Disable <meta http-equiv=set-cookie>
This commit is contained in:
parent
6c6cadc8de
commit
2e3a0eefbd
|
@ -304,7 +304,8 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
|
||||||
|
|
||||||
mDocument->SetHeaderData(aHeader, aValue);
|
mDocument->SetHeaderData(aHeader, aValue);
|
||||||
|
|
||||||
if (aHeader == nsGkAtoms::setcookie) {
|
if (aHeader == nsGkAtoms::setcookie &&
|
||||||
|
Preferences::GetBool("dom.meta-set-cookie.enabled", true)) {
|
||||||
// Don't allow setting cookies in cookie-averse documents.
|
// Don't allow setting cookies in cookie-averse documents.
|
||||||
if (mDocument->IsCookieAverse()) {
|
if (mDocument->IsCookieAverse()) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can2=has2";
|
document.cookie = "can2=has2";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta2=tag2
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta3=tag3">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can3=has3";
|
document.cookie = "can3=has3";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta3=tag3
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can2=has2";
|
document.cookie = "can2=has2";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta2=tag2
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -3,7 +3,6 @@
|
||||||
<head>
|
<head>
|
||||||
<link rel="stylesheet" type="text/css" media="all" href="http://example.org/tests/extensions/cookie/test/test1.css" />
|
<link rel="stylesheet" type="text/css" media="all" href="http://example.org/tests/extensions/cookie/test/test1.css" />
|
||||||
<link rel="stylesheet" type="text/css" media="all" href="http://example.com/tests/extensions/cookie/test/test2.css" />
|
<link rel="stylesheet" type="text/css" media="all" href="http://example.com/tests/extensions/cookie/test/test2.css" />
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
function runTest() {
|
function runTest() {
|
||||||
document.cookie = "can2=has2";
|
document.cookie = "can2=has2";
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta2=tag2
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
function runTest() {
|
function runTest() {
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.cookie = "can=has";
|
document.cookie = "can=has";
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Set-Cookie: meta=tag
|
|
@ -6,16 +6,27 @@ support-files =
|
||||||
damonbowling.jpg^headers^
|
damonbowling.jpg^headers^
|
||||||
file_chromecommon.js
|
file_chromecommon.js
|
||||||
file_domain_hierarchy_inner.html
|
file_domain_hierarchy_inner.html
|
||||||
|
file_domain_hierarchy_inner.html^headers^
|
||||||
file_domain_hierarchy_inner_inner.html
|
file_domain_hierarchy_inner_inner.html
|
||||||
|
file_domain_hierarchy_inner_inner.html^headers^
|
||||||
file_domain_hierarchy_inner_inner_inner.html
|
file_domain_hierarchy_inner_inner_inner.html
|
||||||
|
file_domain_hierarchy_inner_inner_inner.html^headers^
|
||||||
file_domain_inner.html
|
file_domain_inner.html
|
||||||
|
file_domain_inner.html^headers^
|
||||||
file_domain_inner_inner.html
|
file_domain_inner_inner.html
|
||||||
|
file_domain_inner_inner.html^headers^
|
||||||
file_image_inner.html
|
file_image_inner.html
|
||||||
|
file_image_inner.html^headers^
|
||||||
file_image_inner_inner.html
|
file_image_inner_inner.html
|
||||||
|
file_image_inner_inner.html^headers^
|
||||||
file_loadflags_inner.html
|
file_loadflags_inner.html
|
||||||
|
file_loadflags_inner.html^headers^
|
||||||
file_localhost_inner.html
|
file_localhost_inner.html
|
||||||
|
file_localhost_inner.html^headers^
|
||||||
file_loopback_inner.html
|
file_loopback_inner.html
|
||||||
|
file_loopback_inner.html^headers^
|
||||||
file_subdomain_inner.html
|
file_subdomain_inner.html
|
||||||
|
file_subdomain_inner.html^headers^
|
||||||
file_testcommon.js
|
file_testcommon.js
|
||||||
file_testloadflags.js
|
file_testloadflags.js
|
||||||
file_testloadflags_chromescript.js
|
file_testloadflags_chromescript.js
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
</head>
|
</head>
|
||||||
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
|
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 4, 2)">
|
||||||
<p id="display"></p>
|
<p id="display"></p>
|
||||||
<pre id="test">
|
<pre id="test">
|
||||||
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
</head>
|
</head>
|
||||||
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
|
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
|
||||||
<p id="display"></p>
|
<p id="display"></p>
|
||||||
<pre id="test">
|
<pre id="test">
|
||||||
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
</head>
|
</head>
|
||||||
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
|
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
|
||||||
<p id="display"></p>
|
<p id="display"></p>
|
||||||
<pre id="test">
|
<pre id="test">
|
||||||
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
</head>
|
</head>
|
||||||
<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
|
<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
|
||||||
<p id="display"></p>
|
<p id="display"></p>
|
||||||
<pre id="test">
|
<pre id="test">
|
||||||
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
</head>
|
</head>
|
||||||
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
|
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 4, 2)">
|
||||||
<p id="display"></p>
|
<p id="display"></p>
|
||||||
<pre id="test">
|
<pre id="test">
|
||||||
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
<script class="testbody" type="text/javascript" src="file_testcommon.js">
|
||||||
|
|
|
@ -5188,6 +5188,9 @@ pref("intl.allow-insecure-text-input", false);
|
||||||
// Enable meta-viewport support in remote APZ-enabled frames.
|
// Enable meta-viewport support in remote APZ-enabled frames.
|
||||||
pref("dom.meta-viewport.enabled", false);
|
pref("dom.meta-viewport.enabled", false);
|
||||||
|
|
||||||
|
// Disable <meta http-equiv=set-cookie> support. See m-c bug 1457503 / UXP #1102.
|
||||||
|
pref("dom.meta-set-cookie.enabled", false);
|
||||||
|
|
||||||
// MozSettings debugging prefs for each component
|
// MozSettings debugging prefs for each component
|
||||||
pref("dom.mozSettings.SettingsDB.debug.enabled", false);
|
pref("dom.mozSettings.SettingsDB.debug.enabled", false);
|
||||||
pref("dom.mozSettings.SettingsManager.debug.enabled", false);
|
pref("dom.mozSettings.SettingsManager.debug.enabled", false);
|
||||||
|
|
Loading…
Reference in New Issue