the LGPL are applicable instead
32 * of those above. If you wish to allow use of your version of this file only
33 * under the terms of either the GPL or the LGPL, and not to allow others to
34 * use your version of this file under the terms of the MPL, indicate your
35 * decision by deleting the provisions above and replace them with the notice
36 * and other provisions required by the GPL or the LGPL. If you do not delete
37 * the provisions above, a recipient may use your version of this file under
38 * the terms of any one of the MPL, the GPL or the LGPL.
39 *
40 * ***** END LICENSE BLOCK ***** */
75 /******************************************************************************
76 * nsCookieService impl:
77 * useful types & constants
78 ******************************************************************************/
80 // XXX_hack. See bug 178993.
81 // This is a hack to hide HttpOnly cookies from older browsers
82 //
86 #define COOKIES_SCHEMA_VERSION 2
92 #undef LIMIT
93 #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default))
95 // default limits for the cookie list. these can be tuned by the
96 // network.cookie.maxNumber and network.cookie.maxPerHost prefs respectively.
102 // these constants represent a decision about a cookie based on user prefs.
105 // STATUS_REJECTED_WITH_ERROR indicates the cookie should be rejected because
106 // of an error (rather than something the user can control). this is used for
107 // notification purposes, since we only want to notify of rejections where
108 // the user can do something about it (e.g. whitelist the site).
111 // behavior pref constants
116 // pref string constants
121 // struct for temporarily storing cookie attributes during header parsing
122 struct nsCookieAttributes
123 {
124 nsCAutoString name;
125 nsCAutoString value;
126 nsCAutoString host;
127 nsCAutoString path;
128 nsCAutoString expires;
129 nsCAutoString maxage;
130 PRInt64 expiryTime;
131 PRBool isSession;
132 PRBool isSecure;
133 PRBool isHttpOnly;
134 };
136 // stores linked list iteration state, and provides a rudimentary
137 // list traversal method
138 struct nsListIter
139 {
159 };
161 // stores temporary data for enumerating over the hash entries,
162 // since enumeration is done using callback functions
163 struct nsEnumerationData
164 {
166 PRInt64 aOldestTime)
171 // the current time, in seconds
172 PRInt64 currentTime;
174 // oldest lastAccessed time in the cookie list. use aOldestTime = LL_MAXINT
175 // to enable this search, LL_MININT to disable it.
176 PRInt64 oldestTime;
178 // an iterator object that points to the desired cookie
179 nsListIter iter;
180 };
182 /******************************************************************************
183 * Cookie logging handlers
184 * used for logging in nsCookieService
185 ******************************************************************************/
187 // logging handlers
188 #ifdef MOZ_LOGGING
189 // in order to do logging, the following environment variables need to be set:
190 //
191 // set NSPR_LOG_MODULES=cookie:3 -- shows rejected cookies
192 // set NSPR_LOG_MODULES=cookie:4 -- shows accepted and rejected cookies
193 // set NSPR_LOG_FILE=cookie.log
194 //
195 // this next define has to appear before the include of prlog.h
198 #endif
200 // define logging macros for convenience
201 #define SET_COOKIE PR_TRUE
202 #define GET_COOKIE PR_FALSE
204 #ifdef PR_LOGGING
207 #define COOKIE_LOGFAILURE(a, b, c, d) LogFailure(a, b, c, d)
208 #define COOKIE_LOGSUCCESS(a, b, c, d, e) LogSuccess(a, b, c, d, e)
209 #define COOKIE_LOGEVICTED(a) LogEvicted(a)
210 #define COOKIE_LOGSTRING(lvl, fmt) \
211 PR_BEGIN_MACRO \
212 PR_LOG(sCookieLog, lvl, fmt); \
214 PR_END_MACRO
216 static void
218 {
219 // if logging isn't enabled, return now to save cycles
223 nsCAutoString spec;
233 PRExplodedTime explodedTime;
241 }
243 static void
245 {
246 PRExplodedTime explodedTime;
257 PR_LOG(sCookieLog, PR_LOG_DEBUG,("%s: %s\n", aCookie->IsDomain() ? "domain" : "host", aCookie->Host().get()));
271 PR_LOG(sCookieLog, PR_LOG_DEBUG,("is httpOnly: %s\n", aCookie->IsHttpOnly() ? "true" : "false"));
272 }
273 }
275 static void
276 LogSuccess(PRBool aSetCookie, nsIURI *aHostURI, const char *aCookieString, nsCookie *aCookie, PRBool aReplacing)
277 {
278 // if logging isn't enabled, return now to save cycles
281 }
283 nsCAutoString spec;
292 PR_LOG(sCookieLog, PR_LOG_DEBUG,("replaces existing cookie: %s\n", aReplacing ? "true" : "false"));
297 }
299 static void
301 {
302 // if logging isn't enabled, return now to save cycles
305 }
312 }
314 // inline wrappers to make passing in nsAFlatCStrings easier
316 LogFailure(PRBool aSetCookie, nsIURI *aHostURI, const nsAFlatCString &aCookieString, const char *aReason)
317 {
319 }
322 LogSuccess(PRBool aSetCookie, nsIURI *aHostURI, const nsAFlatCString &aCookieString, nsCookie *aCookie, PRBool aReplacing)
323 {
325 }
327 #else
332 #endif
334 /******************************************************************************
335 * nsCookieService impl:
336 * private list sorting callbacks
337 *
338 * these functions return:
339 * < 0 if the first element should come before the second element,
340 * 0 if the first element may come before or after the second element,
341 * > 0 if the first element should come after the second element.
