[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
#14059: Revision of existing double key cookie logic to meet requirements
-----------------------------+----------------------------
Reporter: michael | Owner: michael
Type: defect | Status: needs_revision
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords:
Actual Points: | Parent ID: #3246
Points: |
-----------------------------+----------------------------
Changes (by gk):
* status: needs_information => needs_revision
* keywords: TorBrowserTeam201502R, GeorgKoppen201502R =>
Comment:
Second part of the review:
1) Please document why you use one time
`mThirdPartyUtil->GetFirstPartyURIFromChannel` and the other time
`mThirdPartyUtil->GetFirstPartyIsolationURI` and what that implies.
2) You can't reuse `requireHostMatch` in `SetCookieStringInternal` as this
would mean that the URL bar domain could influence unrelated cookies
checks which it must not do.
3)
{{{
// origin matches matches
}}}
4) There are several places where you just use `baseDomain` in
nsCookie::Create() which is especially consifusing in `GetCookieFromRow()`
as the first comment is talks about to skip reading the baseDomain what we
do that nevertheless. Could you add a comment on this baseDomain usage
please?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14059#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs