--- a/toolkit/components/extensions/ext-cookies.js
+++ b/toolkit/components/extensions/ext-cookies.js
@@ -3,26 +3,31 @@
// The ext-* files are imported into the same scopes.
/* import-globals-from ext-toolkit.js */
XPCOMUtils.defineLazyModuleGetter(this, "Services",
"resource://gre/modules/Services.jsm");
/* globals DEFAULT_STORE, PRIVATE_STORE */
+var {
+ ExtensionError,
+} = ExtensionUtils;
+
const convertCookie = ({cookie, isPrivate}) => {
let result = {
name: cookie.name,
value: cookie.value,
domain: cookie.host,
hostOnly: !cookie.isDomain,
path: cookie.path,
secure: cookie.isSecure,
httpOnly: cookie.isHttpOnly,
session: cookie.isSession,
+ firstPartyDomain: cookie.originAttributes.firstPartyDomain || "",
};
if (!cookie.isSession) {
result.expirationDate = cookie.expiry;
}
if (cookie.originAttributes.userContextId) {
result.storeId = getCookieStoreIdForContainer(cookie.originAttributes.userContextId);
@@ -172,16 +177,19 @@ const query = function* (detailsIn, prop
// We can use getCookiesFromHost for faster searching.
let enumerator;
let url;
let originAttributes = {
userContextId,
privateBrowsingId: isPrivate ? 1 : 0,
};
+ if ("firstPartyDomain" in details) {
+ originAttributes.firstPartyDomain = details.firstPartyDomain;
+ }
if ("url" in details) {
try {
url = new URL(details.url);
enumerator = Services.cookies.getCookiesFromHost(url.hostname, originAttributes);
} catch (ex) {
// This often happens for about: URLs
return;
}
@@ -261,39 +269,67 @@ const query = function* (detailsIn, prop
for (const cookie of XPCOMUtils.IterSimpleEnumerator(enumerator, Ci.nsICookie2)) {
if (matches(cookie)) {
yield {cookie, isPrivate, storeId};
}
}
};
+const normalizeFirstPartyDomain = (details) => {
+ if (details.firstPartyDomain != null) {
+ return;
+ }
+ if (Services.prefs.getBoolPref("privacy.firstparty.isolate")) {
+ throw new ExtensionError("First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set.");
+ }
+
+ // When FPI is disabled, the "firstPartyDomain" attribute is optional
+ // and defaults to the empty string.
+ details.firstPartyDomain = "";
+};
+
this.cookies = class extends ExtensionAPI {
getAPI(context) {
let {extension} = context;
let self = {
cookies: {
get: function(details) {
+ normalizeFirstPartyDomain(details);
+
// FIXME: We don't sort by length of path and creation time.
- for (let cookie of query(details, ["url", "name", "storeId"], context)) {
+ let allowed = ["url", "name", "storeId", "firstPartyDomain"];
+ for (let cookie of query(details, allowed, context)) {
return Promise.resolve(convertCookie(cookie));
}
// Found no match.
return Promise.resolve(null);
},
getAll: function(details) {
+ if (!("firstPartyDomain" in details)) {
+ normalizeFirstPartyDomain(details);
+ }
+
let allowed = ["url", "name", "domain", "path", "secure", "session", "storeId"];
+
+ // firstPartyDomain may be set to null or undefined to not filter by FPD.
+ if (details.firstPartyDomain != null) {
+ allowed.push("firstPartyDomain");
+ }
+
let result = Array.from(query(details, allowed, context), convertCookie);
return Promise.resolve(result);
},
set: function(details) {
+ normalizeFirstPartyDomain(details);
+
let uri = Services.io.newURI(details.url);
let path;
if (details.path !== null) {
path = details.path;
} else {
// This interface essentially emulates the behavior of the
// Set-Cookie header. In the case of an omitted path, the cookie
@@ -328,35 +364,40 @@ this.cookies = class extends ExtensionAP
let cookieAttrs = {host: details.domain, path: path, isSecure: secure};
if (!checkSetCookiePermissions(extension, uri, cookieAttrs)) {
return Promise.reject({message: `Permission denied to set cookie ${JSON.stringify(details)}`});
}
let originAttributes = {
userContextId,
privateBrowsingId: isPrivate ? 1 : 0,
+ firstPartyDomain: details.firstPartyDomain,
};
// The permission check may have modified the domain, so use
// the new value instead.