342 ******************************************************************************/
344 // comparison function for sorting cookies before sending to a server.
345 static int
349 {
353 // compare by cookie path length in accordance with RFC2109
356 // when path lengths match, older cookies should be listed first. this is
357 // required for backwards compatibility since some websites erroneously
358 // depend on receiving cookies in the order in which they were sent to the
359 // browser! see bug 236772.
360 // note: CreationID is unique, so two id's can never be equal.
361 // we may have overflow problems returning the result directly, so we need branches
363 }
365 }
367 /******************************************************************************
368 * nsCookieService impl:
369 * singleton instance ctor/dtor methods
370 ******************************************************************************/
374 nsCookieService*
376 {
380 }
382 // Create a new singleton nsCookieService.
383 // We AddRef only once since XPCOM has rules about the ordering of module
384 // teardowns - by the time our module destructor is called, it's too late to
385 // Release our members (e.g. nsIObserverService and nsIPrefBranch), since GC
386 // cycles have already been completed and would result in serious leaks.
387 // See bug 209571.
393 }
394 }
397 }
399 /******************************************************************************
400 * nsCookieService impl:
401 * public methods
402 ******************************************************************************/
405 nsICookieService,
406 nsICookieManager,
407 nsICookieManager2,
408 nsIObserver,
409 nsISupportsWeakReference)
417 {
418 }
420 nsresult
422 {
425 }
427 nsresult rv;
431 // init our pref and observer
438 }
440 // ignore failure here, since it's non-fatal (we can run fine without
441 // persistent storage - e.g. if there's no profile)
458 Observe(nsnull, NS_PRIVATE_BROWSING_SWITCH_TOPIC, NS_LITERAL_STRING(NS_PRIVATE_BROWSING_ENTER).get());
459 }
460 }
461 }
467 }
470 }
472 nsresult
474 {
485 // cache a connection to the cookie database
488 // delete and try again
493 }
503 // table already exists; check the schema version before reading
504 PRInt32 dbSchemaVersion;
509 // upgrading.
510 // every time you increment the database schema, you need to implement
511 // the upgrading code from the previous version to the new one.
513 {
514 // add the lastAccessed column to the table
519 // update the schema version
522 }
523 // fall through to the next upgrade
529 {
532 // the table may be usable; someone might've just clobbered the schema
533 // version. we can treat this case like a downgrade using the codepath
534 // below, by verifying the columns we care about are all there. for now,
535 // re-set the schema version in the db, in case the checks succeed (if
536 // they don't, we're dropping the table anyway).
539 }
540 // fall through to downgrade check
542 // downgrading.
543 // if columns have been added to the table, we can still use the ones we
544 // understand safely. if columns have been deleted or altered, just
545 // blow away the table and start from scratch! if you change the way
546 // a column is interpreted, make sure you also change its name so this
547 // check will catch it.
549 {
550 // check if all the expected columns exist
553 "SELECT id, name, value, host, path, expiry, isSecure, isHttpOnly "
558 // our columns aren't there - drop the table!
564 }
566 }
567 }
569 // make operations on the table asynchronous, for performance
572 // open in exclusive mode for performance
575 // cache frequently used statements (for insertion, deletion, and updating)
577 "INSERT INTO moz_cookies "
578 "(id, name, value, host, path, expiry, lastAccessed, isSecure, isHttpOnly) "
590 // check whether to import or just read in the db
601 // we're done importing - delete the old cookie file
604 }
606 // sets the schema version and creates the moz_cookies table.
607 nsresult
609 {
610 // set the schema version, before creating the table
614 // create the table
616 "CREATE TABLE moz_cookies ("
617 "id INTEGER PRIMARY KEY, name TEXT, value TEXT, host TEXT, path TEXT,"
619 }
622 {
624 }
626 NS_IMETHODIMP
630 {
631 // check the topic
633 // The profile is about to change,
634 // or is going away because the application is shutting down.
