static inline bool httpOnlyCookieExists(const GSList* cookies, const gchar* name, const gchar* path) { for (const GSList* iter = cookies; iter; iter = g_slist_next(iter)) { SoupCookie* cookie = static_cast<SoupCookie*>(iter->data); if (!strcmp(soup_cookie_get_name(cookie), name) && !g_strcmp0(soup_cookie_get_path(cookie), path)) { if (soup_cookie_get_http_only(cookie)) return true; break; } } return false; }
void setCookiesFromDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& value) { SoupCookieJar* jar = cookieJarForSession(session); if (!jar) return; GUniquePtr<SoupURI> origin = url.createSoupURI(); GUniquePtr<SoupURI> firstPartyURI = firstParty.createSoupURI(); // Get existing cookies for this origin. GSList* existingCookies = soup_cookie_jar_get_cookie_list(jar, origin.get(), TRUE); Vector<String> cookies; value.split('\n', cookies); const size_t cookiesCount = cookies.size(); for (size_t i = 0; i < cookiesCount; ++i) { GUniquePtr<SoupCookie> cookie(soup_cookie_parse(cookies[i].utf8().data(), origin.get())); if (!cookie) continue; // Make sure the cookie is not httpOnly since such cookies should not be set from JavaScript. if (soup_cookie_get_http_only(cookie.get())) continue; // Make sure we do not overwrite httpOnly cookies from JavaScript. if (httpOnlyCookieExists(existingCookies, soup_cookie_get_name(cookie.get()), soup_cookie_get_path(cookie.get()))) continue; soup_cookie_jar_add_cookie_with_first_party(jar, firstPartyURI.get(), cookie.release()); } soup_cookies_free(existingCookies); }
static gint _cookie_permission_manager_ask_for_policy(CookiePermissionManager *self, MidoriView *inView, SoupMessage *inMessage, GSList *inUnknownCookies) { /* Ask user for policy of unkndown domains in an undistracting way. * The idea is to put the message not in a modal window but into midori's info bar. * Then we'll set up our own GMainLoop to simulate a modal info bar. We need to * connect to all possible signals of info bar, web view and so on to handle user's * decision and to get out of our own GMainLoop. After that webkit resumes processing * data. */ CookiePermissionManagerPrivate *priv=self->priv; GtkWidget *infobar; /* FIXME: Find a way to add "details" widget */ #ifndef NO_INFOBAR_DETAILS GtkWidget *widget; GtkWidget *contentArea; GtkWidget *vbox, *hbox; GtkWidget *expander; GtkListStore *listStore; GtkTreeIter listIter; GtkWidget *scrolled; GtkWidget *list; GtkCellRenderer *renderer; GtkTreeViewColumn *column; #endif gchar *text; gint numberDomains, numberCookies; GSList *sortedCookies, *cookies; WebKitWebView *webkitView; CookiePermissionManagerModalInfobar *modalInfo; /* Get webkit view of midori view */ webkitView=WEBKIT_WEB_VIEW(midori_view_get_web_view(inView)); modalInfo=g_new0(CookiePermissionManagerModalInfobar, 1); /* Create a copy of cookies and sort them */ sortedCookies=_cookie_permission_manager_get_number_domains_and_cookies(self, inUnknownCookies, &numberDomains, &numberCookies); /* FIXME: Find a way to add "details" widget */ #ifndef NO_INFOBAR_DETAILS /* Create list model and fill in data */ listStore=gtk_list_store_new(N_COLUMN, G_TYPE_STRING, /* DOMAIN_COLUMN */ G_TYPE_STRING, /* PATH_COLUMN */ G_TYPE_STRING, /* NAME_COLUMN */ G_TYPE_STRING, /* VALUE_COLUMN */ G_TYPE_STRING /* EXPIRE_DATE_COLUMN */); for(cookies=sortedCookies; cookies; cookies=cookies->next) { SoupCookie *cookie=(SoupCookie*)cookies->data; SoupDate *cookieDate=soup_cookie_get_expires(cookie); if(cookieDate) text=soup_date_to_string(cookieDate, SOUP_DATE_HTTP); else text=g_strdup(_("Till session end")); gtk_list_store_append(listStore, &listIter); gtk_list_store_set(listStore, &listIter, DOMAIN_COLUMN, soup_cookie_get_domain(cookie), PATH_COLUMN, soup_cookie_get_path(cookie), NAME_COLUMN, soup_cookie_get_name(cookie), VALUE_COLUMN, soup_cookie_get_value(cookie), EXPIRE_DATE_COLUMN, text, -1); g_free(text); } #endif /* Create description text */ if(numberDomains==1) { const gchar *cookieDomain=soup_cookie_get_domain((SoupCookie*)sortedCookies->data); if(*cookieDomain=='.') cookieDomain++; if(numberCookies>1) text=g_strdup_printf(_("The website %s wants to store %d cookies."), cookieDomain, numberCookies); else text=g_strdup_printf(_("The website %s wants to store a cookie."), cookieDomain); } else { text=g_strdup_printf(_("Multiple websites want to store %d cookies in total."), numberCookies); } /* Create info bar message and buttons */ infobar=midori_view_add_info_bar(inView, GTK_MESSAGE_QUESTION, text, G_CALLBACK(_cookie_permission_manager_on_infobar_policy_decision), NULL, _("_Accept"), COOKIE_PERMISSION_MANAGER_POLICY_ACCEPT, _("Accept for this _session"), COOKIE_PERMISSION_MANAGER_POLICY_ACCEPT_FOR_SESSION, _("De_ny"), COOKIE_PERMISSION_MANAGER_POLICY_BLOCK, _("Deny _this time"), COOKIE_PERMISSION_MANAGER_POLICY_UNDETERMINED, NULL); g_free(text); /* midori_view_add_info_bar() in