Services.cookies.add(cookieAttrs.host, path, name, value,
secure, httpOnly, isSession, expiry, originAttributes);
return self.cookies.get(details);
},
remove: function(details) {
- for (let {cookie, storeId} of query(details, ["url", "name", "storeId"], context)) {
+ normalizeFirstPartyDomain(details);
+
+ let allowed = ["url", "name", "storeId", "firstPartyDomain"];
+ for (let {cookie, storeId} of query(details, allowed, context)) {
Services.cookies.remove(cookie.host, cookie.name, cookie.path, false, cookie.originAttributes);
// TODO Bug 1387957: could there be multiple per subdomain?
return Promise.resolve({
url: details.url,
name: details.name,
storeId,
+ firstPartyDomain: details.firstPartyDomain,
});
}
return Promise.resolve(null);
},
getAllCookieStores: function() {
let data = {};
--- a/toolkit/components/extensions/schemas/cookies.json
+++ b/toolkit/components/extensions/schemas/cookies.json
@@ -31,17 +31,18 @@
"value": {"type": "string", "description": "The value of the cookie."},
"domain": {"type": "string", "description": "The domain of the cookie (e.g. \"www.google.com\", \"example.com\")."},
"hostOnly": {"type": "boolean", "description": "True if the cookie is a host-only cookie (i.e. a request's host must exactly match the domain of the cookie)."},
"path": {"type": "string", "description": "The path of the cookie."},
"secure": {"type": "boolean", "description": "True if the cookie is marked as Secure (i.e. its scope is limited to secure channels, typically HTTPS)."},
"httpOnly": {"type": "boolean", "description": "True if the cookie is marked as HttpOnly (i.e. the cookie is inaccessible to client-side scripts)."},
"session": {"type": "boolean", "description": "True if the cookie is a session cookie, as opposed to a persistent cookie with an expiration date."},
"expirationDate": {"type": "number", "optional": true, "description": "The expiration date of the cookie as the number of seconds since the UNIX epoch. Not provided for session cookies."},
- "storeId": {"type": "string", "description": "The ID of the cookie store containing this cookie, as provided in getAllCookieStores()."}
+ "storeId": {"type": "string", "description": "The ID of the cookie store containing this cookie, as provided in getAllCookieStores()."},
+ "firstPartyDomain": {"type": "string", "description": "The first-party domain of the cookie."}
}
},
{
"id": "CookieStore",
"type": "object",
"description": "Represents a cookie store in the browser. An incognito mode window, for instance, uses a separate cookie store from a non-incognito window.",
"properties": {
"id": {"type": "string", "description": "The unique identifier for the cookie store."},
@@ -65,17 +66,18 @@
"parameters": [
{
"type": "object",
"name": "details",
"description": "Details to identify the cookie being retrieved.",
"properties": {
"url": {"type": "string", "description": "The URL with which the cookie to retrieve is associated. This argument may be a full URL, in which case any data following the URL path (e.g. the query string) is simply ignored. If host permissions for this URL are not specified in the manifest file, the API call will fail."},
"name": {"type": "string", "description": "The name of the cookie to retrieve."},
- "storeId": {"type": "string", "optional": true, "description": "The ID of the cookie store in which to look for the cookie. By default, the current execution context's cookie store will be used."}
+ "storeId": {"type": "string", "optional": true, "description": "The ID of the cookie store in which to look for the cookie. By default, the current execution context's cookie store will be used."},
+ "firstPartyDomain": {"type": "string", "optional": true, "description": "The first-party domain which the cookie to retrieve is associated. This attribute is required if First-Party Isolation is enabled."}
}
},
{
"type": "function",
"name": "callback",
"parameters": [
{
"name": "cookie", "$ref": "Cookie", "optional": true, "description": "Contains details about the cookie. This parameter is null if no such cookie was found."