639 // clear the cookie file
643 }
645 // Close the DB connection before changing
648 }
651 // the profile has already changed; init the db from the new location
660 // backup the existing in-memory DB
665 }
666 // close the connection to the on-disk DB
671 // continue to use the in-memory DB
673 // open the connection to the on-disk DB
675 // restore the in-memory DB as it was prior to private browsing
681 // continue to use both on-disk and in-memory DB
682 }
683 }
686 }
688 NS_IMETHODIMP
692 {
696 }
698 NS_IMETHODIMP
703 {
707 }
709 NS_IMETHODIMP
714 {
716 }
718 NS_IMETHODIMP
725 {
726 return SetCookieStringInternal(aHostURI, aPrompt, aCookieHeader, aServerTime, aChannel, PR_TRUE);
727 }
729 nsresult
735 PRBool aFromHttp)
736 {
740 }
742 // check default prefs
744 // fire a notification if cookie was rejected (but not if there was an error)
750 }
752 // parse server local time. this is not just done here for efficiency
753 // reasons - if there's an error parsing it, and we need to default it
754 // to the current time, we must do it here since the current time in
755 // SetCookieInternal() will change for each cookie processed (e.g. if the
756 // user is prompted).
757 PRTime tempServerTime;
758 PRInt64 serverTime;
763 }
765 // start a transaction on the storage db, to optimize insertions.
766 // transaction will automically commit on completion
769 // switch to a nice string type now, and process each cookie in the header
774 }
776 // notify observers that a cookie was rejected due to the users' prefs.
777 void
779 {
782 }
784 // notify observers that the cookie list changed. there are four possible
785 // values for aData:
786 // "deleted" means a cookie was deleted. aCookie is the deleted cookie.
787 // "added" means a cookie was added. aCookie is the added cookie.
788 // "changed" means a cookie was altered. aCookie is the new cookie.
789 // "cleared" means the entire cookie list was cleared. aCookie is null.
790 void
793 {
796 }
798 /******************************************************************************
799 * nsCookieService:
800 * pref observer impl
801 ******************************************************************************/
803 void
805 {
806 PRInt32 val;
815 }
817 /******************************************************************************
818 * nsICookieManager impl:
819 * nsICookieManager
820 ******************************************************************************/
822 NS_IMETHODIMP
824 {
827 // clear the cookie file
831 // Database must be corrupted, so remove it completely.
837 }
838 }
842 }
844 // helper struct for passing arguments into hash enumeration callback.
845 struct nsGetEnumeratorData
846 {
852 PRInt64 currentTime;
853 };
855 static PLDHashOperator
858 {
862 // only append non-expired cookies
865 }
867 }
869 NS_IMETHODIMP
871 {
878 }
880 NS_IMETHODIMP
885 PRBool aIsSecure,
886 PRBool aIsHttpOnly,
887 PRBool aIsSession,
888 PRInt64 aExpiry)
889 {
894 aExpiry,
895 currentTimeInUsec,
896 currentTimeInUsec,
897 aIsSession,
898 aIsSecure,
899 aIsHttpOnly);
902 }
906 }
908 NS_IMETHODIMP
912 PRBool aBlocked)
913 {
914 nsListIter matchIter;
918 matchIter,
923 }
925 // check if we need to add the host to the permissions blacklist.
929 // strip off the domain dot, if necessary
932 else
940 }
943 }
945 /******************************************************************************
946 * nsCookieService impl:
947 * private file I/O functions
948 ******************************************************************************/
950 nsresult
952 {
953 nsresult rv;
955 // delete expired cookies, before we read in the db
956 {
957 // scope the deletion, so the write lock is released when finished
966 PRBool hasResult;
969 }
971 // let the reading begin!
974 "SELECT id, name, value, host, path, expiry, lastAccessed, isSecure, isHttpOnly "
979 PRBool hasResult;
993 // create a new nsCookie and assign the data.
996 expiry,
997 lastAccessed,
998 creationID,
999 PR_FALSE,
1000 isSecure,
1001 isHttpOnly);
1006 // It is purpose that created us; purpose that connects us;
1007 // purpose that pulls us; that guides us; that drives us.
1008 // It is purpose that defines us; purpose that binds us.
1009 // When a cookie no longer has purpose, it has a choice:
1010 // it can return to the source to be deleted, or it can go
1011 // into exile, and stay hidden inside the Matrix.
1012 // Let's choose deletion.
1014 }
1019 }
1021 NS_IMETHODIMP
1023 {
1024 nsresult rv;
1032 // start a transaction on the storage db, to optimize insertions.
1033 // transaction will automically commit on completion
1038 nsCAutoString buffer;
1040 PRInt32 hostIndex, isDomainIndex, pathIndex, secureIndex, expiresIndex, nameIndex, cookieIndex;
1042 PRInt32 numInts;
1043 PRInt64 expires;
1049 // we use lastAccessedCounter to keep cookies in recently-used order,
1050 // so we start by initializing to currentTime (somewhat arbitrary)
1053 /* file format is:
1054 *
1055 * host \t isDomain \t path \t secure \t expires \t name \t cookie
1056 *
1057 * if this format isn't respected we move onto the next line in the file.