version 0.4.8 expects a GObject as user data * but I don't want to create an GObject just for a simple struct. So set object * data by our own */ g_object_set_data_full(G_OBJECT(infobar), "cookie-permission-manager-infobar-data", modalInfo, (GDestroyNotify)g_free); /* FIXME: Find a way to add "details" widget */ #ifndef NO_INFOBAR_DETAILS /* Get content area of infobar */ contentArea=gtk_info_bar_get_content_area(GTK_INFO_BAR(infobar)); /* Create list and set up columns of list */ list=gtk_tree_view_new_with_model(GTK_TREE_MODEL(listStore)); #ifndef HAVE_GTK3 gtk_widget_set_size_request(list, -1, 100); #endif renderer=gtk_cell_renderer_text_new(); column=gtk_tree_view_column_new_with_attributes(_("Domain"), renderer, "text", DOMAIN_COLUMN, NULL); gtk_tree_view_append_column(GTK_TREE_VIEW(list), column); renderer=gtk_cell_renderer_text_new(); column=gtk_tree_view_column_new_with_attributes(_("Path"), renderer, "text", PATH_COLUMN, NULL); gtk_tree_view_append_column(GTK_TREE_VIEW(list), column); renderer=gtk_cell_renderer_text_new(); column=gtk_tree_view_column_new_with_attributes(_("Name"), renderer, "text", NAME_COLUMN, NULL); gtk_tree_view_append_column(GTK_TREE_VIEW(list), column); renderer=gtk_cell_renderer_text_new(); column=gtk_tree_view_column_new_with_attributes(_("Value"), renderer, "text", VALUE_COLUMN, NULL); g_object_set(G_OBJECT(renderer), "ellipsize", PANGO_ELLIPSIZE_END, "width-chars", 30, NULL); gtk_tree_view_append_column(GTK_TREE_VIEW(list), column); renderer=gtk_cell_renderer_text_new(); column=gtk_tree_view_column_new_with_attributes(_("Expire date"), renderer, "text", EXPIRE_DATE_COLUMN, NULL); gtk_tree_view_append_column(GTK_TREE_VIEW(list), column); scrolled=gtk_scrolled_window_new(NULL, NULL); #ifdef HAVE_GTK3 gtk_scrolled_window_set_min_content_height(GTK_SCROLLED_WINDOW(scrolled), 100); #endif gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled), GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); gtk_container_add(GTK_CONTAINER(scrolled), list); gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled), GTK_SHADOW_IN); gtk_container_add(GTK_CONTAINER(expander), scrolled); gtk_widget_show_all(vbox); gtk_container_add(GTK_CONTAINER(contentArea), vbox); /* Set state of expander based on config 'show-details-when-ask' */ gtk_expander_set_expanded(GTK_EXPANDER(expander), midori_extension_get_boolean(priv->extension, "show-details-when-ask")); g_signal_connect_swapped(expander, "notify::expanded", G_CALLBACK(_cookie_permission_manager_when_ask_expander_changed), self); #endif /* Show all widgets of info bar */ gtk_widget_show_all(infobar); /* Connect signals to quit main loop */ g_signal_connect(webkitView, "navigation-policy-decision-requested", G_CALLBACK(_cookie_permission_manager_on_infobar_webview_navigate), infobar); g_signal_connect(infobar, "destroy", G_CALLBACK(_cookie_permission_manager_on_infobar_destroy), modalInfo); /* Let info bar be modal and set response to default */ modalInfo->response=COOKIE_PERMISSION_MANAGER_POLICY_UNDETERMINED; modalInfo->mainLoop=g_main_loop_new(NULL, FALSE); GDK_THREADS_LEAVE(); g_main_loop_run(modalInfo->mainLoop); GDK_THREADS_ENTER(); g_main_loop_unref(modalInfo->mainLoop); modalInfo->mainLoop=NULL; /* Disconnect signal handler to webkit's web view */ g_signal_handlers_disconnect_by_func(webkitView, G_CALLBACK(_cookie_permission_manager_on_infobar_webview_navigate), infobar); /* Store user's decision in database if it is not a temporary block. * We use the already sorted list of cookies to prevent multiple * updates of database for the same domain. This sorted list is a copy * to avoid a reorder of cookies */ if(modalInfo->response!=COOKIE_PERMISSION_MANAGER_POLICY_UNDETERMINED) { const gchar *lastDomain=NULL; /* Iterate through cookies and store decision for each domain once */ for(cookies=sortedCookies; cookies; cookies=cookies->next) { SoupCookie *cookie=(SoupCookie*)cookies->data; const gchar *cookieDomain=soup_cookie_get_domain(cookie); if(*cookieDomain=='.') cookieDomain++; /* Store decision if new domain found while iterating through cookies */ if(!lastDomain || g_ascii_strcasecmp(lastDomain, cookieDomain)!=0) { gchar *sql; gchar *error=NULL; gint success; sql=sqlite3_mprintf("INSERT OR REPLACE INTO policies (domain, value) VALUES ('%q', %d);", cookieDomain, modalInfo->response); success=sqlite3_exec(priv->database, sql, NULL, NULL, &error); if(success!=SQLITE_OK) g_warning(_("SQL fails: %s"), error); if(error) sqlite3_free(error); sqlite3_free(sql); lastDomain=cookieDomain; } } } /* Free up allocated resources */ g_slist_free(sortedCookies); /* Return response */ return(modalInfo->response==COOKIE_PERMISSION_MANAGER_POLICY_UNDETERMINED ? COOKIE_PERMISSION_MANAGER_POLICY_BLOCK : modalInfo->response); }