SessionCookies.jsm does not restore the SameSite flag of session cookies
Categories
(Firefox :: Session Restore, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox70 | --- | fixed |
People
(Reporter: robwu, Assigned: dennisschagt)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
SessionCookiesInternal.restore
unconditionally uses SAMESITE_NONE
as the sameSite flag. This is incorrect, the sameSite
flag should have been saved at CookieStore.add
and be restored later.
The effect of this is that after a session restore, session cookies could inadvertently be included in requests where they shouldn't have been included (when SameSite=Lax
or SameSite=Strict
).
Comment 1•5 years ago
|
||
The priority flag is not set for this bug.
:mikedeboer, could you have a look please?
For more information, please visit auto_nag documentation.
Comment 2•5 years ago
|
||
Sounds plausible to me, but I unfortunately don't have time to work on this right now. Please feel free to pick this up - I'd be more than happy to mentor!
Assignee | ||
Comment 3•5 years ago
|
||
Bug 1556151 - SessionStore: Save and restore cookie.sameSite flag
Assignee | ||
Comment 4•5 years ago
|
||
I just submitted a patch and added :mikedeboer as reviewer.
:mikedeboer, Could you assign this bug to me?
This is one of my first contributions to Firefox. Please let me know if there is anything I can improve on.
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Pushed by dvarga@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/922be4adb708
SessionStore: Save and restore cookie.sameSite flag r=mikedeboer
Comment 6•5 years ago
|
||
bugherder |
Comment 7•5 years ago
|
||
Dennis, well done for (one of) your first contribution(s) to Firefox! I'm looking forward to many more in the future!
Description
•