[tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 19 13:45:17 UTC 2015
#14059: Revision of existing double key cookie logic to meet requirements
-----------------------------+----------------------------
Reporter: michael | Owner: michael
Type: defect | Status: needs_revision
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords:
Actual Points: | Parent ID: #3246
Points: |
-----------------------------+----------------------------
Changes (by gk):
* status: needs_information => needs_revision
* keywords: TorBrowserTeam201502R, GeorgKoppen201502R =>
Comment:
Second part of the review:
1) Please document why you use one time
`mThirdPartyUtil->GetFirstPartyURIFromChannel` and the other time
`mThirdPartyUtil->GetFirstPartyIsolationURI` and what that implies.
2) You can't reuse `requireHostMatch` in `SetCookieStringInternal` as this
would mean that the URL bar domain could influence unrelated cookies
checks which it must not do.
3)
{{{
// origin matches matches
}}}
4) There are several places where you just use `baseDomain` in
nsCookie::Create() which is especially consifusing in `GetCookieFromRow()`
as the first comment is talks about to skip reading the baseDomain what we
do that nevertheless. Could you add a comment on this baseDomain usage
please?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14059#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list