OSSForks/ladybird
1
0
Fork 0
mirror of https://github.com/zebrajr/ladybird.git synced 2025-12-06 00:19:53 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

LibWeb: Respect IncludeCredentials for Set-Cookie during fetch

Browse Source 
Per https://fetch.spec.whatwg.org/#http-network-fetch, Set-Cookie should
only store a cookie if IncludeCredentials::Yes is set. Fixes 1 web
platform test.
This commit is contained in:
Julian Dominguez-Schatz 2025-08-23 03:49:58 -04:00 committed by Tim Ledbetter
parent a7f85e1349
commit 4e3387778e
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
View File

@ -2315,6 +2315,7 @@ WebIDL::ExceptionOr<GC::Ref<PendingResponse>> nonstandard_resource_loader_file_o
load_request.set_url(request->current_url());
load_request.set_page(page);
load_request.set_method(ByteString::copy(request->method()));
load_request.set_store_set_cookie_headers(include_credentials == IncludeCredentials::Yes);
for (auto const& header : *request->header_list())
load_request.set_header(ByteString::copy(header.name), ByteString::copy(header.value));

4
Libraries/LibWeb/Loader/LoadRequest.h
View File

@ -41,6 +41,9 @@ public:
ByteBuffer const& body() const { return m_body; }
void set_body(ByteBuffer body) { m_body = move(body); }
bool store_set_cookie_headers() const { return m_store_set_cookie_headers; }
void set_store_set_cookie_headers(bool store_set_cookie_headers) { m_store_set_cookie_headers = store_set_cookie_headers; }
void start_timer() { m_load_timer.start(); }
AK::Duration load_time() const { return m_load_timer.elapsed_time(); }
@ -84,6 +87,7 @@ private:
Core::ElapsedTimer m_load_timer;
GC::Root<Page> m_page;
bool m_main_resource { false };
bool m_store_set_cookie_headers { true };
};
}

11
Libraries/LibWeb/Loader/ResourceLoader.cpp
View File

@ -575,9 +575,14 @@ void ResourceLoader::handle_network_response_headers(LoadRequest const& request,
if (!request.page())
return;
for (auto const& [header, value] : response_headers.headers()) {
if (header.equals_ignoring_ascii_case("Set-Cookie"sv)) {
store_response_cookies(*request.page(), request.url().value(), value);
if (request.store_set_cookie_headers()) {
// From https://fetch.spec.whatwg.org/#concept-http-network-fetch:
// 15. If includeCredentials is true, then the user agent should parse and store response
// `Set-Cookie` headers given request and response.
for (auto const& [header, value] : response_headers.headers()) {
if (header.equals_ignoring_ascii_case("Set-Cookie"sv)) {
store_response_cookies(*request.page(), request.url().value(), value);
}
}
}