1058 * isDomain is "TRUE" or "FALSE" (default to "FALSE")
1059 * isSecure is "TRUE" or "FALSE" (default to "TRUE")
1060 * expires is a PRInt64 integer
1061 * note 1: cookie can contain tabs.
1062 * note 2: cookies will be stored in order of lastAccessed time:
1063 * most-recently used come first; least-recently-used come last.
1064 */
1066 /*
1067 * ...but due to bug 178933, we hide HttpOnly cookies from older code
1068 * in a comment, so they don't expose HttpOnly cookies to JS.
1069 *
1070 * The format for HttpOnly cookies is
1071 *
1072 * #HttpOnly_host \t isDomain \t path \t secure \t expires \t name \t cookie
1073 *
1074 */
1085 }
1087 // this is a cheap, cheesy way of parsing a tab-delimited line into
1088 // string indexes, which can be lopped off into substrings. just for
1089 // purposes of obfuscation, it also checks that each token was found.
1090 // todo: use iterators?
1098 }
1100 // check the expirytime first - if it's expired, ignore
1101 // nullstomp the trailing tab, to avoid copying the string
1107 }
1109 isDomain = Substring(buffer, isDomainIndex, pathIndex - isDomainIndex - 1).EqualsLiteral(kTrue);
1110 const nsASingleFragmentCString &host = Substring(buffer, hostIndex, isDomainIndex - hostIndex - 1);
1111 // check for bad legacy cookies (domain not starting with a dot, or containing a port),
1112 // and discard
1116 }
1118 // create a new nsCookie and assign the data.
1119 // we don't know the cookie creation time, so just use the current time;
1120 // this is okay, since nsCookie::Create() will make sure the creation id
1121 // ends up monotonically increasing.
1125 host,
1127 expires,
1128 lastAccessedCounter,
1129 currentTimeInUsec,
1130 PR_FALSE,
1132 isHttpOnly);
1135 }
1137 // trick: preserve the most-recently-used cookie ordering,
1138 // by successively decrementing the lastAccessed time
1139 lastAccessedCounter--;
1143 else
1145 }
1150 }
1152 /******************************************************************************
1153 * nsCookieService impl:
1154 * private GetCookie/SetCookie helpers
1155 ******************************************************************************/
1157 // helper function for GetCookieList
1158 static inline PRBool ispathdelimiter(char c) { return c == '/' || c == '?' || c == '#' || c == ';'; }
1160 void
1163 PRBool aHttpBound,
1165 {
1171 }
1173 // check default prefs
1175 // for GetCookie(), we don't fire rejection notifications.
1180 }
1182 // get host and path from the nsIURI
1183 // note: there was a "check if host has embedded whitespace" here.
1184 // it was removed since this check was added into the nsIURI impl (bug 146094).
1190 }
1191 // trim trailing dots
1193 // insert a leading dot, so we begin the hash lookup with the
1194 // equivalent domain cookie host
1197 // check if aHostURI is using an https secure protocol.
1198 // if it isn't, then we can't send a secure cookie over the connection.
1199 // if SchemeIs fails, assume an insecure connection, to be on the safe side
1200 PRBool isSecure;
1203 }
1206 nsAutoVoidArray foundCookieList;
1213 // begin hash lookup, walking up the subdomain levels.
1214 // we use nextDot to force a lookup of the original host (without leading dot).
1219 // if the cookie is secure and the host scheme isn't, we can't send it
1222 }
1224 // if the cookie is httpOnly and it's not going directly to the HTTP
1225 // connection, don't send it
1228 }
1230 // calculate cookie path length, excluding trailing '/'
1234 }
1236 // if the nsIURI path is shorter than the cookie path, don't send it back
1239 }
1243 /*
1244 * |ispathdelimiter| tests four cases: '/', '?', '#', and ';'.
1245 * '/' is the "standard" case; the '?' test allows a site at host/abc?def
1246 * to receive a cookie that has a path attribute of abc. this seems
1247 * strange but at least one major site (citibank, bug 156725) depends
1248 * on it. The test for # and ; are put in to proactively avoid problems
1249 * with other sites - these are the only other chars allowed in the path.
1250 */
1252 }
1254 // check if the cookie has expired
1257 }
1259 // all checks passed - add to list and check if lastAccessed stamp needs updating
1263 }
1275 // update lastAccessed timestamps. we only do this if the timestamp is stale
1276 // by a certain amount, to avoid thrashing the db during pageload.
1278 // start a transaction on the storage db, to optimize updates.
1279 // transaction will automically commit on completion.
