[or-cvs] [https-everywhere/master 6/7] We can now set the secure flag on cookies!
pde at torproject.org
pde at torproject.org
Thu Nov 11 00:28:02 UTC 2010
Author: Peter Eckersley <pde at eff.org>
Date: Wed, 10 Nov 2010 14:29:49 -0800
Subject: We can now set the secure flag on cookies!
Commit: 5e80b3cee972c6eb0c946e269b2faa55bad63828
---
src/chrome/content/code/HTTPS.js | 18 +++++++++++++--
src/chrome/content/code/HTTPSRules.js | 36 +++++++++++++++++---------------
src/components/https-everywhere.js | 5 ++++
3 files changed, 39 insertions(+), 20 deletions(-)
diff --git a/src/chrome/content/code/HTTPS.js b/src/chrome/content/code/HTTPS.js
index 53665b1..3ac96f5 100644
--- a/src/chrome/content/code/HTTPS.js
+++ b/src/chrome/content/code/HTTPS.js
@@ -1,4 +1,4 @@
-//INCLUDE('STS', 'Cookie');
+INCLUDE('Cookie');
// XXX: Disable STS for now.
var STS = {
isSTSURI : function(uri) {
@@ -144,10 +144,21 @@ const HTTPS = {
registered: false,
handleSecureCookies: function(req) {
+ try {
+ req = req.QueryInterface(CI.nsIHttpChannel);
+ } catch(e) {
+ this.log(WARN, "Request is not an nsIHttpChannel: " + req);
+ return;
+ }
if (!this.secureCookies) return;
var uri = req.URI;
+ if (!uri) {
+ this.log(WARN,"No URI inside request " +req);
+ return;
+ }
+ this.log(VERB, "Cookie hunting in" + uri.spec);
- if (uri.schemeIs("https") && (req instanceof CI.nsIHttpChannel)) {
+ if (uri.schemeIs("https")) {
var host = uri.host;
try {
var cookies = req.getResponseHeader("Set-Cookie");
@@ -158,11 +169,12 @@ const HTTPS = {
if (!cookies) return;
var c;
for each (var cs in cookies.split("\n")) {
+ this.log(DBUG, "Examining cookie: ");
c = new Cookie(cs, host);
if (!c.secure && HTTPSRules.should_secure_cookie(c)) {
+ this.log(INFO, "Securing cookie: " + c.domain + " " + c.name);
c.secure = true;
req.setResponseHeader("Set-Cookie", c.source + ";Secure", true);
- this.log(WARN,msg + c);
}
}
diff --git a/src/chrome/content/code/HTTPSRules.js b/src/chrome/content/code/HTTPSRules.js
index b6ac193..f027470 100644
--- a/src/chrome/content/code/HTTPSRules.js
+++ b/src/chrome/content/code/HTTPSRules.js
@@ -12,8 +12,8 @@ function Exclusion(pattern) {
function CookieRule(host, cookiename) {
this.host = host
this.host_c = new RegExp(host);
- this.cookiename = cookiename;
- this.cookiename_c = new RegExp(cookiename);
+ this.name = cookiename;
+ this.name_c = new RegExp(cookiename);
}
function RuleSet(name, match_rule, default_off) {
@@ -232,7 +232,7 @@ const RuleWriter = {
var c_rule = new CookieRule(xmlrules.securecookie[i]. at host,
xmlrules.securecookie[i]. at name);
ret.cookierules.push(c_rule);
- this.log(DBUG,"Cookie rule "+ c_rule.host+ " " +c_rule.cookiename);
+ this.log(DBUG,"Cookie rule "+ c_rule.host+ " " +c_rule.name);
}
return ret;
@@ -304,21 +304,23 @@ const HTTPSRules = {
return null;
},
- should_secure_cookie: function(cookie) {
- var i = 0;
- for (i = 0; i < this.cookierules.length; ++i) {
- this.log(DBUG, "Testing cookie:");
- this.log(DBUG, " name: " + c.name);
- this.log(DBUG, " host: " + c.host);
- this.log(DBUG, " domain: " + c.domain);
- this.log(DBUG, " rawhost: " + c.rawHost);
- var cr = this.cookierules[i];
- if (cr.host_c.test(c.host) && cr.name_c.test(c.name)) {
- return true;
- } else {
- return false;
+ should_secure_cookie: function(c) {
+ // Check to see if the Cookie object c meets any of our cookierule citeria
+ // for being marked as secure
+ this.log(DBUG, "Testing cookie:");
+ this.log(DBUG, " name: " + c.name);
+ this.log(DBUG, " host: " + c.host);
+ this.log(DBUG, " domain: " + c.domain);
+ this.log(DBUG, " rawhost: " + c.rawHost);
+ var i,j;
+ // XXX lots of optimisation could happen here
+ for (i = 0; i < this.rules.length; ++i)
+ for (j = 0; j < this.rules[i].cookierules.length; j++) {
+ var cr = this.rules[i].cookierules[j];
+ if (cr.host_c.test(c.host) && cr.name_c.test(c.name))
+ return true;
}
- }
+ return false;
}
};
diff --git a/src/components/https-everywhere.js b/src/components/https-everywhere.js
index aa5bc6e..ed23796 100644
--- a/src/components/https-everywhere.js
+++ b/src/components/https-everywhere.js
@@ -222,7 +222,11 @@ HTTPSEverywhere.prototype = {
return;
}
HTTPS.forceChannel(channel);
+ } else if (topic == "http-on-examine-response") {
+ this.log(DBUG, "Got http-on-examine-response ");
+ HTTPS.handleSecureCookies(channel);
} else if (topic == "http-on-examine-merged-response") {
+ this.log(DBUG, "Got http-on-examine-merged-response ");
HTTPS.handleSecureCookies(channel);
} else if (topic == "app-startup") {
this.log(DBUG,"Got app-startup");
@@ -236,6 +240,7 @@ HTTPSEverywhere.prototype = {
this.log(DBUG, "Got profile-after-change");
OS.addObserver(this, "http-on-modify-request", false);
OS.addObserver(this, "http-on-examine-merged-response", false);
+ OS.addObserver(this, "http-on-examine-response", false);
var dls = CC['@mozilla.org/docloaderservice;1']
.getService(CI.nsIWebProgress);
dls.addProgressListener(this, CI.nsIWebProgress.NOTIFY_STATE_REQUEST);
--
1.7.1
More information about the tor-commits
mailing list