@@ -96,17 +98,18 @@
"description": "Information to filter the cookies being retrieved.",
"properties": {
"url": {"type": "string", "optional": true, "description": "Restricts the retrieved cookies to those that would match the given URL."},
"name": {"type": "string", "optional": true, "description": "Filters the cookies by name."},
"domain": {"type": "string", "optional": true, "description": "Restricts the retrieved cookies to those whose domains match or are subdomains of this one."},
"path": {"type": "string", "optional": true, "description": "Restricts the retrieved cookies to those whose path exactly matches this string."},
"secure": {"type": "boolean", "optional": true, "description": "Filters the cookies by their Secure property."},
"session": {"type": "boolean", "optional": true, "description": "Filters out session vs. persistent cookies."},
- "storeId": {"type": "string", "optional": true, "description": "The cookie store to retrieve cookies from. If omitted, the current execution context's cookie store will be used."}
+ "storeId": {"type": "string", "optional": true, "description": "The cookie store to retrieve cookies from. If omitted, the current execution context's cookie store will be used."},
+ "firstPartyDomain": {"type": "string", "optional": "omit-key-if-missing", "description": "Restricts the retrieved cookies to those whose first-party domains match this one. This attribute is required if First-Party Isolation is enabled. To not filter by a specific first-party domain, use `null` or `undefined`."}
}
},
{
"type": "function",
"name": "callback",
"parameters": [
{
"name": "cookies", "type": "array", "items": {"$ref": "Cookie"}, "description": "All the existing, unexpired cookies that match the given cookie info."
@@ -129,17 +132,18 @@
"url": {"type": "string", "description": "The request-URI to associate with the setting of the cookie. This value can affect the default domain and path values of the created cookie. If host permissions for this URL are not specified in the manifest file, the API call will fail."},
"name": {"type": "string", "optional": true, "description": "The name of the cookie. Empty by default if omitted."},
"value": {"type": "string", "optional": true, "description": "The value of the cookie. Empty by default if omitted."},
"domain": {"type": "string", "optional": true, "description": "The domain of the cookie. If omitted, the cookie becomes a host-only cookie."},
"path": {"type": "string", "optional": true, "description": "The path of the cookie. Defaults to the path portion of the url parameter."},
"secure": {"type": "boolean", "optional": true, "description": "Whether the cookie should be marked as Secure. Defaults to false."},
"httpOnly": {"type": "boolean", "optional": true, "description": "Whether the cookie should be marked as HttpOnly. Defaults to false."},
"expirationDate": {"type": "number", "optional": true, "description": "The expiration date of the cookie as the number of seconds since the UNIX epoch. If omitted, the cookie becomes a session cookie."},
- "storeId": {"type": "string", "optional": true, "description": "The ID of the cookie store in which to set the cookie. By default, the cookie is set in the current execution context's cookie store."}
+ "storeId": {"type": "string", "optional": true, "description": "The ID of the cookie store in which to set the cookie. By default, the cookie is set in the current execution context's cookie store."},
+ "firstPartyDomain": {"type": "string", "optional": true, "description": "The first-party domain of the cookie. This attribute is required if First-Party Isolation is enabled."}
}
},
{
"type": "function",
"name": "callback",
"optional": true,
"parameters": [
{
@@ -157,33 +161,35 @@
"parameters": [
{
"type": "object",
"name": "details",
"description": "Information to identify the cookie to remove.",
"properties": {
"url": {"type": "string", "description": "The URL associated with the cookie. If host permissions for this URL are not specified in the manifest file, the API call will fail."},
"name": {"type": "string", "description": "The name of the cookie to remove."},
- "storeId": {"type": "string", "optional": true, "description": "The ID of the cookie store to look in for the cookie. If unspecified, the cookie is looked for by default in the current execution context's cookie store."}
+ "storeId": {"type": "string", "optional": true, "description": "The ID of the cookie store to look in for the cookie. If unspecified, the cookie is looked for by default in the current execution context's cookie store."},
+ "firstPartyDomain": {"type": "string", "optional": true, "description": "The first-party domain associated with the cookie. This attribute is required if First-Party Isolation is enabled."}
}
},
{
"type": "function",
"name": "callback",
"optional": true,
"parameters": [
{
"name": "details",
"type": "object",
"description": "Contains details about the cookie that's been removed. If removal failed for any reason, this will be \"null\", and $(ref:runtime.lastError) will be set.",
"optional": true,
"properties": {
"url": {"type": "string", "description": "The URL associated with the cookie that's been removed."},
"name": {"type": "string", "description": "The name of the cookie that's been removed."},
- "storeId": {"type": "string", "description": "The ID of the cookie store from which the cookie was removed."}
+ "storeId": {"type": "string", "description": "The ID of the cookie store from which the cookie was removed."},
+ "firstPartyDomain": {"type": "string", "description": "The first-party domain associated with the cookie that's been removed."}
}
}
]
}
]
},
{
"name": "getAllCookieStores",