1287 }
1288 }
1290 // return cookies in order of path length; longest to shortest.
1291 // this is required per RFC2109. if cookies match in length,
1292 // then sort by creation time (see bug 236772).
1295 nsCAutoString cookieData;
1299 // check if we have anything to write
1301 // if we've already added a cookie to the return list, append a "; " so
1302 // that subsequent cookies are delimited in the final list.
1305 }
1308 // we have a name and value - write both
1311 // just write value
1313 }
1314 }
1315 }
1317 // it's wasteful to alloc a new string; but we have no other choice, until we
1318 // fix the callers to use nsACStrings.
1322 }
1323 }
1325 // processes a single cookie, and returns PR_TRUE if there are more cookies
1326 // to be processed
1327 PRBool
1331 PRInt64 aServerTime,
1332 PRBool aFromHttp)
1333 {
1334 // create a stack-based nsCookieAttributes, to store all the
1335 // attributes parsed from the cookie
1336 nsCookieAttributes cookieAttributes;
1338 // init expiryTime such that session cookies won't prematurely expire
1341 // aCookieHeader is an in/out param to point to the next cookie, if
1342 // there is one. Save the present value for logging purposes
1345 // newCookie says whether there are multiple cookies in the header;
1346 // so we can handle them separately.
1351 // calculate expiry time of cookie.
1355 // reject cookie if it's over the size limit, per RFC2109
1359 }
1364 }
1366 // domain & path checks
1370 }
1374 }
1376 // create a new nsCookie and copy attributes
1383 currentTimeInUsec,
1384 currentTimeInUsec,
1391 // check permissions from site permission list, or ask the user,
1392 // to determine if we can set the cookie
1394 PRBool permission;
1395 // we need to think about prompters/parent windows here - TestPermission
1396 // needs one to prompt, so right now it has to fend for itself to get one
1398 aChannel,
1404 COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie rejected by permission manager");
1407 }
1409 // update isSession and expiry attributes, in case they changed
1412 }
1414 // add the cookie to the list. AddInternal() takes care of logging.
1415 // we get the current time again here, since it may have changed during prompting
1418 }
1420 // this is a backend function for adding a cookie to the list, via SetCookie.
1421 // also used in the cookie manager, for profile migration from IE.
1422 // it either replaces an existing cookie; or adds the cookie to the hashtable,
1423 // and deletes a cookie (if maximum number of cookies has been
1424 // reached). also performs list maintenance by removing expired cookies.
1425 void
1427 PRInt64 aCurrentTime,
1430 PRBool aFromHttp)
1431 {
1432 // if the new cookie is httponly, make sure we're not coming from script
1434 COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "cookie is httponly; coming from script");
1436 }
1438 // start a transaction on the storage db, to optimize deletions/insertions.
1439 // transaction will automically commit on completion. if we already have a
1440 // transaction (e.g. from SetCookie*()), this will have no effect.
1443 nsListIter matchIter;
1451 // if the old cookie is httponly, make sure we're not coming from script
1453 COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "previously stored cookie is httponly; coming from script");
1455 }
1459 // check if the cookie has expired
1461 COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, "previously stored cookie was deleted");
1464 }
1466 // preserve creation time of cookie
1471 // check if cookie has already expired
1475 }
1477 // check if we have to delete an old cookie.
1480 // remove the oldest cookie from host
1485 // try to make room, by removing expired cookies
1488 // check if we still have to get rid of something
1490 // find the position of the oldest cookie, and remove it
1495 }
1496 }
1498 // if we deleted an old cookie, notify consumers
1502 }
1503 }
1505 // add the cookie to head of list
1511 }
1513 /******************************************************************************
1514 * nsCookieService impl:
1515 * private cookie header parsing functions
1516 ******************************************************************************/
1518 // The following comment block elucidates the function of ParseAttributes.
1519 /******************************************************************************
1520 ** Augmented BNF, modified from RFC2109 Section 4.2.2 and RFC2616 Section 2.1
1521 ** please note: this BNF deviates from both specifications, and reflects this
1522 ** implementation. <bnf> indicates a reference to the defined grammar "bnf".
1524 ** Differences from RFC2109/2616 and explanations:
1525 1. implied *LWS
1526 The grammar described by this specification is word-based. Except
1527 where noted otherwise, linear white space (<LWS>) can be included
1528 between any two adjacent words (token or quoted-string), and
1529 between adjacent words and separators, without changing the
1530 interpretation of a field.
1531 <LWS> according to spec is SP|HT|CR|LF, but here, we allow only SP | HT.
1533 2. We use CR | LF as cookie separators, not ',' per spec, since ',' is in
1534 common use inside values.
