Bug 1351663 - Skip "optimization" if SameSite flag changes
After writing a unit test I discovered that updating a cookie's samesite
flag did not work. This is caused by an "optimization" that avoids
modifying a cookie if any of the cookie attributes were not changed.
This check did not account for the SameSite flag, until now.
A unit test for this will be added in a later commit, at
toolkit/components/extensions/test/xpcshell/test_ext_cookies_samesite.js
MozReview-Commit-ID: ChiwwqqOE57
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3701,24 +3701,25 @@ nsCookieService::AddInternal(const nsCoo
} else {
// If the old cookie is httponly, make sure we're not coming from script.
if (!aFromHttp && oldCookie->IsHttpOnly()) {
COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,
"previously stored cookie is httponly; coming from script");
return;
}
- // If the new cookie has the same value, expiry date, and isSecure,
- // isSession, and isHttpOnly flags then we can just keep the old one.
+ // If the new cookie has the same value, expiry date, isSecure, isSession,
+ // isHttpOnly and sameSite flags then we can just keep the old one.
// Only if any of these differ we would want to override the cookie.
if (oldCookie->Value().Equals(aCookie->Value()) &&
oldCookie->Expiry() == aCookie->Expiry() &&
oldCookie->IsSecure() == aCookie->IsSecure() &&
oldCookie->IsSession() == aCookie->IsSession() &&
oldCookie->IsHttpOnly() == aCookie->IsHttpOnly() &&
+ oldCookie->SameSite() == aCookie->SameSite() &&
// We don't want to perform this optimization if the cookie is
// considered stale, since in this case we would need to update the
// database.
!oldCookie->IsStale()) {
// Update the last access time on the old cookie.
oldCookie->SetLastAccessed(aCookie->LastAccessed());
UpdateCookieOldestTime(mDBState, oldCookie);
return;