--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -147,16 +147,17 @@ int32_t nsContentSink::sInteractiveDefle
int32_t nsContentSink::sPerfDeflectCount;
int32_t nsContentSink::sPendingEventMode;
int32_t nsContentSink::sEventProbeRate;
int32_t nsContentSink::sInteractiveParseTime;
int32_t nsContentSink::sPerfParseTime;
int32_t nsContentSink::sInteractiveTime;
int32_t nsContentSink::sInitialPerfTime;
int32_t nsContentSink::sEnablePerfMode;
+bool nsContentSink::sDisableMetaCookie;
void
nsContentSink::InitializeStatics()
{
Preferences::AddBoolVarCache(&sNotifyOnTimer,
"content.notify.ontimer", true);
// -1 means never.
Preferences::AddIntVarCache(&sBackoffCount,
@@ -183,16 +184,19 @@ nsContentSink::InitializeStatics()
Preferences::AddIntVarCache(&sPerfParseTime,
"content.sink.perf_parse_time", 360000);
Preferences::AddIntVarCache(&sInteractiveTime,
"content.sink.interactive_time", 750000);
Preferences::AddIntVarCache(&sInitialPerfTime,
"content.sink.initial_perf_time", 2000000);
Preferences::AddIntVarCache(&sEnablePerfMode,
"content.sink.enable_perf_mode", 0);
+
+ Preferences::AddBoolVarCache(&sDisableMetaCookie,
+ "content.cookie.meta.disabled", false);
}
nsresult
nsContentSink::Init(nsIDocument* aDoc,
nsIURI* aURI,
nsISupports* aContainer,
nsIChannel* aChannel)
{
@@ -309,17 +313,17 @@ nsresult
nsContentSink::ProcessHeaderData(nsAtom* aHeader, const nsAString& aValue,
nsIContent* aContent)
{
nsresult rv = NS_OK;
// necko doesn't process headers coming in from the parser
mDocument->SetHeaderData(aHeader, aValue);
- if (aHeader == nsGkAtoms::setcookie) {
+ if (aHeader == nsGkAtoms::setcookie && !sDisableMetaCookie) {
// Note: Necko already handles cookies set via the channel. We can't just
// call SetCookie on the channel because we want to do some security checks
// here.
nsCOMPtr<nsICookieService> cookieServ =
do_GetService(NS_COOKIESERVICE_CONTRACTID, &rv);
if (NS_FAILED(rv)) {
return rv;
}
@@ -831,17 +835,17 @@ nsContentSink::ProcessMETATag(nsIContent
nsContentUtils::ASCIIToLower(header);
if (nsGkAtoms::refresh->Equals(header) &&
(mDocument->GetSandboxFlags() & SANDBOXED_AUTOMATIC_FEATURES)) {
return NS_OK;
}
// Don't allow setting cookies in <meta http-equiv> in cookie averse
// documents.
- if (nsGkAtoms::setcookie->Equals(header) && mDocument->IsCookieAverse()) {
+ if (nsGkAtoms::setcookie->Equals(header) && mDocument->IsCookieAverse() && !sDisableMetaCookie) {
return NS_OK;
}
nsAutoString result;
element->GetAttr(kNameSpaceID_None, nsGkAtoms::content, result);
if (!result.IsEmpty()) {
RefPtr<nsAtom> fieldAtom(NS_Atomize(header));
rv = ProcessHeaderData(fieldAtom, result, element);
--- a/dom/base/nsContentSink.h
+++ b/dom/base/nsContentSink.h
@@ -362,11 +362,13 @@ protected:
static int32_t sInteractiveParseTime;
static int32_t sPerfParseTime;
// How long to be in interactive mode after an event
static int32_t sInteractiveTime;
// How long to stay in perf mode after initial loading
static int32_t sInitialPerfTime;
// Should we switch between perf-mode and interactive-mode
static int32_t sEnablePerfMode;
+ // Should we disable support for Meta cookies
+ static bool sDisableMetaCookie;
};
#endif // _nsContentSink_h_
--- a/extensions/cookie/test/file_domain_hierarchy_inner.html
+++ b/extensions/cookie/test/file_domain_hierarchy_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("message", "http://mochi.test:8888");
</script>
<body>
--- a/extensions/cookie/test/file_domain_hierarchy_inner_inner.html
+++ b/extensions/cookie/test/file_domain_hierarchy_inner_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
document.cookie = "can2=has2";
// send a message to our test document, to say we're done loading
window.parent.opener.postMessage("message", "http://mochi.test:8888");
</script>
<body>
--- a/extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html
+++ b/extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta3=tag3">
<script type="text/javascript">
document.cookie = "can3=has3";
// send a message to our test document, to say we're done loading
window.parent.parent.opener.postMessage("message", "http://mochi.test:8888");
</script>
</head>
--- a/extensions/cookie/test/file_domain_inner.html
+++ b/extensions/cookie/test/file_domain_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("message", "http://mochi.test:8888");
</script>
<body>
--- a/extensions/cookie/test/file_domain_inner_inner.html
+++ b/extensions/cookie/test/file_domain_inner_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
document.cookie = "can2=has2";
// send a message to our test document, to say we're done loading
window.parent.opener.postMessage("message", "http://mochi.test:8888");
</script>
</head>
--- a/extensions/cookie/test/file_image_inner.html
+++ b/extensions/cookie/test/file_image_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("message", "http://mochi.test:8888");
</script>
</head>
--- a/extensions/cookie/test/file_image_inner_inner.html
+++ b/extensions/cookie/test/file_image_inner_inner.html
@@ -1,13 +1,14 @@
<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" type="text/css" media="all" href="http://example.org/tests/extensions/cookie/test/test1.css" />
<link rel="stylesheet" type="text/css" media="all" href="http://example.com/tests/extensions/cookie/test/test2.css" />
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
function runTest() {
document.cookie = "can2=has2";
// send a message to our test document, to say we're done loading
window.parent.opener.postMessage("message", "http://mochi.test:8888");
}
--- a/extensions/cookie/test/file_loadflags_inner.html
+++ b/extensions/cookie/test/file_loadflags_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
function runTest() {
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("f_lf_i msg data img", "http://mochi.test:8888");
}
--- a/extensions/cookie/test/file_localhost_inner.html