1536 3. tokens and values have looser restrictions on allowed characters than
1537 spec. This is also due to certain characters being in common use inside
1538 values. We allow only '=' to separate token/value pairs, and ';' to
1539 terminate tokens or values. <LWS> is allowed within tokens and values
1540 (see bug 206022).
1542 4. where appropriate, full <OCTET>s are allowed, where the spec dictates to
1543 reject control chars or non-ASCII chars. This is erring on the loose
1544 side, since there's probably no good reason to enforce this strictness.
1546 5. cookie <NAME> is optional, where spec requires it. This is a fairly
1547 trivial case, but allows the flexibility of setting only a cookie <VALUE>
1548 with a blank <NAME> and is required by some sites (see bug 169091).
1550 6. Attribute "HttpOnly", not covered in the RFCs, is supported
1551 (see bug 178993).
1553 ** Begin BNF:
1554 token = 1*<any allowed-chars except separators>
1555 value = token-value | quoted-string
1556 token-value = 1*<any allowed-chars except value-sep>
1557 quoted-string = ( <"> *( qdtext | quoted-pair ) <"> )
1558 qdtext = <any allowed-chars except <">> ; CR | LF removed by necko
1559 quoted-pair = "\" <any OCTET except NUL or cookie-sep> ; CR | LF removed by necko
1560 separators = ";" | "="
1561 value-sep = ";"
1562 cookie-sep = CR | LF
1563 allowed-chars = <any OCTET except NUL or cookie-sep>
1564 OCTET = <any 8-bit sequence of data>
1565 LWS = SP | HT
1566 NUL = <US-ASCII NUL, null control character (0)>
1567 CR = <US-ASCII CR, carriage return (13)>
1568 LF = <US-ASCII LF, linefeed (10)>
1569 SP = <US-ASCII SP, space (32)>
1570 HT = <US-ASCII HT, horizontal-tab (9)>
1572 set-cookie = "Set-Cookie:" cookies
1573 cookies = cookie *( cookie-sep cookie )
1574 cookie = [NAME "="] VALUE *(";" cookie-av) ; cookie NAME/VALUE must come first
1575 NAME = token ; cookie name
1576 VALUE = value ; cookie value
1577 cookie-av = token ["=" value]
1579 valid values for cookie-av (checked post-parsing) are:
1580 cookie-av = "Path" "=" value
1581 | "Domain" "=" value
1582 | "Expires" "=" value
1583 | "Max-Age" "=" value
1584 | "Comment" "=" value
1585 | "Version" "=" value
1586 | "Secure"
1587 | "HttpOnly"
1589 ******************************************************************************/
1591 // helper functions for GetTokenValue
1598 // Parse a single token/value pair.
1599 // Returns PR_TRUE if a cookie terminator is found, so caller can parse new cookie.
1600 PRBool
1606 {
1608 // initialize value string to clear garbage
1611 // find <token>, including any <LWS> between the end-of-token and the
1612 // token separator. we'll remove trailing <LWS> next
1619 // remove trailing <LWS>; first check we're not at the beginning
1624 }
1629 // find <value>
1635 // process <quoted-string>
1636 // (note: cookie terminators, CR | LF, can't happen:
1637 // they're removed by necko before the header gets here)
1638 // assume value mangled if no terminating '"', return
1640 // if <qdtext> (backwhacked char), skip over it. this allows '\"' in <quoted-string>.
1641 // we increment once over the backwhack, nullcheck, then continue to the 'while',
1642 // which increments over the backwhacked char. one exception - we don't allow
1643 // CR | LF here either (see above about necko)
1646 }
1649 // include terminating quote in attribute string
1651 // skip to next ';'
1654 }
1656 // process <token-value>
1657 // just look for ';' to terminate ('=' allowed)
1661 // remove trailing <LWS>; first check we're not at the beginning
1666 }
1667 }
1668 }
1670 // aIter is on ';', or terminator, or EOS
1672 // if on terminator, increment past & return PR_TRUE to process new cookie
1676 }
1677 // fall-through: aIter is on ';', increment and return PR_FALSE
1679 }
1681 }
1683 // Parses attributes from cookie header. expires/max-age attributes aren't folded into the
1684 // cookie struct here, because we don't know which one to use until we've parsed the header.
1685 PRBool
1688 {
1708 // extract cookie <NAME> & <VALUE> (first attribute), and copy the strings.
1709 // if we find multiple cookies, return for processing
1710 // note: if there's no '=', we assume token is <VALUE>. this is required by
1711 // some sites (see bug 169091).
