Bug 1543219 - Allow Mailnews to check protocol flags for cookie permi…

…ssions. r=jorgk This reinstates nsIProtocolHandler::URI_FORBIDS_COOKIE_ACCESS removed in bug 1517057, Part 1, rev 23a0332b18a1
trman · May 2, 2019 · 0a06472 · 0a06472
1 parent 9deae97
commit 0a06472
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/netwerk/base/nsIProtocolHandler.idl b/netwerk/base/nsIProtocolHandler.idl
@@ -330,4 +330,10 @@ interface nsIProtocolHandler : nsISupports
      * The URIs for this protocol can not be loaded into private contexts.
      */
     const unsigned long URI_DISALLOW_IN_PRIVATE_CONTEXT = (1 << 22);
+
+    /**
+     * This protocol handler forbids accessing cookies e.g. for mail related
+     * protocols. Only used in Mailnews (comm-central).
+     */
+    const unsigned long URI_FORBIDS_COOKIE_ACCESS = (1 << 23);
 };
diff --git a/netwerk/cookie/CookieSettings.cpp b/netwerk/cookie/CookieSettings.cpp
@@ -7,6 +7,9 @@
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/Unused.h"
 #include "nsGlobalWindowInner.h"
+#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
+#  include "nsIProtocolHandler.h"
+#endif
 #include "nsPermission.h"
 #include "nsPermissionManager.h"
 
@@ -134,8 +137,23 @@ CookieSettings::CookiePermission(nsIPrincipal* aPrincipal,
     return NS_ERROR_FAILURE;
   }
 
-  rv = pm->TestPermissionFromPrincipal(aPrincipal, NS_LITERAL_CSTRING("cookie"),
-                                       aCookiePermission);
+#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
+  // Check if this protocol doesn't allow cookies.
+  bool hasFlags;
+  nsCOMPtr<nsIURI> uri;
+  aPrincipal->GetURI(getter_AddRefs(uri));
+  rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_FORBIDS_COOKIE_ACCESS,
+                           &hasFlags);
+  if (NS_FAILED(rv) || hasFlags) {
+    *aCookiePermission = nsPermissionManager::DENY_ACTION;
+    rv = NS_OK;  // Reset, so it's not caught as a bad status after the `else`.
+  } else         // Note the tricky `else` which controls the call below.
+#endif
+
+    // Note that when compiled for Thunderbird/SeaMonkey, the following
+    // statement is controlled by the `else` in the `#ifdef` block above.
+    rv = pm->TestPermissionFromPrincipal(
+        aPrincipal, NS_LITERAL_CSTRING("cookie"), aCookiePermission);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }