SameSite=None cookies should be rejected unless the Secure attribute is set.

author: Siwei Li <siwei.li@live.com> 2023-01-14 16:14:26 -0800
committer: Siwei Li <siwei.li@live.com> 2023-01-14 17:35:03 -0800
commit: 81242200168043bd71295845df10206cd47a227a (patch)
tree: 05165e3cd5dfdea6541a0911b84a239ac04f2dfe /libsoup
parent: c009aefa3749f99fcbacac050ee3e0cf779be463 (diff)
download: libsoup-81242200168043bd71295845df10206cd47a227a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libsoup/cookies/soup-cookie-jar.c b/libsoup/cookies/soup-cookie-jar.c
index 35c1d7b3..2cc1d410 100644
--- a/libsoup/cookies/soup-cookie-jar.c
+++ b/libsoup/cookies/soup-cookie-jar.c
@@ -618,6 +618,12 @@ soup_cookie_jar_add_cookie_full (SoupCookieJar *jar, SoupCookie *cookie, GUri *u
 		return;
 	}
 
+	/* SameSite=None cookies are rejected unless the Secure attribute is set. */
+	if (soup_cookie_get_same_site_policy (cookie) == SOUP_SAME_SITE_POLICY_NONE && !soup_cookie_get_secure (cookie)) {
+		soup_cookie_free (cookie);
+		return;
+	}
+
         g_mutex_lock (&priv->mutex);
 
 	old_cookies = g_hash_table_lookup (priv->domains, soup_cookie_get_domain (cookie));
author	Siwei Li <siwei.li@live.com>	2023-01-14 16:14:26 -0800
committer	Siwei Li <siwei.li@live.com>	2023-01-14 17:35:03 -0800
commit	81242200168043bd71295845df10206cd47a227a (patch)
tree	05165e3cd5dfdea6541a0911b84a239ac04f2dfe /libsoup
parent	c009aefa3749f99fcbacac050ee3e0cf779be463 (diff)
download	libsoup-81242200168043bd71295845df10206cd47a227a.tar.gz