1712 // XXX fix the parser to parse according to <VALUE> grammar for this case
1719 }
1721 // extract remaining attributes
1729 // our parameter is a quoted-string; remove quotes for later parsing
1731 }
1732 }
1734 // decide which attribute we have, and copy the string
1747 // ignore any tokenValue for isSecure; just set the boolean
1751 // ignore any tokenValue for isHttpOnly (see bug 178993);
1752 // just set the boolean
1755 }
1757 // rebind aCookieHeader, in case we need to process another cookie
1760 }
1762 /******************************************************************************
1763 * nsCookieService impl:
1764 * private domain & permission compliance enforcement functions
1765 ******************************************************************************/
1767 PRBool
1770 {
1771 // Get hosts
1775 // assume foreign
1777 }
1778 // trim trailing dots
1782 // fast path: check if the two hosts are identical.
1783 // this also covers two special cases:
1784 // 1) if we're dealing with IP addresses, require an exact match. this
1785 // eliminates any chance of IP address funkiness (e.g. the alias 127.1
1786 // domain-matching 99.54.127.1). bug 105917 originally noted the requirement
1787 // to deal with IP addresses. note that GetBaseDomain() below will return an
1788 // error if the URI is an IP address.
1789 // 2) we also need this for the (rare) case where the site is actually an eTLD,
1790 // e.g. http://co.tv; GetBaseDomain() will throw an error and we might
1791 // erroneously think currentHost is foreign. so we consider this case non-
1792 // foreign only if the hosts exactly match.
1796 // get the base domain for the originating URI.
1797 // e.g. for "images.bbc.co.uk", this would be "bbc.co.uk".
1798 nsCAutoString baseDomain;
1801 // URI is an IP, eTLD, or something else went wrong - assume foreign
1803 }
1806 // ensure the host domain is derived from the base domain.
1807 // we prepend dots before the comparison to ensure e.g.
1808 // "mybbc.co.uk" isn't matched as a superset of "bbc.co.uk".
1812 }
1814 PRUint32
1818 {
1819 nsresult rv;
1821 // don't let ftp sites get/set cookies (could be a security issue)
1822 PRBool ftp;
1824 COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "ftp sites cannot read cookies");
1826 }
1828 // check the permission list first; if we find an entry, it overrides
1829 // default prefs. see bug 184059.
1831 nsCookieAccess access;
1834 // if we found an entry, use it
1838 COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "cookies are blocked for this site");
1843 }
1844 }
1845 }
1847 // check default prefs
1849 COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "cookies are disabled");
1853 // check if cookie is foreign
1855 NS_WARNING("Foreign cookie blocking enabled, but nsICookiePermission unavailable! Rejecting cookie");
1856 COOKIE_LOGSTRING(PR_LOG_WARNING, ("CheckPrefs(): foreign blocking enabled, but nsICookiePermission unavailable! Rejecting cookie"));
1858 }
1864 COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "originating server test failed");
1866 }
1867 }
1869 // if nothing has complained, accept cookie
1871 }
1873 // processes domain attribute, and returns PR_TRUE if host has permission to set for this domain.
1874 PRBool
1877 {
1878 nsresult rv;
1880 // get host from aHostURI
1881 nsCAutoString hostFromURI;
1884 }
1885 // trim trailing dots
1888 // if a domain is given, check the host has permission
1891 // switch to lowercase now, to avoid case-insensitive compares everywhere
1894 // get the base domain for the host URI.
1895 // e.g. for "images.bbc.co.uk", this would be "bbc.co.uk", which
1896 // represents the lowest level domain a cookie can be set for.
1897 nsCAutoString baseDomain;
1901 // check whether the host is an IP address, and leave the cookie as
1902 // a non-domain one. this will require an exact host match for the cookie,
1903 // so we eliminate any chance of IP address funkiness (e.g. the alias 127.1
1904 // domain-matching 99.54.127.1). bug 105917 originally noted the
1905 // requirement to deal with IP addresses.
1910 }
1912 // ensure the proposed domain is derived from the base domain; and also
1913 // that the host domain is derived from the proposed domain (per RFC2109).
1914 // we prepend a dot before the comparison to ensure e.g.
1915 // "mybbc.co.uk" isn't matched as a superset of "bbc.co.uk".
1922 /*
1923 * note: RFC2109 section 4.3.2 requires that we check the following:
1924 * that the portion of host not in domain does not contain a dot.
1925 * this prevents hosts of the form x.y.co.nz from setting cookies in the
1926 * entire .co.nz domain. however, it's only a only a partial solution and
1927 * it breaks sites (IE doesn't enforce it), so we don't perform this check.
1928 */
1929 }
1931 // block any URIs without a host that aren't file:/// URIs
1937 }
1939 // no domain specified, use hostFromURI
1943 }
1945 PRBool
1948 {
1949 // if a path is given, check the host has permission
1951 // strip down everything after the last slash to get the path,
1952 // ignoring slashes in the query string part.
1953 // if we can QI to nsIURL, that'll take care of the query string portion.
1954 // otherwise, it's not an nsIURL and can't have a query string, so just find the last slash.
