diff options
author | Amanda <afalke@igalia.com> | 2022-11-15 17:10:39 -0500 |
---|---|---|
committer | Amanda <afalke@igalia.com> | 2022-11-28 12:54:58 -0500 |
commit | efc5efba6db6478a5fcb8c938ef0dcd10b35b136 (patch) | |
tree | d60d5643741664522727f25de0981750232fb73a /libsoup | |
parent | 8d5f7c4355be873c812aba44bd2b5e30727511e2 (diff) | |
download | libsoup-efc5efba6db6478a5fcb8c938ef0dcd10b35b136.tar.gz |
cookie: Change default same-site value to Lax
As per https://datatracker.ietf.org/doc/html/draft-west-cookie-incrementalism-00,
the default value is now Lax.
This change was introduced in Chrome 80 and Firefox 96.
Diffstat (limited to 'libsoup')
-rw-r--r-- | libsoup/cookies/soup-cookie-jar-text.c | 4 | ||||
-rw-r--r-- | libsoup/cookies/soup-cookie.c | 16 |
2 files changed, 14 insertions, 6 deletions
diff --git a/libsoup/cookies/soup-cookie-jar-text.c b/libsoup/cookies/soup-cookie-jar-text.c index 274da259..cea09045 100644 --- a/libsoup/cookies/soup-cookie-jar-text.c +++ b/libsoup/cookies/soup-cookie-jar-text.c @@ -137,7 +137,7 @@ string_to_same_site_policy (const char *string) else if (strcmp (string, "None") == 0) return SOUP_SAME_SITE_POLICY_NONE; else - g_return_val_if_reached (SOUP_SAME_SITE_POLICY_NONE); + g_return_val_if_reached (SOUP_SAME_SITE_POLICY_LAX); } static const char * @@ -152,7 +152,7 @@ same_site_policy_to_string (SoupSameSitePolicy policy) return "None"; } - g_return_val_if_reached ("None"); + g_return_val_if_reached ("Lax"); } static SoupCookie* diff --git a/libsoup/cookies/soup-cookie.c b/libsoup/cookies/soup-cookie.c index deb62009..0945d632 100644 --- a/libsoup/cookies/soup-cookie.c +++ b/libsoup/cookies/soup-cookie.c @@ -170,6 +170,7 @@ parse_one_cookie (const char *header, GUri *origin) SoupCookie *cookie; cookie = g_slice_new0 (SoupCookie); + soup_cookie_set_same_site_policy (cookie, SOUP_SAME_SITE_POLICY_LAX); /* Parse the NAME */ start = skip_lws (header); @@ -233,15 +234,15 @@ parse_one_cookie (const char *header, GUri *origin) } else if (MATCH_NAME ("samesite")) { if (has_value) { char *policy = parse_value (&p, TRUE); - if (g_ascii_strcasecmp (policy, "Lax") == 0) - soup_cookie_set_same_site_policy (cookie, SOUP_SAME_SITE_POLICY_LAX); + if (g_ascii_strcasecmp (policy, "None") == 0) + soup_cookie_set_same_site_policy (cookie, SOUP_SAME_SITE_POLICY_NONE); else if (g_ascii_strcasecmp (policy, "Strict") == 0) soup_cookie_set_same_site_policy (cookie, SOUP_SAME_SITE_POLICY_STRICT); - /* There is an explicit "None" value which is the default. */ + /* There is an explicit "Lax" value which is the default */ g_free (policy); } /* Note that earlier versions of the same-site RFC treated invalid values as strict but - the latest revision simply ignores them. */ + the latest revision assigns invalid SameSite values to Lax. */ } else { /* Ignore unknown attributes, but we still have * to skip over the value. @@ -328,6 +329,7 @@ cookie_new_internal (const char *name, const char *value, cookie->domain = g_strdup (domain); cookie->path = g_strdup (path); soup_cookie_set_max_age (cookie, max_age); + cookie->same_site_policy = SOUP_SAME_SITE_POLICY_LAX; return cookie; } @@ -359,6 +361,9 @@ cookie_new_internal (const char *name, const char *value, * about setting the exact time that the cookie will expire, use * [method@Cookie.set_expires].) * + * As of version 3.4.0 the default value of a cookie's same-site-policy + * is %SOUP_SAME_SITE_POLICY_LAX. + * * Returns: a new #SoupCookie. **/ SoupCookie * @@ -397,6 +402,9 @@ soup_cookie_new (const char *name, const char *value, * appropriate string for the domain if you want to actually make use * of the cookie. * + * As of version 3.4.0 the default value of a cookie's same-site-policy + * is %SOUP_SAME_SITE_POLICY_LAX. + * * Returns: (nullable): a new #SoupCookie, or %NULL if it could * not be parsed, or contained an illegal "domain" attribute for a * cookie originating from @origin. |