+++ b/extensions/cookie/test/file_localhost_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("message", "http://mochi.test:8888");
</script>
<body>
--- a/extensions/cookie/test/file_loopback_inner.html
+++ b/extensions/cookie/test/file_loopback_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("message", "http://mochi.test:8888");
</script>
<body>
--- a/extensions/cookie/test/file_subdomain_inner.html
+++ b/extensions/cookie/test/file_subdomain_inner.html
@@ -1,11 +1,12 @@
<!DOCTYPE HTML>
<html>
<head>
+ <!-- Meta cookies are no longer supported -->
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";
// send a message to our test document, to say we're done loading
window.opener.postMessage("message", "http://mochi.test:8888");
</script>
<body>
--- a/extensions/cookie/test/mochitest.ini
+++ b/extensions/cookie/test/mochitest.ini
@@ -1,9 +1,10 @@
[DEFAULT]
+prefs = content.cookie.meta.disabled=true
support-files =
beltzner.jpg
beltzner.jpg^headers^
file_chromecommon.js
file_domain_hierarchy_inner.html
file_domain_hierarchy_inner_inner.html
file_domain_hierarchy_inner_inner_inner.html
file_domain_inner.html
--- a/extensions/cookie/test/test_different_domain_in_hierarchy.html
+++ b/extensions/cookie/test/test_different_domain_in_hierarchy.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test cookie requests from within a window hierarchy of different base domains</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_hierarchy_inner.html', 3, 3)">
+<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_hierarchy_inner.html', 2, 3)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_differentdomain.html
+++ b/extensions/cookie/test/test_differentdomain.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://example.com/tests/extensions/cookie/test/file_domain_inner.html', 3, 2)">
+<body onload="setupTest('http://example.com/tests/extensions/cookie/test/file_domain_inner.html', 2, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_image.html
+++ b/extensions/cookie/test/test_image.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_image_inner.html', 7, 3)">
+<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_image_inner.html', 5, 3)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js"></script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_loadflags.html
+++ b/extensions/cookie/test/test_loadflags.html
@@ -2,20 +2,20 @@
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<!--
- *5 cookies: 1+1 from file_testloadflags.js, 2 from file_loadflags_inner.html + 1 from beltzner.jpg.
+ *4 cookies: 1+1 from file_testloadflags.js, 1 from file_loadflags_inner.html + 1 from beltzner.jpg.
*1 load: file_loadflags_inner.html.
*2 headers: 1 for file_loadflags_inner.html + 1 for beltzner.jpg.
-->
-<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_loadflags_inner.html', 'example.org', 5, 2, 2)">
+<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_loadflags_inner.html', 'example.org', 4, 2, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testloadflags.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_same_base_domain.html
+++ b/extensions/cookie/test/test_same_base_domain.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
+<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_same_base_domain_2.html
+++ b/extensions/cookie/test/test_same_base_domain_2.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
+<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_same_base_domain_3.html
+++ b/extensions/cookie/test/test_same_base_domain_3.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
+<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_same_base_domain_4.html
+++ b/extensions/cookie/test/test_same_base_domain_4.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://mochi.test:8888/tests/extensions/cookie/test/file_localhost_inner.html', 5, 2)">
+<body onload="setupTest('http://mochi.test:8888/tests/extensions/cookie/test/file_localhost_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_same_base_domain_5.html
+++ b/extensions/cookie/test/test_same_base_domain_5.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
+<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_same_base_domain_6.html
+++ b/extensions/cookie/test/test_same_base_domain_6.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://127.0.0.1:8888/tests/extensions/cookie/test/file_loopback_inner.html', 5, 2)">
+<body onload="setupTest('http://127.0.0.1:8888/tests/extensions/cookie/test/file_loopback_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/extensions/cookie/test/test_samedomain.html
+++ b/extensions/cookie/test/test_samedomain.html
@@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Cross domain access to properties</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
-<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
+<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 3, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">
</script>
</pre>
</body>
</html>
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1255,16 +1255,18 @@ pref("dom.cycle_collector.incremental",
// Whether to shim a Components object on untrusted windows.
#ifdef NIGHTLY_BUILD
pref("dom.use_components_shim", false);
#else // NIGHTLY_BUILD
pref("dom.use_components_shim", true);
#endif // NIGHTLY_BUILD
+pref("content.cookie.meta.disabled", true);
+
// Parsing perf prefs. For now just mimic what the old code did.
#ifndef XP_WIN
pref("content.sink.pending_event_mode", 0);
#endif
// Disable popups from plugins by default
// 0 = openAllowed
// 1 = openControlled
--- a/testing/web-platform/meta/cookies/meta-blocked.html.ini
+++ b/testing/web-platform/meta/cookies/meta-blocked.html.ini
@@ -1,4 +1,2 @@
[meta-blocked.html]
- [Cookie is not set from `<meta>`.]
- expected: FAIL
-
+ prefs: [content.cookie.meta.disabled:false]