1963 }
1964 }
1966 #if 0
1968 /**
1969 * The following test is part of the RFC2109 spec. Loosely speaking, it says that a site
1970 * cannot set a cookie for a path that it is not on. See bug 155083. However this patch
1971 * broke several sites -- nordea (bug 155768) and citibank (bug 156725). So this test has
1972 * been disabled, unless we can evangelize these sites.
1973 */
1974 // get path from aHostURI
1975 nsCAutoString pathFromURI;
1979 }
1980 #endif
1981 }
1988 }
1990 PRBool
1992 PRInt64 aServerTime,
1993 PRInt64 aCurrentTime)
1994 {
1995 /* Determine when the cookie should expire. This is done by taking the difference between
1996 * the server time and the time the server wants the cookie to expire, and adding that
1997 * difference to the client time. This localizes the client time regardless of whether or
1998 * not the TZ environment variable was set on the client.
1999 *
2000 * Note: We need to consider accounting for network lag here, per RFC.
2001 */
2002 PRInt64 delta;
2004 // check for max-age attribute first; this overrides expires attribute
2006 // obtain numeric value of maxageAttribute
2007 PRInt64 maxage;
2010 // default to session cookie if the conversion failed
2013 }
2017 // check for expires attribute
2019 PRTime tempExpires;
2020 PRInt64 expires;
2022 // parse expiry time
2023 if (PR_ParseTimeString(aCookieAttributes.expires.get(), PR_TRUE, &tempExpires) == PR_SUCCESS) {
2027 }
2031 // default to session cookie if no attributes found
2034 }
2036 // if this addition overflows, expiryTime will be less than currentTime
2037 // and the cookie will be expired - that's okay.
2041 }
2043 /******************************************************************************
2044 * nsCookieService impl:
2045 * private cookielist management functions
2046 ******************************************************************************/
2048 void
2050 {
2051 // clearing the hashtable will call each nsCookieEntry's dtor,
2052 // which releases all their respective children.
2055 }
2057 PLDHashOperator
2060 {
2064 // remove from list. this takes care of updating the iterator for us
2066 else
2068 }
2070 }
2072 // removes any expired cookies from memory
2073 void
2075 {
2076 #ifdef PR_LOGGING
2078 #endif
2080 COOKIE_LOGSTRING(PR_LOG_DEBUG, ("RemoveExpiredCookies(): %ld purged; %ld remain", initialCookieCount - mCookieCount, mCookieCount));
2081 }
2083 // find whether a given cookie has been previously set. this is provided by the
2084 // nsICookieManager2 interface.
2085 NS_IMETHODIMP
2088 {
2091 // just a placeholder
2092 nsListIter iter;
2104 }
2106 // count the number of cookies from a given host, and simultaneously find the
2107 // oldest cookie from the host.
2108 PRUint32
2111 {
2121 // only count non-expired cookies
2125 // check if we've found the oldest cookie so far
2129 }
2130 }
2131 }
2140 }
2142 // count the number of cookies stored by a particular host. this is provided by the
2143 // nsICookieManager2 interface.
2144 NS_IMETHODIMP
2147 {
2148 // we don't care about finding the oldest cookie here, so disable the search
2153 }
2155 // find an exact cookie specified by host, name, and path that hasn't expired.
2156 PRBool
2161 PRInt64 aCurrentTime)
2162 {
2169 }
2170 }
2173 }
2175 // removes a cookie from the hashtable, and update the iterator state.
2176 void
2178 {
2179 // if it's a non-session cookie, remove it from the db
2181 // use our cached sqlite "delete" statement
2186 PRBool hasResult;
2188 }
2192 COOKIE_LOGSTRING(PR_LOG_WARNING, ("RemoveCookieFromList(): removing from db gave error %x", rv));
2193 }
2194 }
2197 // we're removing the last element in the list - so just remove the entry
2198 // from the hash. note that the entryclass' dtor will take care of
2199 // releasing this last element for us!
2204 // just remove the element from the list, and increment the iterator
2208 // element to remove is not the head
2211 // element to remove is the head
2213 }
2214 }
2217 }
2219 nsresult
2221 {
2222 nsresult rv;
2250 }
2252 PRBool
2254 {
2260 }
2268 // if it's a non-session cookie and hasn't just been read from the db, write it out.
2270 // use our cached sqlite "insert" statement
2275 PRBool hasResult;
2277 }
2282 }
2283 }
2286 }
2288 void
2290 {
2291 // update the lastAccessed timestamp
2294 // if it's a non-session cookie, update it in the db too
2296 // use our cached sqlite "update" statement
2303 PRBool hasResult;
2305 }
2306 }
2311 }
2312 }
2313 }
2315 static PLDHashOperator
2318 {
2321 // check if we've found the oldest cookie so far
2325 }
2326 }
2328 }
2330 void
2332 {
2334 }